User profile for user: LaundryBasket45
LaundryBasket45 Author
User level: Level 1
4 points

Fake adobe flash installed

Hi,

My daughter accidentally installed a fake adobe flash on her Mac OS 10.10.5. I read a post dated 2/9/17 that said to download EtreCheck and I ran the program and removed flagged files. Then I ran it again. The results are below. Is there anything else I should do? I'm not really sure how to read this. There is one part below that says "one unknown file found- check files." I tried to click "remove" and it wouldn't let me.

Thank you!


EtreCheck version: 3.1.5 (343)

Report generated 2017-02-09 20:54:27

Download EtreCheck from https://etrecheck.com

Runtime 1:44

Performance: Excellent


Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.


Problem: Other problem

Description:

Virus


Hardware Information:

MacBook Air (11-inch, Early 2015)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Air - model: MacBookAir7,1

1 1.6 GHz Intel Core i5 (i5-5250U) CPU: 2-core

4 GB RAM Not upgradeable

BANK 0/DIMM0

2 GB DDR3 1600 MHz ok

BANK 1/DIMM0

2 GB DDR3 1600 MHz ok

Bluetooth: Good - Handoff/Airdrop2 supported

Wireless: en0: 802.11 a/b/g/n/ac

Battery: Health = Normal - Cycle count = 195


Video Information:

Intel HD Graphics 6000

Color LCD 1366 x 768


System Software:

OS X Yosemite 10.10.5 (14F2009) - Time since boot: less than an hour


Disk Information:

APPLE SSD AP0128H disk0 : (121.33 GB) (Solid State - TRIM: Yes)

EFI (disk0s1) <not mounted> : 315 MB

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

Macintosh HD (disk1) / [Startup]: 120.01 GB (74.39 GB free)

Encrypted AES-XTS Unlocked

Core Storage: disk0s2 120.37 GB Online


USB Information:

Apple Inc. BRCM20702 Hub

Apple Inc. Bluetooth USB Host Controller


Thunderbolt Information:

Apple Inc. thunderbolt_bus


Gatekeeper:

Mac App Store and identified developers


Unknown Files:

~/Library/LaunchAgents/com.viewmc.protect.update.plist

~/Library/Application Support/viewmc/viewmc.app/Contents/MacOS/Installer -evnt agnt -oprID 80801239|00340|1000021|0|0|1|0|000000000|03022017|05471994|OTA=|U2FmZUZpbmRlcg= =|VVM=|VW5pdGVkIFN0YXRlcw==|R29vZ2xl -dBrowser Safari

One unknown file found. [Check files]


Kernel Extensions:

/System/Library/Extensions

[not loaded] com.ni.Fantom.nxtfwdl (1.1.1 - 2017-01-25) [Support]


Startup Items:

Fantom: Path: /Library/StartupItems/Fantom

Startup items no longer function in OS X Yosemite or later


System Launch Agents:

[not loaded] 5 Apple tasks

[loaded] 147 Apple tasks

[running] 60 Apple tasks


System Launch Daemons:

[not loaded] 47 Apple tasks

[loaded] 137 Apple tasks

[running] 77 Apple tasks


Launch Agents:

[loaded] com.google.keystone.agent.plist (2017-01-13) [Support]

[loaded] com.oracle.java.Java-Updater.plist (2016-10-21) [Support]


Launch Daemons:

[running] com.bradfordnetworks.agent.plist (2015-03-11) [Support]

[loaded] com.google.keystone.daemon.plist (2017-01-23) [Support]

[loaded] com.oracle.java.Helper-Tool.plist (2016-09-22) [Support]


User Launch Agents:

[loaded] com.viewmc.protect.update.plist (2017-02-09) [Support]


User Login Items:

iTunesHelper Application (2017-01-25)

(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

CSA Application

(/Library/Application Support/Bradford Networks/Persistent Agent/CSA.app)


Internet Plug-ins:

Silverlight: 5.1.50901.0 - SDK 10.6 (2016-11-30) [Support]

QuickTime Plugin: 7.7.3 (2016-11-04)

Google Earth Web Plug-in: 7.1 (2015-09-18) [Support]

JavaAppletPlugin: Java 8 Update 111 build 14 (2016-10-21) Check version

Default Browser: 600 - SDK 10.10 (2015-08-24)


User internet Plug-ins:

Unity Web Player: UnityPlayer version 2.6.1f3 (2015-10-22) [Support]


Safari Extensions:

SafeFinder - SafeFinder (2017-02-09)


3rd Party Preference Panes:

Java (2016-10-21) [Support]


Time Machine:

Time Machine not configured!


