I have update my Mac book pro to Mac os High Sierra on December and I received a message that I have received the following Trojan Virus: e.tre456_worm_osx on my computer. I have I have tried everything they mention on this forum and nothing fix it.
I even installed Firefox and also do it.
Can somebody help me?
Thanks,
Haroldo
MacBook Pro, macOS High Sierra (10.13.3)
Hello Haroldo,
The virus warning you received was just a fake web site. The only way to avoid such things is avoid the web site where you encountered it.
However, your EtreCheck report shows some adware that you could remove. Run a new EtreCheck report, click on the "Security" button, go to the "Unsigned Files" section, and then click "Remove" next to every item listed in boldface. The only one that is legitimate is the "com.adobe.versioncueCS3.plist" file. Keep that one. Remove the rest.
Hello Haroldo,
The virus warning you received was just a fake web site. The only way to avoid such things is avoid the web site where you encountered it.
However, your EtreCheck report shows some adware that you could remove. Run a new EtreCheck report, click on the "Security" button, go to the "Unsigned Files" section, and then click "Remove" next to every item listed in boldface. The only one that is legitimate is the "com.adobe.versioncueCS3.plist" file. Keep that one. Remove the rest.
I suggest you use the program created by Etresoft, a frequent contributor. It will provide a snapshot of your system which we can analyze to possibly determine the cause of your problem. Please use copy and paste as screen shots can be hard to read. On the screen with Options, please open Options and check the bottom 2 boxes before running. Click “Share Report” button in the toolbar, select “Copy to Clipboard” and then paste into a reply. This will show what is running on your computer. No personal information is shown.
EtreCheck version: 4.1.3 (4A188)
Report generated: 2018-03-13 15:22:46
Download EtreCheck from https://etrecheck.com
Runtime: 5:58
Performance: Below Average
Problem: No problem - just checking
Major Issues:
Anything that appears on this list needs immediate attention.
Corrupt filesystem - This machine shut down due to a corrupt filesystem.
Heavy CPU usage - Some processes are using an unusually high amount of CPU.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems.
Time Machine auto backup disabled - Time Machine auto backups are disabled.
Kernel extensions blocked - There are blocked kernel extensions awaiting user approval.
Small backup drive - Time Machine backup drive is too small.
Unsigned files - There is unsigned software installed. They appear to be legitimate but should be reviewed.
Low performance - EtreCheck report took over 5 minutes to run. This is unusual.
Vintage hardware - This machine may be considered vintage.
32-bit Apps - This machine has 32-bits apps that may have problems in the future.
Hardware Information:
MacBook Pro (15-inch, Mid 2010) - Vintage!
MacBook Pro Model: MacBookPro6,2
1 2.4 GHz Intel Core i5 (i5) CPU: 2-core
8 GB RAM At maximum
BANK 0/DIMM0
4 GB DDR3 1067 ok
BANK 1/DIMM0
4 GB DDR3 1067 ok
Battery: Health = Normal - Cycle count = 230
Video Information:
Intel HD Graphics - VRAM: 288 MB
NVIDIA GeForce GT 330M - VRAM: 256 MB
Color LCD 1440 x 900
Drives:
disk0 - Crucial_CT2050MX300SSD1 2.05 TB (Solid State - TRIM: No)
Internal SATA 3 Gigabit Serial ATA
disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk0s2 - M***********M (Journaled HFS+) 2.05 TB
disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB
Mounted Volumes:
disk0s2 - M***********M 2.05 TB (1.59 TB free)
Journaled HFS+
Mount point: /
Network:
Interface usbserial-A50619M0: FT232R USB UART
Interface usbserial-A5061CSM: FT232R USB UART 2
Interface usbserial-A5061CTE: FT232R USB UART 3
Interface en0: Ethernet
Interface fw0: FireWire
