How do I remove adware from my 2017 MacBook Pro?

Just wanted to update you that I found a way to remove the adware from my computer. Since Malwarebytes did not detect a problem, yet a problem clearly existed, I posted in the Malwarebytes forum and asked for help. Someone named Alvarnell suggested I look in Systems Preferences to see if there was a "Profiles" pane located there. Sure enough, there was--and it had two unsigned files--one for Chrome and one for Safari. They had been placed there at the time that the adware had invaded my computer. I deleted both files and the problem was solved. YAY!

Thank you for the tips. I will uninstall AV software. And I will follow your suggestion for the etrecheck if I ever do it again. I appreciate your taking the time to help me! EveEllen

Thank you for your reply, babowa. I have run Malwarebytes and the first time it detected two files and put them in quarantine. I deleted (cleared) them. Subsequently, I have run Malwarebytes three more times and it detects nothing.

I did use the option "clean up" an etrecheck and I still have the problem. Here is my entire etrecheck report:

EtreCheck version: 4.3.2 (4D034)

Report generated: 2018-06-23 14:53:22

Download EtreCheck from https://etrecheck.com

Runtime: 3:33

Performance: Good

Problem: Other problem

Description:

Malware hijacked my Safari and Chrome Browsers. Made itself default browser and I cannot remove Major Issues:

Anything that appears on this list needs immediate attention.

Time Machine backup out-of-date - The last Time Machine backup is over 10 days old.

Adware - Adware detected.

Minor Issues:

These issues do not need immediate attention but they may indicate future problems.

Configuration profiles present - This machine has configuration profiles. These are sometimes and malware.

Clean up - There are orphan files that could be removed.

Unsigned files - There is unsigned software installed. They appear to be legitimate but should be System modifications - There are a large number of system modifications running in the background.

Encrypting - A drive is currently encrypting. The computer may run more slowly than normal until finishes.

32-bit Apps - This machine has 32-bits apps that may have problems in the future.

Hardware Information:

MacBook Pro (15-inch, 2017)

MacBook Pro Model: MacBookPro14,3

1 2.9 GHz Intel Core i7 (i7-7820HQ) CPU: 4-core

16 GB RAM - Not upgradeable

BANK 0/DIMM0 - 8 GB LPDDR3 2133 ok

BANK 1/DIMM0 - 8 GB LPDDR3 2133 ok

Battery: Health = Normal - Cycle count = 3

Video Information:

Intel HD Graphics 630 - VRAM: 1536 MB

Color LCD

Radeon Pro 560 - VRAM: 4096 MB

Drives:

disk0 - APPLE SSD SM0512L 500.28 GB (Solid State - TRIM: Yes)

Internal PCI-Express 8.0 GT/s x4 NVM Express

disk0s1 - EFI [EFI] 315 MB

disk0s2 499.96 GB

disk1s1 - Macintosh HD (APFS) 499.96 GB (102.67 GB used)

disk1s2 - Preboot (APFS) [APFS Preboot] 499.96 GB (22 MB used)

disk1s3 - Recovery (APFS) [Recovery] 499.96 GB (518 MB used)

disk1s4 - VM (APFS) [APFS VM] 499.96 GB (1.07 GB used)

Mounted Volumes:

disk1s1 - Macintosh HD 499.96 GB (395.52 GB free)

APFS

Mount point: /

Encrypting: 17% done

disk1s4 - VM [APFS VM] 499.96 GB (395.52 GB free)

APFS

Mount point: /private/var/vm

Network:

Interface ZTEUSBDIAGPort_: ZTEUSBDIAGPort

Interface ZTEUSBATPort_: ZTEUSBATPort

Interface ZTEUSBModem_: ZTEUSBModem

Interface Bluetooth-Modem: Bluetooth DUN

Interface en0: AirPort

802.11 a/b/g/n/ac

One IPv4 address

Interface en5: Bluetooth PAN 2

Interface bridge0: Thunderbolt Bridge

iCloud Quota: 1.96 GB available

System Software:

macOS High Sierra 10.13.5 (17F77)

