How to remove this malware?!

Question

How to remove this malware?!

Hello,

So I recently and accidentally downloaded a malware. I am stupid I get it. I have removed most of the corruption but there is one file in my library that is apparently a threat. I have never seen a file like this before and AVG has picked it out as a problem however it cant remove it for some reason. Is it safe to remove it myself by sending to the trash and then emptying the trash ? There is also another one in the lebosa file but AVG managed to block it

I have attached screen shots so you can see the file I am talking about.

Please help I am very scared of my mac being ruined by this.

Posted on May 18, 2017 9:05 AM

Reply

Answer 1

John Galt

Level 10

155,078 points

May 18, 2017 10:42 AM in response to missing ipod catagorie

Your report shows that "AVG" is still present. Please write back if you require assistance regarding its removal.

The full procedure for removing "CleanMyMac" follows below.

To remove CleanMyMac 3 itself, use its Uninstaller module, followed by these additional steps:

Remove the file ~/Library/LaunchAgents/com.macpaw.CleanMyMac3.Scheduler.plist

To navigate to that file, copy and paste the following line into the Finder's Go menu > Go To Folder...

~/Library/LaunchAgents/

Locate the following file and drag it to the Trash:

com.macpaw.CleanMyMac3.Scheduler.plist

Then, open  (Apple menu) > System Preferences > Users & Groups > Login Items.
Select the item CleanMyMac3 Menu
Click the [—] (minus) button.
Restart your Mac.

Beware that reinstalling macOS alone will have no effect on either removing CleanMyMac or reversing the damage it is capable of inflicting upon a system. To recover from the effects of having used it to modify OS X / Sierra, the additional software you require and the essential files you need, follow the applicable recovery procedure below:

If you have a backup that you created prior to using CleanMyMac, now is the time to use it. For Time Machine, boot macOS Recovery, and at the macOS Utilities screen, choose Restore from Time Machine Backup. Choose a date preceding the installation of CleanMyMac.
If you do not have a backup that predates the use of CleanMyMac, create one now. To do that read Use Time Machine to back up or restore your Mac.
- The recovery procedure will require that you erase the Mac using macOS Recovery, and then create a new User Account whose contents will be empty. You will then be able to use Setup Assistant to migrate your essential documents including photos, music, work products and other essential files.
- To erase and install OS X read How to reinstall macOS on your Mac.
  - Follow Step 2 to completely erase that Mac's internal storage: Erase a volume using Disk Utility.
  - Then, follow the procedure in Move your content to a new Mac.
  - When asked how you want to transfer your information, select Transfer from a Mac, Time Machine backup, or startup disk.
  - Under Select the Information to Transfer, select only your previous User account and do not select "Applications", "Computer and Network Settings" or "Other files and folders". De-select those choices.
- Subsequent to using Setup Assistant, you will need to reinstall the essential software you may require, once again remembering to install software only from their original sources, and omitting all non-essential software.
- "Non-essential software" is a broad category that includes but is not limited to third party "cleaning", "maintenance", and "anti-virus" products.

"Cleaning" apps are scams. Excerpted from Effective defenses against malware and other threats:

Never install any product that claims to "clean up", "speed up", "optimize", "boost" or "accelerate" your Mac; to "wash" it, "tune" it, or to make it "shiny". Those claims are absurd.

Such products are very aggressively marketed. They are all scams.
They generally operate on the flawed premise that a Mac accumulates "junk" that needs to be routinely "cleaned out" for optimum performance.
Trial versions of those programs are successful because they provide the instant gratification of greater free disk space.
That increased space is the result of irreversible destruction of files, programs, or operating system components normally protected from inadvertent alteration or deletion. The eventual result will be unreliable operation, poor performance and random crashes that may not become evident for months or even years after their use, when updates to programs or your Mac's operating system are eventually released.
Memory "cleaners" that circumvent OS X's memory management algorithms work by purging inactive memory contents to mass storage, which can only result in degraded performance and accelerated hardware failure.

Reply

Answer 2

Old Toad

Level 10

215,196 points

May 18, 2017 9:14 AM in response to missing ipod catagorie

A simple, quick and safe way to remove adware and malware is to download and use Malwarebytes Anti-Malware for Macs. It'swas developed by one of the most respected and top contributors in these forums and recommended by nearly all of the top contributors here.