Interface en1: Wi-Fi
802.11 a/b/g
One IPv4 address
Interface en3: iPhone
Interface en2: Bluetooth PAN
System Software:
macOS High Sierra 10.13.3 (17D102)
Time since boot: About 11 days
System Load: 3.77 (1 min ago) 2.80 (5 min ago) 2.70 (15 min ago)
Security:
| System | Status |
|---|---|
| Gatekeeper | Mac App Store and identified developers |
| System Integrity Protection | Enabled |
Unsigned Files:
Launchd: /Library/LaunchDaemons/com.adobe.versioncueCS3.plist
Executable: /Library/Application Support/Adobe/Adobe Version Cue CS3/Server/bin/VersionCueCS3d
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/com.caser.plist
Executable: ~/Library/UpdateMac/caser/caser
Launchd: ~/Library/LaunchAgents/com.whorishness.vc.plist
Executable: ~/Library/whorishness.vc/whorishness.vc.app/Contents/MacOS/whorishness.vc
Details: Domain name invalid - possibly adware
Launchd: /Library/LaunchAgents/com.prompter.rj.plist
Executable: /Library/prompter.rj/prompter.rj.app/Contents/MacOS/prompter.rj
Launchd: ~/Library/LaunchAgents/com.syntactic.plist
Executable: ~/Library/unleaf/DTATZVqW/zEWvKefr/wwQPjOsa/rJFVPPEz/syntactic
32-bit Applications:
| Name | Version |
| Adobe InDesign CS3 | 5.0.0.475 |
| ExtendScript Toolkit 2 | 2.0.0 . 58 |
| DVD Player | 5.8 |
| VersionCueCS3 | 3.0 |
| InkServer | 10.9 |
| Adobe Stock Photos CS3 | Adobe Stock Photos 1.5.0.466 |
| Adobe Updater | Adobe Updater 5.1.0.1082 |
| Bridge CS3 | 2.0.0.975 |
| Pages | 4.0.3 |
| Dreamweaver | 9.0.0.3489 |
| VersionCueCS3Status | 1.0.0 |
| Adobe Acrobat Professional | 8.0.0 |
| Acrobat Distiller | 8.0.0 |
| Install Flash Player 9 UB | 3.0 |
| Adobe Illustrator CS3 | 13.0.1 |
| Extension Manager | 1.8.169 |
| quicklookd32 | 5.0 |
| Acrobat Uninstaller | Acrobat Uninstaller version 8.0.0 |
| Adobe Flash CS3 | 9.0.0.494 |
| Numbers | 2.0.3 |
| Adobe Help Viewer 1 | 1.1 |
| Device Central | 1.0.0 |
| Setup | 1.0.135.0 |
| Adobe Flash CS3 Video Encoder | Flash Video Encoder 2.0.0.494 |
| AssetServicesCS3 | 3.0 |
| Flash Player | 9.0.45.0 |
| Adobe Photoshop CS3 | 10.0 (10.0x20070504 [20070504.r.1539 2007/05/04:02:00:00 cutoff; r branch]) |
Kernel Extensions:
/Applications/Parallels Desktop.app
[Loaded] prl_hypervisor.kext (Parallels, Inc., 11.2.3 32663 - SDK 10.9)
[Loaded] prl_netbridge.kext (Parallels, Inc., 11.2.3 32663 - SDK 10.9)
[Loaded] prl_usb_connect.kext (Parallels, Inc., 11.2.3 32663 - SDK 10.9)
[Loaded] prl_vnic.kext (Parallels, Inc., 11.2.3 32663 - SDK 10.9)
/Library/Extensions
[Blocked] usbserial.kext (Jiangsu Qinheng Co., Ltd., 1.1.1 - SDK 10.9)
System Launch Agents:
| [Not Loaded] | 7 Apple tasks |
| [Loaded] | 151 Apple tasks |
| [Running] | 132 Apple tasks |
System Launch Daemons:
| [Not Loaded] | 37 Apple tasks |
| [Loaded] | 169 Apple tasks |
| [Running] | 125 Apple tasks |
| [Other] | One Apple task |
Launch Agents:
| [Loaded] | com.prompter.rj.plist (? a291a708 - installed 2018-01-16) |
Launch Daemons:
| [Loaded] | com.apple.installer.osmessagetracing.plist (Apple, Inc. - installed 2018-02-16) |
| [Loaded] | com.adobe.versioncueCS3.plist (? 7eacc771 - installed 2018-01-16) |
User Launch Agents:
| [Loaded] | com.caser.plist (? 0 - installed 2018-01-18) |
| [Loaded] | com.whorishness.vc.plist (? 0 - installed 2017-09-28) |
| [Loaded] | com.google.keystone.agent.plist (Google, Inc. - installed 2018-02-04) |
| [Loaded] | com.syntactic.plist (? 0 - installed 2017-04-09) |
| [Loaded] | com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2017-08-10) |
User Login Items:
A360 Desktop Application
(/Applications/Autodesk/A360 Desktop.app)
AdobeResourceSynchronizer Application
(/Applications/Adobe Acrobat 8 Professional/Adobe Acrobat Professional.app/Contents/Support/AdobeResourceSynchronizer.app)
iTunesHelper Application (Apple, Inc. - installed 2018-01-25)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Dropbox Application (Dropbox, Inc.