Time since boot: Less than an hour

System Load: 1.32 (1 min ago) 1.35 (5 min ago) 1.27 (15 min ago)

Configuration Profiles:

1. com.google.Chrome - NewTabPageLocation
2. com.google.Chrome - DefaultSearchProviderSearchURL
3. com.google.Chrome - HomepageIsNewTabPage
4. com.google.Chrome - HomepageLocation
5. com.google.Chrome - DefaultSearchProviderEnabled

Security:

System Status

Gatekeeper Mac App Store and identified developers

System Integrity Protection Enabled

Adware:

Launchd: ~/Library/LaunchAgents/com.MyMacUpdater.agent.plist

Reason: Adware name match

Executable: /Users/***/Applications/MyMacUpdater/MyMacUpdater -guid QzAyV1EyUDRIVEQ2Cg http:/request.macmymacupdater.com/macCheckForUpdates -brand MyMacUpdater -current_version Unsigned Files:

Launchd: /Library/LaunchDaemons/com.avira.antivirus.dbcleaner.plist

Executable: /Applications/Avira.app/Contents/MacOS/dbcleaner

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.citrix.ReceiverHelper.plist

Executable: /usr/local/libexec/ReceiverHelper.app/Contents/MacOS/ReceiverHelper

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.citrix.ctxusbd.plist

Executable: /Library/Application Support/Citrix Receiver/ctxusbd

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.avira.antivirus.update.default.plist

Executable: /Applications/Avira.app/Contents/MacOS/AV_Scheduler -j update

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/de.novamedia.VodafoneDeviceObserver.plist

Executable: /Library/Application Support/Vodafone/NML2NDeviceObserver.app/Contents/MacOS/

NML2NDeviceObserver de.novamedia.Vodafone Mobile Broadband None -AllowedDeviceRules /Library/Support/Vodafone/Filters

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.avira.antivirus.odscan.default.plist

Executable: /Applications/Avira.app/Contents/MacOS/AV_Scheduler -j scan -d /Applications/Avira.Resources/av_scheduler_plugin/scanjobfiles/com.avira.antivi rus.odscan.ini -l 1529790103

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.avira.antivirus.telemetry.agent.plist

Executable: /Applications/Avira.app/Contents/MacOS/AV_Scheduler --showTelemetry

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.wdc.WDPrivilegedHelper.plist

Executable: /Library/PrivilegedHelperTools/com.wdc.WDPrivilegedHelper

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.avira.antivirus.general.agent.plist

Executable: /Applications/Avira.app/Contents/MacOS/AV_Scheduler --taskFromDaemon

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.avira.antivirus.scheduler.agent.plist

Executable: /Applications/Avira.app/Contents/MacOS/AV_Scheduler --callbackFromGuard

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.avira.antivirus.systray.plist

Executable: /Applications/Avira.app/Contents/MacOS/AV_Systray.app/Contents/MacOS/AV_Systray

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.citrix.ServiceRecords.plist

Executable: /usr/local/libexec/ServiceRecords.app/Contents/MacOS/ServiceRecords

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.citrix.AuthManager_Mac.plist

Executable: /usr/local/libexec/AuthManager_Mac.app/Contents/MacOS/AuthManager_Mac

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.avira.helper.watchdox.plist

Executable: /Applications/Avira.app/Contents/MacOS/avwatchdox.bin

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.avira.antivirus.notifications.agent.plist

Executable: /Applications/Avira.app/Contents/MacOS/AV_Scheduler --showNotification

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.avira.helper.avstats.plist

Executable: /Applications/Utilities/Avira-Uninstall.app/Contents/MacOS/AvStats server start

Details: Exact match found in the whitelist - probably OK

32-bit Applications:

47 32-bit apps

Kernel Extensions:

/Library/Application Support/Citrix Receiver

[Not Loaded] CitrixGUSB.kext (Citrix Systems, Inc., 12.4.0 - SDK 10.9)

/Library/Extensions

[Loaded] FileAccessControl.kext (Avira Operations GmbH & Co. KG, 1.2.5 - SDK 10.9)

[Loaded] MB_MBAM_Protection.kext (Malwarebytes Corporation, 3.3 - SDK 10.13)

/System/Library/Extensions

[Not Loaded] LogitechUSBHIDevices.kext (1.0.0)

[Not Loaded] NovatelWirelessUSBCDCECMControl.kext (v3.0.13 (001))

[Not Loaded] NovatelWirelessUSBCDCECMData.kext (v3.0.13 (001))

[Not Loaded] ZTEUSBCDCACMData.kext (ZTEDriver_MacV1.3.4)

[Not Loaded] ZTEUSBMassStorageFilter.kext (ZTEDriver_MacV1.3.4)

[Not Loaded] IceraUSBMassStorageBypass.kext (NM Icera bypass V1.0)

[Not Loaded] NovatelWireless3G.kext (v3.0.13 (001))

[Not Loaded] NovatelWirelessFilter.kext (v3.0.13 (001))

[Not Loaded] Option72.kext (2.15.0)

[Not Loaded] OptionHS.kext (3.26.0)

[Not Loaded] OptionMSD.kext (1.21.0)

[Not Loaded] OptionQC.kext (1.11.0)

[Not Loaded] Vodafone.kext (v3.0.9 (017))

[Not Loaded] cdc_ecm_qmi.kext (1.0.0d1)

[Not Loaded] cdc.kext (1.0.0d1)

[Not Loaded] NMSamsungDriver_106.kext (0.0.2)

[Not Loaded] NMSmartplugSCSIDevice_106.kext (1.0.1)

[Not Loaded] NMHuaweiPhonesVTPCDC_106.kext (0.0.2)

/System/Library/Extensions/NMSamsungDriver_106.kext/Contents/PlugIns

[Not Loaded] NMUSBCDCACMControl_106.kext (3.2.12)

[Not Loaded] NMUSBCDCACMData_106.kext (3.2.12)

/System/Library/Extensions/NovatelWireless3G.kext/Contents/Plugins

[Not Loaded] NovatelWireless3GData.kext (v3.0.13 (001))

/System/Library/Extensions/Vodafone.kext/Contents/Plugins

[Not Loaded] VodafoneData.kext (v3.0.9 (017))

System Launch Agents:

[Not Loaded] 7 Apple tasks

[Loaded] 181 Apple tasks

[Running] 104 Apple tasks

[Other] One Apple task

System Launch Daemons:

[Not Loaded] 37 Apple tasks

[Loaded] 176 Apple tasks

[Running] 121 Apple tasks

Launch Agents:

[Loaded] com.avira.antivirus.gjallarhorn.plist (Avira Operations GmbH & Co. KG - installed 2018-[Running] com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2018-04-27)

[Running] com.avira.antivirus.systray.plist (? 9bf80dc3 - installed 2018-05-29)

[Loaded] com.avira.antivirus.iris.plist (Avira Operations GmbH & Co. KG - installed 2018-06-[Running]

com.wdc.WD-Drive-Agent.plist (Western Digital Corporation Branded Products Group 2017-04-10)

[Not

Loaded]

de.novamedia.VodafoneDeviceObserver.plist (? dd99164d - installed 2010-05-19)

[Not

Loaded]

com.adobe.AAM.Updater-1.0.plist (? ffb65062 - installed 2018-01-24)

[Running] com.avira.helper.avstats.plist (? cf66ea88 - installed 2018-05-29)

[Loaded] com.avira.antivirus.gjallarhorn.plist (Avira Operations GmbH & Co. KG - installed 2018-[Running] com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2018-04-27)

[Running] com.avira.antivirus.systray.plist (? 9bf80dc3 - installed 2018-05-29)