If you would prefer to do it manually follow these instructions from theSafeMac.com site (author of Malwarebytes): Adware Removal Guide

Also download and run Etrecheck. Copy and paste the results into your reply. Etrecheck is a diagnostic tool that was developed by one of the most respected users here in the ASC and recommended by Apple Support to provide a snapshot of the system and help identify the more obvious culprits that can adversely affect a Mac's performance.

Etrecheck can also remove malware.

Reply

Answer 3

Old Toad

Level 10

215,196 points

May 18, 2017 11:05 AM in response to missing ipod catagorie

Clean up: ⓘ

~/Library/LaunchAgents/com.Lobosa.plist

/Library/Lobosa/Lobosa

Executable not found!

One orphan file found. [Clean up]

Rerun Etrecheck and do the clean up indicated.

Reply

Answer 4

John Galt

Level 10

155,078 points

May 18, 2017 11:10 AM in response to missing ipod catagorie

Good job.

Your Mac won't die because EtreCheck is telling you to do a TimeMachine backup. The point is that if it dies, you don't have one.

Battery: Health = Replace Now - Cycle count = 1104

If your Mac is still not performing as it should, it may be due to a battery that needs to be replaced. A worn out battery will cause performance degradation. Have Apple or an Apple Authorized service facility replace it at your earliest convenience – there are no other authorized sources.

Reply

Answer 5

Old Toad

Level 10

215,196 points

May 18, 2017 3:56 PM in response to John Galt

A worn out battery will cause performance degradation

I can testify to that in spades. The 2007 MacBook Pro that I gave to my son was running very, very slow. I mean bigly slow. I took out the battery (original battery) and ran it on just the charger and it improved immensely, at least as well as a 2 GB memory 2007 MBP can improve.

Reply

Answer 6

May 18, 2017 9:47 AM in response to Old Toad

Thank you for the help, I have removed AVG

Here is the report I got from Etrecheck:

EtreCheck version: 3.3 (383)

Report generated 2017-05-19 01:45:04

Download EtreCheck from https://etrecheck.com

Runtime: 7:08

Performance: Below Average

Click the [Lookup] links for more information from Apple Support Communities.

Click the [Details] links for more information about that line.

Click the [Remove/Report] links to remove adware or update the whitelist of legitimate software.

Click the [Clean up] link to delete unused files.

Problem: Computer is too slow

Hardware Information: ⓘ

MacBook Pro (15-inch, Late 2011)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro8,2

1 2.2 GHz Intel Core i7 (i7-2675QM) CPU: 4-core

4 GB RAM Upgradeable - [Instructions]

BANK 0/DIMM0

2 GB DDR3 1333 MHz ok

BANK 1/DIMM0

2 GB DDR3 1333 MHz ok

Bluetooth: Old - Handoff/Airdrop2 not supported

Wireless: en1: 802.11 a/b/g/n

Battery: Health = Replace Now - Cycle count = 1104

Video Information: ⓘ

Intel HD Graphics 3000 - VRAM: 384 MB

AMD Radeon HD 6750M - VRAM: 512 MB

Color LCD 1680 x 1050

System Software: ⓘ

OS X El Capitan 10.11.6 (15G31) - Time since boot: less than an hour

Disk Information: ⓘ

TOSHIBA MK5065GSXF disk0 : (500.11 GB) (Rotational)

[Show SMART report]

EFI (disk0s1 - ) <not mounted> : 210 MB

Recovery HD (disk0s3 - ) <not mounted> [Recovery]: 650 MB

Macintosh HD (disk1 - Journaled HFS+) / [Startup]: 498.88 GB (158.43 GB free)

Core Storage: disk0s2 499.25 GB Online

MATSHITADVD-R UJ-8A8 ()

USB Information: ⓘ

Apple Inc. FaceTime HD Camera (Built-in)

Apple Inc. Apple Internal Keyboard / Trackpad

Apple Inc. BRCM2070 Hub

Apple Inc. Bluetooth USB Host Controller

Logitech USB Receiver

Apple Computer, Inc. IR Receiver

Thunderbolt Information: ⓘ

Apple Inc. thunderbolt_bus

Gatekeeper: ⓘ

Mac App Store and identified developers

Possible adware: ⓘ

Unknown file: /Library/LaunchAgents/com.methoxide-ararao.plist

Adware: ~/Library/LaunchAgents/com.bittorrent.uTorrent.plist

2 possible adware files found. [Remove/Report]

Clean up: ⓘ

~/Library/LaunchAgents/com.Lobosa.plist

/Library/Lobosa/Lobosa

Executable not found!