Top Processes by CPU:

5% WindowServer

4% fontd

2% coreaudiod

2% iTunes

2% kernel_task


Top Processes by Memory:

539 MB kernel_task

266 MB com.apple.WebKit.WebContent(4)

172 MB iTunes

139 MB mdworker(8)

123 MB Safari


Virtual Memory Information:

1.83 GB Available RAM

286 MB Free RAM

2.17 GB Used RAM

1.55 GB Cached files

0 B Swap Used


Diagnostics Information:

Feb 9, 2017, 08:19:40 PM Self test - passed

Feb 8, 2017, 07:57:37 PM /Library/Logs/DiagnosticReports/com.apple.WebKit.WebContent_2017-02-08-195737_[ redacted].cpu_resource.diag [Details]

/System/Library/StagedFrameworks/Safari/WebKit.framework/Versions/A/XPCServices/ com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent


Files deleted by EtreCheck:

Feb 9, 2017, 08:47:03 PM - ~/Library/LaunchAgents/com.pcv.hlpramcn.plist

MacBook Air, 10.10.5

Posted on Feb 9, 2017 6:08 PM

Reply
5 replies
User profile for user: oldfart71
oldfart71
User level: Level 1
12 points

Nov 6, 2017 6:57 AM in response to FishingAddict

Thanks for step by step instruction. I got the msg this morning that Adobe Flash was out of date when I tried to open weatherunderground which I do every morning to check weather. Had msg come from unfamiliar site would have need suspicious but clicked before thinking. when I noticed something about Mackeeper flash on screen I tried to stop install but apparently had already installed something. Found this page when searching for how to fix stupid.


Went through FishingAddict steps, but found none of the listed files. Downloaded and ran EtreCheck. Can post full report, but only questionable item was:

Possible adware:

Unknown file: ~/Library/LaunchAgents/com.QuickLookSearches.plist

~/Library/Application Support/com.QuickLookSearches/QuickLookSearches r

One possible adware file found. [Remove/Report]


Can anyone tell me what this file is/does?


Thanks!!

Reply
User profile for user: stedman1
stedman1
User level: Level 10
264,598 points

Feb 9, 2017 6:17 PM in response to LaundryBasket45

I see Etrecheck has helped you remove one piece of Adware. You can now use the "Check Files" function in Etrecheck, to verify, and if required, delete the file as shown below. After things are back to normal, take a few minutes to read: Phony "tech support" / "ransomware" popups and web pages


Unknown Files:

~/Library/LaunchAgents/com.viewmc.protect.update.plist

~/Library/Application Support/viewmc/viewmc.app/Contents/MacOS/Installer -evnt agnt -oprID 80801239|00340|1000021|0|0|1|0|000000000|03022017|05471994|OTA=|U2FmZUZpbmRlcg= =|VVM=|VW5pdGVkIFN0YXRlcw==|R29vZ2xl -dBrowser Safari

One unknown file found. [Check files]

Reply
User profile for user: FishingAddict
FishingAddict
User level: Level 4
3,888 points

Feb 9, 2017 8:31 PM in response to LaundryBasket45

Here are detailed instructions on how to clean up you Mac. If you get to any step and the files found on your Mac are not named exactly as I mention, then leave them alone to be safe.


  1. Click your Desktop
  2. Click "Go" menu > "Go To Folder"
  3. Enter "~/Library/LaunchAgents/" in the box, then click "Go"
  4. Drag the file "com.viewmc.protect.update.plist" to the trash
  5. Click your Desktop
  6. Click "Go" menu > "Go To Folder"
  7. Enter "/System/Library/Extensions" in the box, then click "Go"
  8. Drag the file "com.ni.Fantom.nxtfwdl" to the trash
  9. Click your Desktop
  10. Click "Go" menu > "Go To Folder"
  11. Enter "/Library/StartupItems" in the box, then click "Go"
  12. Drag any files or folders named "Fantom" to the trash
  13. Click your Desktop
  14. Click "Go" menu > "Go To Folder"
  15. Enter "~/Library/LaunchAgents/" in the box, then click "Go"
  16. Drag the file "com.viewmc.protect.update.plist" to the trash
  17. Click your Desktop
  18. Click "Go" menu > "Go To Folder"
  19. Enter "/Library/Internet Plug-Ins" in the box, then click "Go"
  20. Drag the file "Silverlight.plugin" to the trash
  21. Drag the file "WPFe.plugin" to the trash
  22. Drag the file "Default Browser.plugin" to the trash
  23. Click your Desktop
  24. Click "Go" menu > "Go To Folder"
  25. Enter "~/Library/Internet Plug-Ins" in the box, then click "Go"
  26. Drag the file "SafeFinder.plugin" to the trash
  27. Reboot your Mac
  28. Rerun EtreCheck and post the results
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Fake adobe flash installed

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up