I have apparently and unwittingly installed a program which has installed an extension to my Safari browser. It was called a File Converter. I cannot see how to uninstall it and need advice.
iMac, Mac OS X (10.6.8), Model 10.1 3.06 Ghz Intel Core 2
1. Please rerun the EtreCheck.
Adware: ~/Library/LaunchAgents/pronto.notification.plist
Adware: ~/Library/LaunchAgents/pronto.update.plist
2 possible adware files found. [Remove/Report]
Click the Remove/Report button next to 2 possible adware files found.
[loaded] pronto.notification.plist (Levi Grishpin - installed 2018-01-27) Adware! [Remove/Report]
~/Library/Application Support/ProntoApp/ProntoApp.app/Contents/MacOS/ProntoApp
[loaded] pronto.update.plist (Levi Grishpin - installed 2018-01-27) Adware! [Remove/Report]
~/Library/Application Support/ProntoApp/ProntoApp.app/Contents/MacOS/ProntoApp
Click the Remove/Report button next to Adware!
2. Choose a search engine.
Delete all text in the Smart Search field, click the magnifying glass , then choose a search engine from the list.
https://support.apple.com/guide/safari/customize-your-search-ibrwe75c2a3c/mac
3. Set your Home Page. https://support.apple.com/guide/safari/set-your-homepage-ibrw1020/mac
4. Restart your Mac.
5. Launch Safari holding the Shift key down.
Test Safari.
1. Please rerun the EtreCheck.
Adware: ~/Library/LaunchAgents/pronto.notification.plist
Adware: ~/Library/LaunchAgents/pronto.update.plist
2 possible adware files found. [Remove/Report]
Click the Remove/Report button next to 2 possible adware files found.
[loaded] pronto.notification.plist (Levi Grishpin - installed 2018-01-27) Adware! [Remove/Report]
~/Library/Application Support/ProntoApp/ProntoApp.app/Contents/MacOS/ProntoApp
[loaded] pronto.update.plist (Levi Grishpin - installed 2018-01-27) Adware! [Remove/Report]
~/Library/Application Support/ProntoApp/ProntoApp.app/Contents/MacOS/ProntoApp
Click the Remove/Report button next to Adware!
2. Choose a search engine.
Delete all text in the Smart Search field, click the magnifying glass , then choose a search engine from the list.
https://support.apple.com/guide/safari/customize-your-search-ibrwe75c2a3c/mac
3. Set your Home Page. https://support.apple.com/guide/safari/set-your-homepage-ibrw1020/mac
4. Restart your Mac.
5. Launch Safari holding the Shift key down.
Test Safari.
What happens if you select and uninstall the extension?
Safari > Preferences > Extensions
Turnoff or uninstall extensions.
Section: Manage extensions: https://support.apple.com/guide/safari/use-safari-extensions-sfri32508/mac
Please run EtreCheck and post the report here if you can .
Click “Free Download” button, open Downloads folder, click on it to open, and then select ”Open”.
Click on the bouncing EtreCheck icon in the Dock.
“Choose a problem” from the popup menu box, and then “Start EtreCheck” in the dialog.
Click “Share Report” button in the toolbar, select “Copy to Clipboard” .
Paste it into the reply.
I have deselected the offending extension but the opening page of my Safari is still replaced by a new search page indicating that the offending program is still present.
I have run Etrecheck as requested and report is below:
EtreCheck version: 3.4.6 (460)
Report generated 2018-01-29 12:17:51
Download EtreCheck from https://etrecheck.com
Runtime: 2:18
Performance: Excellent
Click the [Lookup] links for more information from Apple Support Communities.
Click the [Details] links for more information about that line.
Click the [Remove/Report] links to remove adware or update the whitelist of legitimate software.