One orphan file found. [Clean up]

Kernel Extensions: ⓘ

/Library/Application Support/AVGAntivirus/components/fileshield/unsigned

[not loaded] com.avg.FileShield (3.0.0 - SDK 10.9) [Lookup]

/Library/Extensions

[loaded] com.Cycling74.driver.Soundflower (2.0b2 - SDK 10.10) [Lookup]

/System/Library/Extensions

[not loaded] com.wacom.kext.pentablet (Pen Tablet 5.3.6-6 - SDK 10.9) [Lookup]

System Launch Agents: ⓘ

[not loaded] 8 Apple tasks

[loaded] 163 Apple tasks

[running] 67 Apple tasks

System Launch Daemons: ⓘ

[not loaded] 47 Apple tasks

[loaded] 159 Apple tasks

[running] 84 Apple tasks

Launch Agents: ⓘ

[not loaded] com.adobe.AAM.Updater-1.0.plist ((null) - installed 2016-02-23) [Lookup]

[running] com.avg.update-agent.plist ((null) - installed 2017-05-19) [Lookup]

[loaded] com.avg.userinit.plist (Shell script - installed 2017-05-19) [Lookup]

[not loaded] com.methoxide-ararao.plist (Unknown - installed 2017-05-17) [Lookup]

[running] com.wacom.pentablet.plist ((null) - installed 2014-12-24) [Lookup]

Launch Daemons: ⓘ

[loaded] com.adobe.SwitchBoard.plist (Unknown - installed 2016-02-23) [Lookup]

[running] com.adobe.agsservice.plist ((null) - installed 2017-03-11) [Lookup]

[loaded] com.avg.init.plist (Shell script - installed 2017-05-19) [Lookup]

[loaded] com.avg.uninstall.plist (Shell script - installed 2017-05-19) [Lookup]

[loaded] com.avg.update.plist (Shell script - installed 2017-05-19) [Lookup]

[loaded] com.macpaw.CleanMyMac3.Agent.plist ((null) - installed 2016-11-26) [Lookup]

[running] com.malwarebytes.HelperTool.plist ((null) - installed 2017-05-19) [Lookup]

[loaded] com.microsoft.office.licensing.helper.plist (Unknown - installed 2010-08-25) [Lookup]

User Launch Agents: ⓘ

[failed] com.Lobosa.plist (Unknown - installed 2017-05-17) [Lookup] - /Library/Lobosa/Lobosa: Executable not found!

[loaded] com.adobe.AAM.Updater-1.0.plist ((null) - installed 2015-12-02) [Lookup]

[loaded] com.avg.home.userinit.plist (Shell script - installed 2017-05-19) [Lookup]

[not loaded] com.bittorrent.uTorrent.plist ((null) - installed 2016-07-09) Adware! [Remove/Report]

/usr/bin/open

[loaded] com.google.keystone.agent.plist ((null) - installed 2017-03-29) [Lookup]

[loaded] com.macpaw.CleanMyMac3.Scheduler.plist ((null) - installed 2017-05-13)

[loaded] com.valvesoftware.steamclean.plist (Unknown - installed 2016-09-20) [Lookup]

User Login Items: ⓘ

iTunesHelper Application (installed 2017-05-17)

(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

com.adobe.SwitchBoard.monitor.plist MachInit - Hidden

(/etc/mach_init_per_user.d/com.adobe.SwitchBoard.monitor.plist)

Mach Init items are deprecated

Internet Plug-ins: ⓘ

Default Browser: 601 (installed 2017-03-05)

QuickTime Plugin: 7.7.3 (installed 2017-03-05)

SharePointBrowserPlugin: 14.0.0 (installed 2010-08-26) [Lookup]

3rd Party Preference Panes: ⓘ

Paragon NTFS for Mac ® OS X (installed 2016-11-26) [Lookup]

PenTablet (installed 2016-11-26) [Lookup]

Time Machine: ⓘ

Time Machine not configured!

Top Processes by CPU: ⓘ

46% Google Chrome Helper(9)

22% WindowServer

20% Google Chrome

13% mds

6% kernel_task

Top Processes by Memory: ⓘ

1.15 GB Google Chrome Helper(9)

505 MB kernel_task

242 MB mdworker(20)

197 MB Google Chrome

86 MB installd

Top Processes by Energy Use: ⓘ

22.40 WindowServer

4.58 coreaudiod

2.36 hidd

1.50 Finder

1.10 mds

Virtual Memory Information: ⓘ

813 MB Available RAM

150 MB Free RAM

3.21 GB Used RAM

663 MB Cached files

52 MB Swap Used

Diagnostics Information: ⓘ

2017-05-19 01:10:06 Self test - passed

I downloaded Malwarebytes but it reports no problems which clearly isnt true.