(/Applications/Dropbox.app)
com.adobe.versioncueCS3.monitor.plist MachInit
(/etc/mach_init_per_user.d/com.adobe.versioncueCS3.monitor.plist)
Internet Plug-ins:
Flash Player: 9.0.45.0 (installed 2018-01-16)
AdobePDFViewer: 8.0.0 (installed 2018-01-16)
QuickTime Plugin: 7.7.3 (installed 2018-02-01)
Safari Extensions:
| OpenIE.safariextz - Parallels - http://www.parallels.com (installed 2018-01-07) |
3rd Party Preference Panes:
Adobe Version Cue CS3 (installed 2018-01-16)
Time Machine:
Skip System Files:
Mobile backups:
Auto backup: No
Volumes being backed up:
M***********M: Disk size: 2.05 TB - Disk used: 460.16 GB
Destinations:
H***********p [Local] (Last used)
Total size: 0 B
Total number of backups: 0
Oldest backup:
Last backup:
Top Processes by CPU:
| Process (count) | Source | % of CPU |
| AutoCAD | 64 | |
| com.apple.WebKit.WebContent (6) | Apple | 54 |
| osascript (6) | 47 | |
| kernel_task | Apple | 44 |
| System Events | Apple | 20 |
Top Processes by Memory:
| Process (count) | Source | RAM usage |
| com.apple.WebKit.WebContent (8) | Apple | 1.11 GB |
| kernel_task | Apple | 934 MB |
| Apple | 195 MB | |
| pboard | Apple | 166 MB |
| Finder | Apple | 140 MB |
Top Processes by Network Use:
| Process | Source | Input | Output |
| Dropbox | Dropbox, Inc. | 47 MB | 43 MB |
| Apple | 17 MB | 3 MB | |
| com.apple.WebKit.Networking | Apple | 11 MB | 415 KB |
| mDNSResponder | Apple | 8 MB | 3 MB |
| netbiosd | Apple | 1 MB | 232 KB |
Top Processes by Energy Use:
| Process (count) | Source | Energy usage (0-100) |
| AutoCAD | 21 | |
| System Events | Apple | 5 |
| WindowServer | Apple | 3 |
| loginwindow | Apple | 2 |
| launchservicesd | Apple | 2 |
Virtual Memory Information:
| Available RAM | 1.63 GB |
| Free RAM | 31 MB |
| Used RAM | 6.37 GB |
| Cached files | 1.60 GB |
| Swap Used | 963 MB |
Diagnostics Information (past 7 days):
2018-03-11 13:58:24 com.apple.WebKit.Networking CPU (once)
2018-03-10 22:25:33 Safari.app Crash (once)
*** Unable to insert timer port into port set. (15) *** |
2018-03-07 08:44:42 AutoCAD 2017.app CPU (once)
2018-03-02 15:56:21 Last Shutdown Cause: -60 - Corrupt filesystem (once)
End of report
go here and clear history
quit out of safari and relaunch it while holding down the SHIFT key.
For futher analysis you may post an Etrecheck report. The link is http://www.etrecheck.com
What program reported this?
Safari and Google Chrone, a window open with the page of mackeeper. I always close it and now sometimes I get the e.tre456_worm_osx message
Hi, thanks, I followed up your advice but the problem is still.
A tap window open with the mackeeper page and some times opens with worm message.
I removed all the "unsigned Files" less the CS3 and problem solved.
Thank you, very helpful.
e.tre456_worm_osx Safari IOS high Sierra