Problem: Other problem
Description:
suspect safari extension has modified safari opening page
Hardware Information:ⓘ
iMac (Retina 5K, 27-inch, Late 2015)
[Technical Specifications] - [User Guide] - [Warranty & Service]
iMac - model: iMac17,1
1 3.2 GHz Intel Core i5 (i5-6500) CPU: 4-core
8 GB RAM Upgradeable - [Instructions]
BANK 0/DIMM0
4 GB DDR3 1867 MHz ok
BANK 0/DIMM1
Empty
BANK 1/DIMM0
4 GB DDR3 1867 MHz ok
BANK 1/DIMM1
Empty
Handoff/Airdrop2: supported
Wireless: en1: 802.11 a/b/g/n/ac
iCloud Quota: 30.09 GB available
Video Information:ⓘ
AMD Radeon R9 M380 - VRAM: 2 GB
iMac 5120 x 2880
Disk Information:ⓘ
APPLE HDD ST1000DM003 disk0: (1 TB) (Rotational)
[Show SMART report]
EFI (disk0s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB
(disk0s2) <not mounted> [CoreStorage Container]: 999.35 GB
Recovery HD (disk0s3 - Journaled HFS+) <not mounted> [Recovery]: 650 MB
USB Information:ⓘ
USB30Bus
Broadcom Corp. Bluetooth USB Host Controller
Apple Inc. FaceTime HD Camera (Built-in)
Thunderbolt Information:ⓘ
Apple Inc. thunderbolt_bus
Virtual disks:ⓘ
Macintosh HD (disk1 - Journaled HFS+) / [Startup]: 998.98 GB (934.91 GB free)
Physical disk: disk0s2 999.35 GB Online
System Software:ⓘ
macOS High Sierra 10.13.3 (17D47) - Time since boot: less than an hour
Gatekeeper:ⓘ
Mac App Store and identified developers
Possible adware:ⓘ
Adware: ~/Library/LaunchAgents/pronto.notification.plist
Adware: ~/Library/LaunchAgents/pronto.update.plist
2 possible adware files found. [Remove/Report]
System Launch Agents:ⓘ
[not loaded] 8 Apple tasks
[loaded] 173 Apple tasks
[running] 109 Apple tasks
System Launch Daemons:ⓘ
[not loaded] 37 Apple tasks
[loaded] 187 Apple tasks
[running] 107 Apple tasks
Launch Agents:ⓘ
[not loaded] com.adobe.AAM.Updater-1.0.plist (Adobe Systems, Inc. - installed 2017-07-07) [Lookup]
[running] com.brother.LOGINserver.plist (? a1772de2 41ad4933 - installed 2018-01-10) [Lookup]
Launch Daemons:ⓘ
[running] com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2017-09-28) [Lookup]
[loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2017-12-14) [Lookup]
User Launch Agents:ⓘ
[loaded] Zanzibog.AppVemoral.plist (Eliav Shaliko - installed 2018-01-27) [Lookup]
[loaded] Zanzibog.btvlit.plist (Eliav Shaliko - installed 2018-01-27) [Lookup]
[loaded] Zanzibog.disable.plist (Eliav Shaliko - installed 2018-01-27) [Lookup]
[loaded] Zanzibog.dolnwoad.plist (Eliav Shaliko - installed 2018-01-27) [Lookup]
[loaded] Zanzibog.uadpte.plist (Eliav Shaliko - installed 2018-01-27) [Lookup]
[loaded] com.adobe.AAM.Updater-1.0.plist (Adobe Systems, Inc. - installed 2016-11-23) [Lookup]
[loaded] pronto.notification.plist (Levi Grishpin - installed 2018-01-27) Adware! [Remove/Report]
~/Library/Application Support/ProntoApp/ProntoApp.app/Contents/MacOS/ProntoApp
[loaded] pronto.update.plist (Levi Grishpin - installed 2018-01-27) Adware! [Remove/Report]
~/Library/Application Support/ProntoApp/ProntoApp.app/Contents/MacOS/ProntoApp
User Login Items:ⓘ
iTunesHelper Application (Apple, Inc. - installed 2018-01-25)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Internet Plug-ins:ⓘ
FlashPlayer-10.6: 28.0.0.137 (installed 2018-01-09) [Lookup]
QuickTime Plugin: 7.7.3 (installed 2018-01-25)
Flash Player: 28.0.0.137 (installed 2018-01-09) [Lookup]
3rd Party Preference Panes:ⓘ
Flash Player (installed 2017-12-14) [Lookup]
Time Machine:ⓘ
Time Machine not configured!
Top Processes by CPU:ⓘ
3% WindowServer
1% mdworker
1% kernel_task
0% fontd
0% mdworker
Top Processes by Memory:ⓘ
853 MB kernel_task
266 MB Mail
159 MB com.apple.WebKit.WebContent
132 MB mds_stores
128 MB Safari
Top Processes by Network Use:ⓘ
Input Output Process name
420 KB 12 KB Mail
160 KB 104 KB mDNSResponder
5 KB 7 KB apsd
7 KB 2 KB cloudd
756 B 354 B netbiosd
Top Processes by Energy Use:ⓘ
5.30 WindowServer
0.04 SystemUIServer
0.04 com.apple.WebKit.Networking
0.02 CommCenter
Virtual Memory Information:ⓘ
4.56 GB Available RAM
1.94 GB Free RAM
3.44 GB Used RAM
2.62 GB Cached files
0 B Swap Used
Software installs (last 30 days):ⓘ
Adobe Flash Player: (installed 2018-01-09)
Brother Software: (installed 2018-01-09)
Brother Software: (installed 2018-01-09)
Brother Software: (installed 2018-01-09)
Brother Software: (installed 2018-01-10)
Brother Software: (installed 2018-01-10)
Brother Software: (installed 2018-01-10)
Install information may not be complete.
End of report.
Brilliant! Domenic23, I now appear to have a clean Safari again and had a very educational lesson in dealing with such an insidious intruder. I have also had a very bitter lesson in checking download sites to see exactly what i am getting when pressing the 'download' button.
Many many thanks. Full marks
removal of malware
