Removing False Flash Update Malware

Sorry for the delay - I had a medical appt this morning.

I downloaded etrecheck and double clicked on the icon. The icon briefly flashed and a green icon very briefly appeared in my dock and then nothing. What should happen?

I don't use Safari, but my home page is the same as always.

I have seen nothing strange; only the Flash pop-up that returns every hour or two.

OK - I finally got etrecheck to run. The report is long but I will post below. One thing: several times I have checked my current Flash version at the Adobe site and found it to be current. As you know, Chrome usually keeps it up to date automatically.

EtreCheck version: 3.0.4 (308)

Report generated 2016-09-20 14:58:47

Download EtreCheck from https://etrecheck.com

Runtime 2:40

Performance: Excellent

Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Problem: Other problem

Description:

suspect malware

Hardware Information:ⓘ

iMac (21.5-inch, Mid 2010)

[Technical Specifications] - [User Guide] - [Warranty & Service]

iMac - model: iMac11,2

1 3.06 GHz Intel Core i3 CPU: 2-core

4 GB RAM Upgradeable - [Instructions]

BANK 0/DIMM0

Empty

BANK 1/DIMM0

Empty

BANK 0/DIMM1

2 GB DDR3 1333 MHz ok

BANK 1/DIMM1

2 GB DDR3 1333 MHz ok

Bluetooth: Old - Handoff/Airdrop2 not supported

Wireless: en1: 802.11 a/b/g/n

Video Information:ⓘ

ATI Radeon HD 4670 - VRAM: 256 MB

iMac 1920 x 1080

System Software:ⓘ

OS X El Capitan 10.11.6 (15G31) - Time since boot: about 11 days

Disk Information:ⓘ

ST3500418AS disk0 : (500.11 GB) (Rotational)

EFI (disk0s1) <not mounted> : 210 MB

Macintosh HD (disk0s2) / : 499.25 GB (466.00 GB free)

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

HL-DT-STDVDRW GA32N ()

USB Information:ⓘ

Apple, Inc. Keyboard Hub

Fitbit Inc. Fitbit Base Station

Apple, Inc Apple Keyboard

Apple Card Reader

Apple Inc. BRCM2046 Hub

Apple Inc. Bluetooth USB Host Controller

Apple Computer, Inc. IR Receiver

Apple Inc. Built-in iSight

Gatekeeper:ⓘ

Mac App Store and identified developers

Kernel Extensions:ⓘ

/System/Library/Extensions

[not loaded] com.Logitech.Control Center.HID Driver (3.3.0 - 2016-08-02) [Support]

[not loaded] com.Logitech.Unifying.HID Driver (1.2.0-302 - 2016-08-02) [Support]

System Launch Agents:ⓘ

[not loaded] 9 Apple tasks

[loaded] 153 Apple tasks

[running] 76 Apple tasks

System Launch Daemons:ⓘ

[not loaded] 46 Apple tasks

[loaded] 153 Apple tasks

[running] 92 Apple tasks

Launch Agents:ⓘ

[running] com.Logitech.Control Center.Daemon.plist (2010-05-31) [Support]

[loaded] com.google.keystone.agent.plist (2016-07-12) [Support]

Launch Daemons:ⓘ

[loaded] com.adobe.fpsaud.plist (2016-06-28) [Support]

[loaded] com.barebones.authd.plist (2012-04-22) [Support]

[loaded] com.barebones.textwrangler.plist (2010-08-14) [Support]

[running] com.fitbit.galileod.plist (2012-10-05) [Support]

[loaded] com.google.keystone.daemon.plist (2016-09-02) [Support]

[running] com.malwarebytes.HelperTool.plist (2016-09-19) [Support]

User Launch Agents:ⓘ

[failed] com.apple.CSConfigDotMacCert-[...]@me.com-SharedServices.Agent.plist (2010-08-11)

User Login Items:ⓘ

Fitbit Connect Menubar Helper Application (/Applications/Fitbit Connect.app/Contents/MacOS/Fitbit Connect Menubar Helper.app)

Google Chrome Application (/Applications/Google Chrome.app)

Photo Stream URL SMLoginItem (/Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app)

Internet Plug-ins:ⓘ

FlashPlayer-10.6: 20.0.0.286 - SDK 10.6 (2016-01-25) [Support]

QuickTime Plugin: 7.7.3 (2016-07-24)

Flash Player: 20.0.0.286 - SDK 10.6 (2016-01-25) Outdated! Update

Default Browser: 601 - SDK 10.11 (2016-07-24)

OfficeLiveBrowserPlugin: 12.3.6 (2013-03-25) [Support]

Google Earth Web Plug-in: 5.2 (2010-09-01) [Support]

PepperFlashPlayer: 22.0.0.209 - SDK 10.6 (2016-07-24) [Support]

DirectorShockwave: 12.0.4r144 - SDK 10.6 (2013-09-04) [Support]

iPhotoPhotocast: 7.0 (2010-07-21)

Safari Extensions:ⓘ

feedly - The feedly team - http://www.feedly.com (2013-11-02)

3rd Party Preference Panes:ⓘ

Flash Player (2016-06-28) [Support]

Logitech Control Center (2010-05-31) [Support]

Time Machine:ⓘ

Skip System Files: NO

Auto backup: NO - Auto backup turned off

Volumes being backed up:

Macintosh HD: Disk size: 499.25 GB Disk used: 33.25 GB

Destinations:

Time Machine Backups [Local]

Total size: 999.86 GB

Total number of backups: 248

Oldest backup: 8/20/10, 6:03 PM

Last backup: 9/18/16, 5:45 AM

Size of backup disk: Adequate

Backup size 999.86 GB > (Disk used 33.25 GB X 3)

Top Processes by CPU:ⓘ

38% mdworker(11)

2% WindowServer

1% kernel_task

0% fontd

0% askpermissiond

Top Processes by Memory:ⓘ

1.20 GB Google Chrome Helper(10)

442 MB kernel_task

283 MB Google Chrome

225 MB mdworker(11)

74 MB softwareupdated

Virtual Memory Information:ⓘ

41 MB Free RAM

3.96 GB Used RAM (1.02 GB Cached)

74 MB Swap Used

I ran this a second time with "scan for adware" as a parm. The results were the same, with the same three items in red. I don't know anything about the User Launch Agent that failed. I do run Time Machine once a week.

Well, yesterday I called Apple and got a fix. Even though my Flash was up to date (23.0.0.162) I kept getting a prompt to update Flash. The tech told me to go directly to the Adobe site and, after once again verifying that my Chrome's Flash was up to date with 23.0.0.162, to download Flash again. Now I no longer get the prompt.

I will rate this 50% user error and 50% a problem with Flash prompting to update when unnecessary. This is sort of like El Cap users getting a red dot on the App Store to download 10.11.6 even though they are already on 10.11.6

This issue can be closed.