What should I do? (also I know about the battery, I just cant afford one right now)

Reply

Answer 7

May 18, 2017 10:26 AM in response to John Galt

Here is the new report I have.

EtreCheck version: 3.3 (383)

Report generated 2017-05-19 02:18:27

Download EtreCheck from https://etrecheck.com

Runtime: 5:08

Performance: Below Average

Click the [Lookup] links for more information from Apple Support Communities.

Click the [Details] links for more information about that line.

Click the [Remove/Report] links to remove adware or update the whitelist of legitimate software.

Click the [Clean up] link to delete unused files.

Problem: Other problem

Hardware Information: ⓘ

MacBook Pro (15-inch, Late 2011)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro8,2

1 2.2 GHz Intel Core i7 (i7-2675QM) CPU: 4-core

4 GB RAM Upgradeable - [Instructions]

BANK 0/DIMM0

2 GB DDR3 1333 MHz ok

BANK 1/DIMM0

2 GB DDR3 1333 MHz ok

Bluetooth: Old - Handoff/Airdrop2 not supported

Wireless: en1: 802.11 a/b/g/n

Battery: Health = Replace Now - Cycle count = 1104

Video Information: ⓘ

Intel HD Graphics 3000 - VRAM: 384 MB

AMD Radeon HD 6750M - VRAM: 512 MB

Color LCD 1680 x 1050

System Software: ⓘ

OS X El Capitan 10.11.6 (15G31) - Time since boot: about one hour

Disk Information: ⓘ

TOSHIBA MK5065GSXF disk0 : (500.11 GB) (Rotational)

[Show SMART report]

EFI (disk0s1 - ) <not mounted> : 210 MB

Recovery HD (disk0s3 - ) <not mounted> [Recovery]: 650 MB

Macintosh HD (disk1 - Journaled HFS+) / [Startup]: 498.88 GB (158.56 GB free)

Core Storage: disk0s2 499.25 GB Online

MATSHITADVD-R UJ-8A8 ()

USB Information: ⓘ

Apple Inc. FaceTime HD Camera (Built-in)

Apple Inc. Apple Internal Keyboard / Trackpad

Apple Inc. BRCM2070 Hub

Apple Inc. Bluetooth USB Host Controller

Logitech USB Receiver

Apple Computer, Inc. IR Receiver

Thunderbolt Information: ⓘ

Apple Inc. thunderbolt_bus

Gatekeeper: ⓘ

Mac App Store and identified developers

Possible adware: ⓘ

Unknown file: /Library/LaunchAgents/com.methoxide-ararao.plist

One possible adware file found. [Remove/Report]

Clean up: ⓘ

~/Library/LaunchAgents/com.Lobosa.plist

/Library/Lobosa/Lobosa

Executable not found!

One orphan file found. [Clean up]

Kernel Extensions: ⓘ

/Library/Extensions

[loaded] com.Cycling74.driver.Soundflower (2.0b2 - SDK 10.10) [Lookup]

/System/Library/Extensions

[not loaded] com.wacom.kext.pentablet (Pen Tablet 5.3.6-6 - SDK 10.9) [Lookup]

System Launch Agents: ⓘ

[not loaded] 8 Apple tasks

[loaded] 162 Apple tasks

[running] 68 Apple tasks

System Launch Daemons: ⓘ

[not loaded] 47 Apple tasks

[loaded] 157 Apple tasks

[running] 86 Apple tasks

Launch Agents: ⓘ

[not loaded] com.adobe.AAM.Updater-1.0.plist ((null) - installed 2016-02-23) [Lookup]

[not loaded] com.methoxide-ararao.plist (Unknown - installed 2017-05-17) [Lookup]

[running] com.wacom.pentablet.plist ((null) - installed 2014-12-24) [Lookup]

Launch Daemons: ⓘ

[loaded] com.adobe.SwitchBoard.plist (Unknown - installed 2016-02-23) [Lookup]

[running] com.adobe.agsservice.plist ((null) - installed 2017-03-11) [Lookup]

[running] com.malwarebytes.HelperTool.plist ((null) - installed 2017-05-19) [Lookup]

[loaded] com.microsoft.office.licensing.helper.plist (Unknown - installed 2010-08-25) [Lookup]

User Launch Agents: ⓘ

[failed] com.Lobosa.plist (Unknown - installed 2017-05-17) [Lookup] - /Library/Lobosa/Lobosa: Executable not found!

