a persistent malware that spread across all my Apple devices
i'm running an OSX 10.11.6 on a Mbp retina 15" early 2013
for the last week or so it seems like this malware i have happen randomly when i try loading new links it diverts to different ads (a shorten url for money ads so far) with a 5 seonds counter to skip ad.
soon after this problem started happening on my Iphone 5s, and my Mac Pro running also OS X 10.11.6
i tried the suggested steps of clearing history and cookies, restarting in safe mood and runing disk utility, tried installing a couple of adware block extensions but it did not do any good.
i had Chrome installed at this time -which i suspect that i got the malware from-, i unistalled it today and upgraded safari to 10.0.1, the problem stays the same.
i'm freaking out a bit, this is the first time something like this happen, and the fact it can spread across my devices is scary!
i ran the EtreCheck and it shows error in /etc/hosts, i will post results here:
EtreCheck version: 3.1.2 (334)
Report generated 2016-11-09 16:35:06
Download EtreCheck from https://etrecheck.com
Runtime 1:46
Performance: Excellent
Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Problem: No problem - just checking
Hardware Information:ⓘ
MacBook Pro (Retina, 15-inch, Early 2013)
[Technical Specifications] - [User Guide] - [Warranty & Service]
MacBook Pro - model: MacBookPro10,1
1 2.4 GHz Intel Core i7 (i7-3635QM) CPU: 4-core
8 GB RAM Not upgradeable
BANK 0/DIMM0
4 GB DDR3 1600 MHz ok
BANK 1/DIMM0
4 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en0: 802.11 a/b/g/n
Battery: Health = Replace Soon - Cycle count = 1088
Video Information:ⓘ
Intel HD Graphics 4000
NVIDIA GeForce GT 650M - VRAM: 1024 MB
Color LCD 2880 x 1800
System Software:ⓘ
OS X El Capitan 10.11.6 (15G1108) - Time since boot: less than an hour
Disk Information:ⓘ
APPLE SSD SD256E disk0 : (251 GB) (Solid State - TRIM: Yes)
[Show SMART report]
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Macintosh HD (disk1) / [Startup]: 249.78 GB (28.93 GB free)
Encrypted AES-XTS Unlocked
Core Storage: disk0s2 250.14 GB Online
USB Information:ⓘ
Apple Inc. FaceTime HD Camera (Built-in)
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Thunderbolt Information:ⓘ
Apple Inc. thunderbolt_bus
Configuration files:ⓘ
/etc/hosts - Count: 57
Gatekeeper:ⓘ
Mac App Store and identified developers
Kernel Extensions:ⓘ
/Applications/VMware Fusion.app
[not loaded] com.vmware.kext.vmci (7.0.0 - 2014-08-26) [Support]
[not loaded] com.vmware.kext.vmioplug.14.1.3 (7.0.0 - 2014-08-26) [Support]
[not loaded] com.vmware.kext.vmnet (7.0.0 - 2014-08-26) [Support]
[not loaded] com.vmware.kext.vmx86 (7.0.0 - 2014-08-26) [Support]
[not loaded] com.vmware.kext.vsockets (7.0.0 - 2014-08-26) [Support]
/Library/Application Support/Hotspot Shield
[not loaded] com.anchorfree.tun (1.1.1 - SDK 10.8 - 2014-03-24) [Support]
/System/Library/Extensions
[not loaded] com.Cycling74.driver.Soundflower (1.6.2 - SDK 10.6 - 2016-11-09) [Support]
[not loaded] com.FTDI.driver.FTDIUSBSerialDriver (2.2.18 - SDK 10.6 - 2016-11-09) [Support]
[not loaded] com.m-audio.driver.firewire (1.10.2 - 2016-11-09) [Support]
[not loaded] com.wacom.kext.pentablet (Pen Tablet 5.3.2-2 - SDK 10.8 - 2016-11-09) [Support]
[not loaded] com.wacom.kext.wacomtablet (Wacom Tablet 6.3.6-3 - SDK 10.8 - 2016-11-09) [Support]
System Launch Agents:ⓘ
[not loaded] 7 Apple tasks
[loaded] 162 Apple tasks
[running] 70 Apple tasks
System Launch Daemons:ⓘ
[not loaded] 42 Apple tasks
[loaded] 159 Apple tasks
[running] 89 Apple tasks
Launch Agents:ⓘ
[not loaded] com.adobe.AAM.Updater-1.0.plist (2014-05-11) [Support]
[loaded] com.google.keystone.agent.plist (2016-08-24) [Support]
[loaded] com.oracle.java.Java-Updater.plist (2016-08-24) [Support]
[running] com.wacom.pentablet.plist (2012-12-12) [Support]
[running] com.wacom.wacomtablet.plist (2013-06-06) [Support]
[running] jp.co.canon.CUPSCAPT.BG.plist (2013-09-24) [Support]
[loaded] org.macosforge.xquartz.startx.plist (2014-08-12) [Support]
Launch Daemons:ⓘ
[loaded] com.adobe.SwitchBoard.plist (2013-07-25) [Support]
[loaded] com.adobe.fpsaud.plist (2016-06-29) [Support]
[loaded] com.anchorfree.ajaxserver.plist (2013-11-08) [Support]
[loaded] com.apple.aelwriter.plist (2013-07-25)
[running] com.apple.qmaster.qmasterd.plist (2010-08-26)
[loaded] com.google.keystone.daemon.plist (2016-09-02) [Support]
[failed] com.m-audio.firewire.helper.plist (2011-07-28) [Support] - /Library/StartupItems/M-Audio FireWire Audio Helper/M-Audio FireWire Device Helper: Executable not found!
