Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: e.tre456_worm_osx Safari IOS high Sierra

I have update my Mac book pro to Mac os High Sierra on December and I received a message that I have received the following Trojan Virus: e.tre456_worm_osx on my computer. I have I have tried everything they mention on this forum and nothing fix it.

I even installed Firefox and also do it.

Can somebody help me?


Thanks,

Haroldo

MacBook Pro, macOS High Sierra (10.13.3)

Posted on

Reply
Question marked as Solved
Answer:
Answer:

Hello Haroldo,

The virus warning you received was just a fake web site. The only way to avoid such things is avoid the web site where you encountered it.


However, your EtreCheck report shows some adware that you could remove. Run a new EtreCheck report, click on the "Security" button, go to the "Unsigned Files" section, and then click "Remove" next to every item listed in boldface. The only one that is legitimate is the "com.adobe.versioncueCS3.plist" file. Keep that one. Remove the rest.

Posted on

Mar 13, 2018 9:15 AM in response to haroldo291 In response to haroldo291

I suggest you use the program created by Etresoft, a frequent contributor. It will provide a snapshot of your system which we can analyze to possibly determine the cause of your problem. Please use copy and paste as screen shots can be hard to read. On the screen with Options, please open Options and check the bottom 2 boxes before running. Click “Share Report” button in the toolbar, select “Copy to Clipboard” and then paste into a reply. This will show what is running on your computer. No personal information is shown.


Etrecheck – System Information

Mar 13, 2018 9:15 AM

Reply Helpful

Mar 13, 2018 1:33 PM in response to Allan Eckert In response to Allan Eckert

EtreCheck version: 4.1.3 (4A188)

Report generated: 2018-03-13 15:22:46

Download EtreCheck from https://etrecheck.com

Runtime: 5:58

Performance: Below Average


Problem: No problem - just checking


Major Issues:

Anything that appears on this list needs immediate attention.


Corrupt filesystem - This machine shut down due to a corrupt filesystem.

Heavy CPU usage - Some processes are using an unusually high amount of CPU.


Minor Issues:

These issues do not need immediate attention but they may indicate future problems.


Time Machine auto backup disabled - Time Machine auto backups are disabled.

Kernel extensions blocked - There are blocked kernel extensions awaiting user approval.

Small backup drive - Time Machine backup drive is too small.

Unsigned files - There is unsigned software installed. They appear to be legitimate but should be reviewed.

Low performance - EtreCheck report took over 5 minutes to run. This is unusual.

Vintage hardware - This machine may be considered vintage.

32-bit Apps - This machine has 32-bits apps that may have problems in the future.


Hardware Information:

MacBook Pro (15-inch, Mid 2010) - Vintage!

MacBook Pro Model: MacBookPro6,2

1 2.4 GHz Intel Core i5 (i5) CPU: 2-core

8 GB RAM At maximum

BANK 0/DIMM0

4 GB DDR3 1067 ok

BANK 1/DIMM0

4 GB DDR3 1067 ok

Battery: Health = Normal - Cycle count = 230


Video Information:

Intel HD Graphics - VRAM: 288 MB

NVIDIA GeForce GT 330M - VRAM: 256 MB

Color LCD 1440 x 900


Drives:

disk0 - Crucial_CT2050MX300SSD1 2.05 TB (Solid State - TRIM: No)

Internal SATA 3 Gigabit Serial ATA

disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB

disk0s2 - M***********M (Journaled HFS+) 2.05 TB

disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB


Mounted Volumes:

disk0s2 - M***********M 2.05 TB (1.59 TB free)

Journaled HFS+

Mount point: /


Network:

Interface usbserial-A50619M0: FT232R USB UART

Interface usbserial-A5061CSM: FT232R USB UART 2

Interface usbserial-A5061CTE: FT232R USB UART 3

Interface en0: Ethernet

Interface fw0: FireWire

Interface en1: Wi-Fi

802.11 a/b/g

One IPv4 address

Interface en3: iPhone

Interface en2: Bluetooth PAN


System Software:

macOS High Sierra 10.13.3 (17D102)

