Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: e.tre456_worm_osx Safari IOS high Sierra

I have update my Mac book pro to Mac os High Sierra on December and I received a message that I have received the following Trojan Virus: e.tre456_worm_osx on my computer. I have I have tried everything they mention on this forum and nothing fix it.

I even installed Firefox and also do it.

Can somebody help me?


Thanks,

Haroldo

MacBook Pro, macOS High Sierra (10.13.3)

Posted on

Reply
Question marked as Solved
Answer:
Answer:

Hello Haroldo,

The virus warning you received was just a fake web site. The only way to avoid such things is avoid the web site where you encountered it.


However, your EtreCheck report shows some adware that you could remove. Run a new EtreCheck report, click on the "Security" button, go to the "Unsigned Files" section, and then click "Remove" next to every item listed in boldface. The only one that is legitimate is the "com.adobe.versioncueCS3.plist" file. Keep that one. Remove the rest.

Posted on

Page content loaded

Mar 13, 2018 9:15 AM in response to haroldo291 In response to haroldo291

I suggest you use the program created by Etresoft, a frequent contributor. It will provide a snapshot of your system which we can analyze to possibly determine the cause of your problem. Please use copy and paste as screen shots can be hard to read. On the screen with Options, please open Options and check the bottom 2 boxes before running. Click “Share Report” button in the toolbar, select “Copy to Clipboard” and then paste into a reply. This will show what is running on your computer. No personal information is shown.


Etrecheck – System Information

Mar 13, 2018 9:15 AM

Reply Helpful

Mar 13, 2018 1:33 PM in response to Allan Eckert In response to Allan Eckert

EtreCheck version: 4.1.3 (4A188)

Report generated: 2018-03-13 15:22:46

Download EtreCheck from https://etrecheck.com

Runtime: 5:58

Performance: Below Average


Problem: No problem - just checking


Major Issues:

Anything that appears on this list needs immediate attention.


Corrupt filesystem - This machine shut down due to a corrupt filesystem.

Heavy CPU usage - Some processes are using an unusually high amount of CPU.


Minor Issues:

These issues do not need immediate attention but they may indicate future problems.


Time Machine auto backup disabled - Time Machine auto backups are disabled.

Kernel extensions blocked - There are blocked kernel extensions awaiting user approval.

Small backup drive - Time Machine backup drive is too small.

Unsigned files - There is unsigned software installed. They appear to be legitimate but should be reviewed.

Low performance - EtreCheck report took over 5 minutes to run. This is unusual.

Vintage hardware - This machine may be considered vintage.

32-bit Apps - This machine has 32-bits apps that may have problems in the future.


Hardware Information:

MacBook Pro (15-inch, Mid 2010) - Vintage!

MacBook Pro Model: MacBookPro6,2

1 2.4 GHz Intel Core i5 (i5) CPU: 2-core

8 GB RAM At maximum

BANK 0/DIMM0

4 GB DDR3 1067 ok

BANK 1/DIMM0

4 GB DDR3 1067 ok

Battery: Health = Normal - Cycle count = 230


Video Information:

Intel HD Graphics - VRAM: 288 MB

NVIDIA GeForce GT 330M - VRAM: 256 MB

Color LCD 1440 x 900


Drives:

disk0 - Crucial_CT2050MX300SSD1 2.05 TB (Solid State - TRIM: No)

Internal SATA 3 Gigabit Serial ATA

disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB

disk0s2 - M***********M (Journaled HFS+) 2.05 TB

disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB


Mounted Volumes:

disk0s2 - M***********M 2.05 TB (1.59 TB free)

Journaled HFS+

Mount point: /


Network:

Interface usbserial-A50619M0: FT232R USB UART

Interface usbserial-A5061CSM: FT232R USB UART 2

Interface usbserial-A5061CTE: FT232R USB UART 3

Interface en0: Ethernet

Interface fw0: FireWire

Interface en1: Wi-Fi

802.11 a/b/g

One IPv4 address

Interface en3: iPhone

Interface en2: Bluetooth PAN


System Software:

macOS High Sierra 10.13.3 (17D102)