[loaded] com.adobe.AAM.Updater-1.0.plist ((null) - installed 2015-12-02) [Lookup]

[loaded] com.google.keystone.agent.plist ((null) - installed 2017-03-29) [Lookup]

[loaded] com.valvesoftware.steamclean.plist (Unknown - installed 2016-09-20) [Lookup]

User Login Items: ⓘ

iTunesHelper Application (installed 2017-05-17)

(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

com.adobe.SwitchBoard.monitor.plist MachInit - Hidden

(/etc/mach_init_per_user.d/com.adobe.SwitchBoard.monitor.plist)

Mach Init items are deprecated

Internet Plug-ins: ⓘ

Default Browser: 601 (installed 2017-03-05)

QuickTime Plugin: 7.7.3 (installed 2017-03-05)

SharePointBrowserPlugin: 14.0.0 (installed 2010-08-26) [Lookup]

3rd Party Preference Panes: ⓘ

Paragon NTFS for Mac ® OS X (installed 2016-11-26) [Lookup]

PenTablet (installed 2016-11-26) [Lookup]

Time Machine: ⓘ

Time Machine not configured!

Top Processes by CPU: ⓘ

5% WindowServer

4% mount_ufsd_NTFS

4% TMHelperAgent

4% Google Chrome Helper(8)

4% kernel_task

Top Processes by Memory: ⓘ

889 MB Google Chrome Helper(8)

494 MB kernel_task

215 MB Google Chrome

143 MB mdworker(9)

66 MB Finder

Top Processes by Energy Use: ⓘ

8.64 WindowServer

1.38 com.apple.prefs.

1.16 fontd

0.24 mds

0.16 mds_stores

Virtual Memory Information: ⓘ

711 MB Available RAM

19 MB Free RAM

3.31 GB Used RAM

693 MB Cached files

25 MB Swap Used

Diagnostics Information: ⓘ

2017-05-19 01:10:06 Self test - passed

Files deleted by EtreCheck: ⓘ

2017-05-19 02:08:03 - ~/Library/LaunchAgents/com.bittorrent.uTorrent.plist - Unknown

2017-05-19 02:08:19 - /Library/LaunchAgents/com.methoxide-ararao.plist - Unknown

However these two things are worrying me as I dont know what they are:

com.adobe.SwitchBoard.monitor.plist MachInit - Hidden

(/etc/mach_init_per_user.d/com.adobe.SwitchBoard.monitor.plist)

Mach Init items are deprecated

com.Lobosa.plist

I have tried to remove the lobosa one but I am worried that my mac will die because Etrecheck is telling me to do a TimeMachine back up (which I cant do right now)

Reply

Answer 8

John Galt

Level 10

155,078 points

May 18, 2017 9:46 AM in response to missing ipod catagorie

So I recently and accidentally downloaded a malware.

How do you know that? What did you remove?

Uninstall "AVG Anti-Virus". It is capable of nothing beneficial. To uninstall it please read and follow these instructions:

https://support.avg.com/SupportArticleView?q=uninstall+avg&urlname=How-to-uninst all-AVG-AntiVirus-for-Mac&l=en_US

Reply

Answer 9

May 18, 2017 9:59 AM in response to missing ipod catagorie

Uninstall CleanMyMac3. CMM3 eats tons of resources on your Mac to remove files that should not be removed.

Uninstall AVG. Macs do not need to have AV software installed.

Remove the Adware by running the report again and clicking the icon to remove adware this time.

Seeing as how you have a minimal amount of RAM at 4 GB, I would recommend you stop using Chrome until after you upgrade the amount of RAM.

Reply

Answer 10

John Galt

Level 10

155,078 points

May 18, 2017 6:41 PM in response to missing ipod catagorie

missing ipod catagorie wrote:

... I will consider getting a new battery but 200 dollars for one is a bit much for me at the moment.

I strongly suggest you do that now. Apple will stop supporting that Mac in the near future, leaving only less reliable third party alternatives for replacement batteries.

It's not $200. The price is $129 (in the US, excluding taxes).

Reply