Time since boot: About 11 days

System Load: 3.77 (1 min ago) 2.80 (5 min ago) 2.70 (15 min ago)


Security:

SystemStatus
GatekeeperMac App Store and identified developers
System Integrity ProtectionEnabled


Unsigned Files:

Launchd: /Library/LaunchDaemons/com.adobe.versioncueCS3.plist

Executable: /Library/Application Support/Adobe/Adobe Version Cue CS3/Server/bin/VersionCueCS3d

Details: Exact match found in the whitelist - probably OK

Launchd: ~/Library/LaunchAgents/com.caser.plist

Executable: ~/Library/UpdateMac/caser/caser

Launchd: ~/Library/LaunchAgents/com.whorishness.vc.plist

Executable: ~/Library/whorishness.vc/whorishness.vc.app/Contents/MacOS/whorishness.vc

Details: Domain name invalid - possibly adware

Launchd: /Library/LaunchAgents/com.prompter.rj.plist

Executable: /Library/prompter.rj/prompter.rj.app/Contents/MacOS/prompter.rj

Launchd: ~/Library/LaunchAgents/com.syntactic.plist

Executable: ~/Library/unleaf/DTATZVqW/zEWvKefr/wwQPjOsa/rJFVPPEz/syntactic


32-bit Applications:

NameVersion
Adobe InDesign CS35.0.0.475
ExtendScript Toolkit 22.0.0 . 58
DVD Player5.8
VersionCueCS33.0
InkServer10.9
Adobe Stock Photos CS3Adobe Stock Photos 1.5.0.466
Adobe UpdaterAdobe Updater 5.1.0.1082
Bridge CS32.0.0.975
Pages4.0.3
Dreamweaver9.0.0.3489
VersionCueCS3Status1.0.0
Adobe Acrobat Professional8.0.0
Acrobat Distiller8.0.0
Install Flash Player 9 UB3.0
Adobe Illustrator CS313.0.1
Extension Manager1.8.169
quicklookd325.0
Acrobat UninstallerAcrobat Uninstaller version 8.0.0
Adobe Flash CS39.0.0.494
Numbers2.0.3
Adobe Help Viewer 11.1
Device Central1.0.0
Setup1.0.135.0
Adobe Flash CS3 Video EncoderFlash Video Encoder 2.0.0.494
AssetServicesCS33.0
Flash Player9.0.45.0
Adobe Photoshop CS310.0 (10.0x20070504 [20070504.r.1539 2007/05/04:02:00:00 cutoff; r branch])


Kernel Extensions:

/Applications/Parallels Desktop.app

[Loaded] prl_hypervisor.kext (Parallels, Inc., 11.2.3 32663 - SDK 10.9)

[Loaded] prl_netbridge.kext (Parallels, Inc., 11.2.3 32663 - SDK 10.9)

[Loaded] prl_usb_connect.kext (Parallels, Inc., 11.2.3 32663 - SDK 10.9)

[Loaded] prl_vnic.kext (Parallels, Inc., 11.2.3 32663 - SDK 10.9)

/Library/Extensions

[Blocked] usbserial.kext (Jiangsu Qinheng Co., Ltd., 1.1.1 - SDK 10.9)


System Launch Agents:

[Not Loaded] 7 Apple tasks
[Loaded] 151 Apple tasks
[Running] 132 Apple tasks


System Launch Daemons:

[Not Loaded] 37 Apple tasks
[Loaded] 169 Apple tasks
[Running] 125 Apple tasks
[Other] One Apple task


Launch Agents:

[Loaded] com.prompter.rj.plist (? a291a708 - installed 2018-01-16)


Launch Daemons:

[Loaded] com.apple.installer.osmessagetracing.plist (Apple, Inc. - installed 2018-02-16)
[Loaded] com.adobe.versioncueCS3.plist (? 7eacc771 - installed 2018-01-16)


User Launch Agents:

[Loaded] com.caser.plist (? 0 - installed 2018-01-18)
[Loaded] com.whorishness.vc.plist (? 0 - installed 2017-09-28)
[Loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2018-02-04)
[Loaded] com.syntactic.plist (? 0 - installed 2017-04-09)
[Loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2017-08-10)


User Login Items:

A360 Desktop Application

(/Applications/Autodesk/A360 Desktop.app)

AdobeResourceSynchronizer Application

(/Applications/Adobe Acrobat 8 Professional/Adobe Acrobat Professional.app/Contents/Support/AdobeResourceSynchronizer.app)

iTunesHelper Application (Apple, Inc. - installed 2018-01-25)

(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

Dropbox Application (Dropbox, Inc.

(/Applications/Dropbox.app)

com.adobe.versioncueCS3.monitor.plist MachInit

(/etc/mach_init_per_user.d/com.adobe.versioncueCS3.monitor.plist)


Internet Plug-ins:

Flash Player: 9.0.45.0 (installed 2018-01-16)

AdobePDFViewer: 8.0.0 (installed 2018-01-16)

QuickTime Plugin: 7.7.3 (installed 2018-02-01)


Safari Extensions:

OpenIE.safariextz - Parallels - http://www.parallels.com (installed 2018-01-07)


3rd Party Preference Panes:

Adobe Version Cue CS3 (installed 2018-01-16)


Time Machine:

Skip System Files:

Mobile backups:

Auto backup: No

Volumes being backed up:

M***********M: Disk size: 2.05 TB - Disk used: 460.16 GB

Destinations:

H***********p [Local] (Last used)

Total size: 0 B

Total number of backups: 0

Oldest backup:

Last backup:


Top Processes by CPU:

Process (count)Source% of CPU
AutoCAD64
com.apple.WebKit.WebContent (6)Apple54
osascript (6)47
kernel_taskApple44
System EventsApple20


Top Processes by Memory:

Process (count)SourceRAM usage
com.apple.WebKit.WebContent (8)Apple1.11 GB
kernel_taskApple934 MB
MailApple195 MB
pboardApple166 MB
FinderApple140 MB


Top Processes by Network Use:

ProcessSourceInputOutput
DropboxDropbox, Inc.47 MB43 MB
MailApple17 MB3 MB
com.apple.WebKit.NetworkingApple11 MB415 KB
mDNSResponderApple8 MB3 MB
netbiosdApple1 MB232 KB


Top Processes by Energy Use:

Process (count)SourceEnergy usage (0-100)
AutoCAD21
System EventsApple5
WindowServerApple3
loginwindowApple2
launchservicesdApple2


Virtual Memory Information:

Available RAM1.63 GB
Free RAM31 MB
Used RAM6.37 GB
Cached files1.60 GB
Swap Used963 MB


Diagnostics Information (past 7 days):

2018-03-11 13:58:24 com.apple.WebKit.Networking CPU (once)

2018-03-10 22:25:33 Safari.app Crash (once)

*** Unable to insert timer port into port set. (15) ***

2018-03-07 08:44:42 AutoCAD 2017.app CPU (once)

2018-03-02 15:56:21 Last Shutdown Cause: -60 - Corrupt filesystem (once)


End of report

Mar 13, 2018 1:33 PM

Reply Helpful
Question marked as Solved

Apr 3, 2018 7:58 AM in response to haroldo291 In response to haroldo291

Hello Haroldo,

The virus warning you received was just a fake web site. The only way to avoid such things is avoid the web site where you encountered it.


However, your EtreCheck report shows some adware that you could remove. Run a new EtreCheck report, click on the "Security" button, go to the "Unsigned Files" section, and then click "Remove" next to every item listed in boldface. The only one that is legitimate is the "com.adobe.versioncueCS3.plist" file. Keep that one. Remove the rest.

Apr 3, 2018 7:58 AM

Reply Helpful (1)
User profile for user: haroldo291

Question: e.tre456_worm_osx Safari IOS high Sierra