Time since boot: About 11 days

System Load: 3.77 (1 min ago) 2.80 (5 min ago) 2.70 (15 min ago)


Security:

System Status
Gatekeeper Mac App Store and identified developers
System Integrity Protection Enabled


Unsigned Files:

Launchd: /Library/LaunchDaemons/com.adobe.versioncueCS3.plist

Executable: /Library/Application Support/Adobe/Adobe Version Cue CS3/Server/bin/VersionCueCS3d

Details: Exact match found in the whitelist - probably OK

Launchd: ~/Library/LaunchAgents/com.caser.plist

Executable: ~/Library/UpdateMac/caser/caser

Launchd: ~/Library/LaunchAgents/com.whorishness.vc.plist

Executable: ~/Library/whorishness.vc/whorishness.vc.app/Contents/MacOS/whorishness.vc

Details: Domain name invalid - possibly adware

Launchd: /Library/LaunchAgents/com.prompter.rj.plist

Executable: /Library/prompter.rj/prompter.rj.app/Contents/MacOS/prompter.rj

Launchd: ~/Library/LaunchAgents/com.syntactic.plist

Executable: ~/Library/unleaf/DTATZVqW/zEWvKefr/wwQPjOsa/rJFVPPEz/syntactic


32-bit Applications:

Name Version
Adobe InDesign CS3 5.0.0.475
ExtendScript Toolkit 2 2.0.0 . 58
DVD Player 5.8
VersionCueCS3 3.0
InkServer 10.9
Adobe Stock Photos CS3 Adobe Stock Photos 1.5.0.466
Adobe Updater Adobe Updater 5.1.0.1082
Bridge CS3 2.0.0.975
Pages 4.0.3
Dreamweaver 9.0.0.3489
VersionCueCS3Status 1.0.0
Adobe Acrobat Professional 8.0.0
Acrobat Distiller 8.0.0
Install Flash Player 9 UB 3.0
Adobe Illustrator CS3 13.0.1
Extension Manager 1.8.169
quicklookd32 5.0
Acrobat Uninstaller Acrobat Uninstaller version 8.0.0
Adobe Flash CS3 9.0.0.494
Numbers 2.0.3
Adobe Help Viewer 1 1.1
Device Central 1.0.0
Setup 1.0.135.0
Adobe Flash CS3 Video Encoder Flash Video Encoder 2.0.0.494
AssetServicesCS3 3.0
Flash Player 9.0.45.0
Adobe Photoshop CS3 10.0 (10.0x20070504 [20070504.r.1539 2007/05/04:02:00:00 cutoff; r branch])


Kernel Extensions:

/Applications/Parallels Desktop.app

[Loaded] prl_hypervisor.kext (Parallels, Inc., 11.2.3 32663 - SDK 10.9)

[Loaded] prl_netbridge.kext (Parallels, Inc., 11.2.3 32663 - SDK 10.9)

[Loaded] prl_usb_connect.kext (Parallels, Inc., 11.2.3 32663 - SDK 10.9)

[Loaded] prl_vnic.kext (Parallels, Inc., 11.2.3 32663 - SDK 10.9)

/Library/Extensions

[Blocked] usbserial.kext (Jiangsu Qinheng Co., Ltd., 1.1.1 - SDK 10.9)


System Launch Agents:

[Not Loaded] 7 Apple tasks
[Loaded] 151 Apple tasks
[Running] 132 Apple tasks


System Launch Daemons:

[Not Loaded] 37 Apple tasks
[Loaded] 169 Apple tasks
[Running] 125 Apple tasks
[Other] One Apple task


Launch Agents:

[Loaded] com.prompter.rj.plist (? a291a708 - installed 2018-01-16)


Launch Daemons:

[Loaded] com.apple.installer.osmessagetracing.plist (Apple, Inc. - installed 2018-02-16)
[Loaded] com.adobe.versioncueCS3.plist (? 7eacc771 - installed 2018-01-16)


User Launch Agents:

[Loaded] com.caser.plist (? 0 - installed 2018-01-18)
[Loaded] com.whorishness.vc.plist (? 0 - installed 2017-09-28)
[Loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2018-02-04)
[Loaded] com.syntactic.plist (? 0 - installed 2017-04-09)
[Loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2017-08-10)


User Login Items:

A360 Desktop Application

(/Applications/Autodesk/A360 Desktop.app)

AdobeResourceSynchronizer Application

(/Applications/Adobe Acrobat 8 Professional/Adobe Acrobat Professional.app/Contents/Support/AdobeResourceSynchronizer.app)

iTunesHelper Application (Apple, Inc. - installed 2018-01-25)

(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

Dropbox Application (Dropbox, Inc.

(/Applications/Dropbox.app)

com.adobe.versioncueCS3.monitor.plist MachInit

(/etc/mach_init_per_user.d/com.adobe.versioncueCS3.monitor.plist)


Internet Plug-ins:

Flash Player: 9.0.45.0 (installed 2018-01-16)

AdobePDFViewer: 8.0.0 (installed 2018-01-16)

QuickTime Plugin: 7.7.3 (installed 2018-02-01)


Safari Extensions:

OpenIE.safariextz - Parallels - http://www.parallels.com (installed 2018-01-07)


3rd Party Preference Panes:

Adobe Version Cue CS3 (installed 2018-01-16)


Time Machine:

Skip System Files:

Mobile backups:

Auto backup: No

Volumes being backed up:

M***********M: Disk size: 2.05 TB - Disk used: 460.16 GB

Destinations:

H***********p [Local] (Last used)

Total size: 0 B

Total number of backups: 0

Oldest backup:

Last backup:


Top Processes by CPU:

Process (count) Source % of CPU
AutoCAD 64
com.apple.WebKit.WebContent (6) Apple 54
osascript (6) 47
kernel_task Apple 44
System Events Apple 20


Top Processes by Memory:

Process (count) Source RAM usage
com.apple.WebKit.WebContent (8) Apple 1.11 GB
kernel_task Apple 934 MB
Mail Apple 195 MB
pboard Apple 166 MB
Finder Apple 140 MB


Top Processes by Network Use:

Process Source Input Output
Dropbox Dropbox, Inc. 47 MB 43 MB
Mail Apple 17 MB 3 MB
com.apple.WebKit.Networking Apple 11 MB 415 KB
mDNSResponder Apple 8 MB 3 MB
netbiosd Apple 1 MB 232 KB


Top Processes by Energy Use:

Process (count) Source Energy usage (0-100)
AutoCAD 21
System Events Apple 5
WindowServer Apple 3
loginwindow Apple 2
launchservicesd Apple 2


Virtual Memory Information:

Available RAM 1.63 GB
Free RAM 31 MB
Used RAM 6.37 GB
Cached files 1.60 GB
Swap Used 963 MB


Diagnostics Information (past 7 days):

2018-03-11 13:58:24 com.apple.WebKit.Networking CPU (once)

2018-03-10 22:25:33 Safari.app Crash (once)

*** Unable to insert timer port into port set. (15) ***

2018-03-07 08:44:42 AutoCAD 2017.app CPU (once)

2018-03-02 15:56:21 Last Shutdown Cause: -60 - Corrupt filesystem (once)


End of report

Mar 13, 2018 1:33 PM

Reply Helpful
Question marked as Solved

Apr 3, 2018 7:58 AM in response to haroldo291 In response to haroldo291

Hello Haroldo,

The virus warning you received was just a fake web site. The only way to avoid such things is avoid the web site where you encountered it.


However, your EtreCheck report shows some adware that you could remove. Run a new EtreCheck report, click on the "Security" button, go to the "Unsigned Files" section, and then click "Remove" next to every item listed in boldface. The only one that is legitimate is the "com.adobe.versioncueCS3.plist" file. Keep that one. Remove the rest.

Apr 3, 2018 7:58 AM

Reply Helpful (1)
User profile for user: haroldo291

Question: e.tre456_worm_osx Safari IOS high Sierra