Bart in VA

Q: Removing False Flash Update Malware

Over the weekend my iMac received the bogus pop-up saying Adobe Flash needs an update. I verified that I indeed had the latest version for OS X. Now I get the pop-up every hour or so and I would like to get rid of it.

 

I never did click on the Download button. I tried Malwarebytes but it did not find any malware, which could be due to me not clicking on Download.

 

I apologize if this is off topic for OS X, but maybe someone could direct me where to go for help.

 

Thanks,

Bart

Using Chrome and El Capitan

iMac, OS X El Capitan (10.11.2)

Posted on Sep 20, 2016 4:34 AM

Close

Q: Removing False Flash Update Malware

  • All replies
  • Helpful answers

  • by BobHarris,

    BobHarris BobHarris Sep 20, 2016 5:55 AM in response to Bart in VA
    Level 6 (19,457 points)
    Mac OS X
    Sep 20, 2016 5:55 AM in response to Bart in VA

    Try MalwareBytes Anti-Malware (formally AdwareMedic)

    <https://www.malwarebytes.org/>

    There is a free option for Macs

  • by dialabrain,

    dialabrain dialabrain Sep 20, 2016 6:01 AM in response to Bart in VA
    Level 5 (6,246 points)
    Mac App Store
    Sep 20, 2016 6:01 AM in response to Bart in VA

    I guess Bob missed that you tried Malwarebytes already.

    Download and run EtreCheck and post the results.

    http://etrecheck.com/

  • by BobHarris,

    BobHarris BobHarris Sep 20, 2016 6:03 AM in response to dialabrain
    Level 6 (19,457 points)
    Mac OS X
    Sep 20, 2016 6:03 AM in response to dialabrain

    Sorry, yes I did miss that

  • by dialabrain,

    dialabrain dialabrain Sep 20, 2016 6:04 AM in response to BobHarris
    Level 5 (6,246 points)
    Mac App Store
    Sep 20, 2016 6:04 AM in response to BobHarris

    We all do it, Especially before coffee.

  • by BobHarris,

    BobHarris BobHarris Sep 20, 2016 6:06 AM in response to Bart in VA
    Level 6 (19,457 points)
    Mac OS X
    Sep 20, 2016 6:06 AM in response to Bart in VA

    I'll try again with another idea.  Maybe it is some cached Javascript.  Try the following link that explains how to clear the browser cache

    <https://guides.instructure.com/m/4214/l/334964-how-do-i-clear-my-browser-cache-o n-a-mac>

  • by Bart in VA,

    Bart in VA Bart in VA Sep 20, 2016 9:36 AM in response to dialabrain
    Level 1 (9 points)
    Mac OS X
    Sep 20, 2016 9:36 AM in response to dialabrain

    Sorry for the delay - I had a medical appt this morning.

     

    I downloaded etrecheck and double clicked on the icon. The icon briefly flashed and a green icon very briefly appeared in my dock and then nothing.  What should happen?

  • by mckeen.apple.ios,

    mckeen.apple.ios mckeen.apple.ios Sep 20, 2016 10:26 AM in response to Bart in VA
    Level 1 (17 points)
    Sep 20, 2016 10:26 AM in response to Bart in VA

    Besides Malwarebytes : go to Safari menu > Preferences > General > and make sure your homepage is not something insane.

     

    You can reset Chrome by going to the Chrome menu > Preferences > Settings > Look for "On Startup" and make sure the homepage isn't something insane.

  • by Bart in VA,

    Bart in VA Bart in VA Sep 20, 2016 11:53 AM in response to mckeen.apple.ios
    Level 1 (9 points)
    Mac OS X
    Sep 20, 2016 11:53 AM in response to mckeen.apple.ios

    I don't use Safari, but my home page is the same as always.

     

    I have seen nothing strange; only the Flash pop-up that returns every hour or two.

  • by Bart in VA,

    Bart in VA Bart in VA Sep 20, 2016 12:08 PM in response to dialabrain
    Level 1 (9 points)
    Mac OS X
    Sep 20, 2016 12:08 PM in response to dialabrain

    OK - I finally got etrecheck to run. The report is long but I will post below. One thing: several times I have checked my current Flash version at the Adobe site and found it to be current. As you know, Chrome usually keeps it up to date automatically.

     

    EtreCheck version: 3.0.4 (308)

    Report generated 2016-09-20 14:58:47

    Download EtreCheck from https://etrecheck.com

    Runtime 2:40

    Performance: Excellent

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

     

    Problem: Other problem

    Description:

    suspect malware

     

    Hardware Information:

        iMac (21.5-inch, Mid 2010)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        iMac - model: iMac11,2

        1 3.06 GHz Intel Core i3 CPU: 2-core

        4 GB RAM Upgradeable - [Instructions]

            BANK 0/DIMM0

                Empty  

            BANK 1/DIMM0

                Empty  

            BANK 0/DIMM1

                2 GB DDR3 1333 MHz ok

            BANK 1/DIMM1

                2 GB DDR3 1333 MHz ok

        Bluetooth: Old - Handoff/Airdrop2 not supported

        Wireless:  en1: 802.11 a/b/g/n

     

    Video Information:

        ATI Radeon HD 4670 - VRAM: 256 MB

            iMac 1920 x 1080

     

    System Software:

        OS X El Capitan 10.11.6 (15G31) - Time since boot: about 11 days

     

    Disk Information:

        ST3500418AS disk0 : (500.11 GB) (Rotational)

            EFI (disk0s1) <not mounted> : 210 MB

            Macintosh HD (disk0s2) / : 499.25 GB (466.00 GB free)

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

     

        HL-DT-STDVDRW  GA32N   ()