[loaded] com.microsoft.office.licensing.helper.plist (2010-08-25) [Support]
[loaded] com.noiseindustries.FxFactory.helper.plist (2013-07-25) [Support]
[loaded] com.oracle.java.Helper-Tool.plist (2016-06-22) [Support]
[loaded] com.tunnelbear.mac.tbeard.plist (2016-04-05) [Support]
[loaded] org.macosforge.xquartz.privileged_startx.plist (2014-08-12) [Support]
User Login Items:ⓘ
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Stickies Application Hidden (/Applications/Stickies.app)
Calendar Application Hidden (/Applications/Calendar.app)
Internet Plug-ins:ⓘ
FlashPlayer-10.6: 22.0.0.209 - SDK 10.9 (2016-09-09) [Support]
QuickTime Plugin: 7.7.3 (2016-11-09)
Flash Player: 22.0.0.209 - SDK 10.9 (2016-09-09) Outdated! Update
AdobePDFViewer: 10.1.1 (2013-07-25) [Support]
Default Browser: 601 - SDK 10.11 (2016-09-18)
o1dbrowserplugin: 5.41.3.0 - SDK 10.8 (2015-12-16) [Support]
SharePointBrowserPlugin: 14.0.0 (2010-08-25) [Support]
WacomNetscape: 2.1.0-1 - SDK 10.8 (2013-08-05) [Support]
googletalkbrowserplugin: 5.41.3.0 - SDK 10.8 (2015-12-11) [Support]
WacomTabletPlugin: WacomTabletPlugin 2.1.0.2 (2013-06-06) [Support]
JavaAppletPlugin: Java 8 Update 101 build 13 (2016-08-24) Check version
Safari Extensions:ⓘ
MacDeals - Homer - http://MacDeals.info (2015-01-05)
Open in Internet Explorer - Parallels - http://www.parallels.com (2014-04-04)
Audio Plug-ins:ⓘ
DVCPROHDAudio: 1.3.2 (2013-07-25)
3rd Party Preference Panes:ⓘ
Flash Player (2016-06-29) [Support]
Java (2016-08-24) [Support]
WacomTablet (2013-06-06) [Support]
Time Machine:ⓘ
Skip System Files: NO
Mobile backups: ON
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 249.78 GB Disk used: 220.85 GB
Destinations:
LaCie [Local]
Total size: 850.17 GB
Total number of backups: 3
Oldest backup: 3/3/16, 2:34 PM
Last backup: 3/3/16, 4:03 PM
Size of backup disk: Excellent
Backup size 850.17 GB > (Disk size 249.78 GB X 3)
Transcend [Local]
Total size: 999.86 GB
Total number of backups: 9
Oldest backup: 6/17/16, 5:39 PM
Last backup: 9/12/16, 3:07 PM
Size of backup disk: Excellent
Backup size 999.86 GB > (Disk size 249.78 GB X 3)
Top Processes by CPU:ⓘ
8% WindowServer
8% Safari
6% com.apple.WebKit.WebContent(6)
4% hidd
3% kernel_task
Top Processes by Memory:ⓘ
1.22 GB com.apple.WebKit.WebContent(6)
774 MB kernel_task
246 MB mdworker(15)
156 MB Safari
139 MB WindowServer
Virtual Memory Information:ⓘ
3.93 GB Available RAM
1.45 GB Free RAM
4.07 GB Used RAM
2.48 GB Cached files
0 B Swap Used
Diagnostics Information:ⓘ
Nov 9, 2016, 04:26:04 PM /Library/Logs/DiagnosticReports/WacomTabletDriver_2016-11-09-162604_[redacted]. crash
com.wacom.WacomTabletDriver - /Library/Application Support/Tablet/WacomTabletDriver.app/Contents/MacOS/WacomTabletDriver
Nov 9, 2016, 04:25:54 PM Self test - passed
Nov 9, 2016, 03:17:59 PM /Library/Logs/DiagnosticReports/WacomTabletDriver_2016-11-09-151759_[redacted]. crash
Mac Pro, OS X El Capitan (10.11.6)