     

    USB Information:

        Apple, Inc. Keyboard Hub

            Fitbit Inc. Fitbit Base Station

            Apple, Inc Apple Keyboard

        Apple Card Reader

        Apple Inc. BRCM2046 Hub

            Apple Inc. Bluetooth USB Host Controller

        Apple Computer, Inc. IR Receiver

        Apple Inc. Built-in iSight

     

    Gatekeeper:

        Mac App Store and identified developers

     

    Kernel Extensions:

            /System/Library/Extensions

        [not loaded]    com.Logitech.Control Center.HID Driver (3.3.0 - 2016-08-02) [Support]

        [not loaded]    com.Logitech.Unifying.HID Driver (1.2.0-302 - 2016-08-02) [Support]

     

    System Launch Agents:

        [not loaded]    9 Apple tasks

        [loaded]    153 Apple tasks

        [running]    76 Apple tasks

     

    System Launch Daemons:

        [not loaded]    46 Apple tasks

        [loaded]    153 Apple tasks

        [running]    92 Apple tasks

     

    Launch Agents:

        [running]    com.Logitech.Control Center.Daemon.plist (2010-05-31) [Support]

        [loaded]    com.google.keystone.agent.plist (2016-07-12) [Support]

     

    Launch Daemons:

        [loaded]    com.adobe.fpsaud.plist (2016-06-28) [Support]

        [loaded]    com.barebones.authd.plist (2012-04-22) [Support]

        [loaded]    com.barebones.textwrangler.plist (2010-08-14) [Support]

        [running]    com.fitbit.galileod.plist (2012-10-05) [Support]

        [loaded]    com.google.keystone.daemon.plist (2016-09-02) [Support]

        [running]    com.malwarebytes.HelperTool.plist (2016-09-19) [Support]

     

    User Launch Agents:

        [failed]    com.apple.CSConfigDotMacCert-[...]@me.com-SharedServices.Agent.plist (2010-08-11)

     

    User Login Items:

        Fitbit Connect Menubar Helper    Application  (/Applications/Fitbit Connect.app/Contents/MacOS/Fitbit Connect Menubar Helper.app)

        Google Chrome    Application  (/Applications/Google Chrome.app)

        Photo Stream URL    SMLoginItem  (/Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app)

     

    Internet Plug-ins:

        FlashPlayer-10.6: 20.0.0.286 - SDK 10.6 (2016-01-25) [Support]

        QuickTime Plugin: 7.7.3 (2016-07-24)

        Flash Player: 20.0.0.286 - SDK 10.6 (2016-01-25) Outdated! Update

        Default Browser: 601 - SDK 10.11 (2016-07-24)

        OfficeLiveBrowserPlugin: 12.3.6 (2013-03-25) [Support]

        Google Earth Web Plug-in: 5.2 (2010-09-01) [Support]

        PepperFlashPlayer: 22.0.0.209 - SDK 10.6 (2016-07-24) [Support]

        DirectorShockwave: 12.0.4r144 - SDK 10.6 (2013-09-04) [Support]

        iPhotoPhotocast: 7.0 (2010-07-21)

     

    Safari Extensions:

        feedly - The feedly team - http://www.feedly.com (2013-11-02)

     

    3rd Party Preference Panes:

        Flash Player (2016-06-28) [Support]

        Logitech Control Center (2010-05-31) [Support]

     

    Time Machine:

        Skip System Files: NO

        Auto backup: NO - Auto backup turned off

        Volumes being backed up:

            Macintosh HD: Disk size: 499.25 GB Disk used: 33.25 GB

        Destinations:

            Time Machine Backups [Local]

            Total size: 999.86 GB

            Total number of backups: 248

            Oldest backup: 8/20/10, 6:03 PM

            Last backup: 9/18/16, 5:45 AM

            Size of backup disk: Adequate

                Backup size 999.86 GB > (Disk used 33.25 GB X 3)

     

    Top Processes by CPU:

            38%    mdworker(11)

             2%    WindowServer

             1%    kernel_task

             0%    fontd

             0%    askpermissiond

     

    Top Processes by Memory:

        1.20 GB    Google Chrome Helper(10)

        442 MB    kernel_task

        283 MB    Google Chrome

        225 MB    mdworker(11)

        74 MB    softwareupdated

     

    Virtual Memory Information:

        41 MB    Free RAM

        3.96 GB    Used RAM (1.02 GB Cached)

        74 MB    Swap Used

     

     

     

  • by Bart in VA,

    Bart in VA Bart in VA Sep 20, 2016 12:31 PM in response to Bart in VA
    Level 1 (9 points)
    Mac OS X
    Sep 20, 2016 12:31 PM in response to Bart in VA

    I ran this a second time with "scan for adware" as a parm.  The results were the same, with the same three items in red. I don't know anything about the User Launch Agent that failed. I do run Time Machine once a week.

  • by Bart in VA,Solvedanswer

    Bart in VA Bart in VA Sep 22, 2016 1:03 PM in response to Bart in VA
    Level 1 (9 points)
    Mac OS X
    Sep 22, 2016 1:03 PM in response to Bart in VA

    Well, yesterday I called Apple and got a fix. Even though my Flash was up to date (23.0.0.162) I kept getting a prompt to update Flash. The tech told me to go directly to the Adobe site and, after once again verifying that my Chrome's Flash was up to date with 23.0.0.162, to download Flash again. Now I no longer get the prompt.

     

    I will rate this 50% user error and 50% a problem with Flash prompting to update when unnecessary. This is sort of like El Cap users getting a red dot on the App Store to download 10.11.6 even though they are already on 10.11.6

     

    This issue can be closed.