[Loaded] com.avira.antivirus.iris.plist (Avira Operations GmbH & Co. KG - installed 2018-06-[Running]

com.wdc.WD-Drive-Agent.plist (Western Digital Corporation Branded Products Group 2017-04-10)

[Not

Loaded]

de.novamedia.VodafoneDeviceObserver.plist (? dd99164d - installed 2010-05-19)

[Not

Loaded]

com.adobe.AAM.Updater-1.0.plist (? ffb65062 - installed 2018-01-24)

[Running] com.avira.helper.avstats.plist (? cf66ea88 - installed 2018-05-29)

[Loaded] com.avira.antivirus.scheduler.agent.plist (? 4b765eec - installed 2018-05-29)

[Loaded] com.avira.antivirus.general.agent.plist (? 94ca9a28 - installed 2018-05-29)

[Running] com.citrix.ServiceRecords.plist (? 8e6543d - installed 2016-11-09)

[Loaded] com.avira.servicehub.license.poll.plist (Avira Operations GmbH & Co. KG - installed [Loaded] com.citrix.AuthManager_Mac.plist (? 1ce99fae - installed 2016-11-09)

[Loaded] com.avira.antivirus.update.default.plist (? 7dca32a5 - installed 2018-05-29)

[Not

Loaded]

com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-05-30)

[Running] com.citrix.ReceiverHelper.plist (? bbfad3f1 - installed 2016-11-09)

[Loaded] com.avira.antivirus.telemetry.agent.plist (? a4625078 - installed 2018-05-29)

[Other] com.avira.antivirus.notifications.agent.plist (? 8b13021d - installed 2018-05-29)

[Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed [Running] com.avira.servicehub.license.plist (Avira Operations GmbH & Co. KG - installed 2018-[Loaded] com.avira.antivirus.odscan.default.plist (? 6cbc19c4 - installed 2018-06-23)

Launch Daemons:

[Running] com.avira.helper.watchdox.plist (? e7e538d1 - installed 2018-05-29)

[Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed [Loaded] com.wdc.WDPrivilegedHelper.plist (? 9f7f4405 - installed 2017-09-17)

[Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed [Other] com.avira.antivirus.dbcleaner.plist (? 223cb974 - installed 2018-05-29)

[Running] com.adobe.acc.installer.plist (Adobe Systems, Inc. - installed 2018-04-27)

[Loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2018-06-01)

[Loaded] com.microsoft.office.licensing.helper.plist (? 6d8cb30e - installed 2010-08-24)

[Running] com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2018-05-30)

[Running] com.adobe.agmservice.plist (Adobe Systems, Inc. - installed 2018-05-30)

[Loaded] com.citrix.ctxusbd.plist (? 44dc9c9f - installed 2016-11-09)

User Launch Agents:

[Loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2018-02-03)

[Not Loaded] com.MyMacUpdater.agent.plist (Adware - installed 2018-06-23)

[Loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2018-04-14)

[Not Loaded] com.movavi.converteragent.startup.plist (GOLDEN SOFTWARE INC. - installed 2018-[Loaded] com.logmein.GoToMeeting.G2MUpdate.plist (LogMeIn, Inc. - installed 2018-05-08)

[Loaded] com.citrixonline.GoToMeeting.G2MUpdate.plist (Citrix Online LLC - installed 2017-[Not Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-05-30)

[Other] com.apple.CSConfigDotMacCert-***@***-SharedServices.Agent.plist (? 0 - installed [Loaded] com.adobe.AAM.Updater-1.0.plist (? 0 - installed 2018-01-24)

[Loaded] com.adobe.ARM.***.plist (? 0 - installed 2015-09-24)

Internet Plug-ins:

Google Earth Web Plug-in: 6.2 (installed 2012-06-28)

OfficeLiveBrowserPlugin: 12.3.0 (installed 2011-06-15)

Flip4Mac WMV Plugin: 2.3.8.1 (installed 2011-01-13)

AdobeAAMDetect: 3.0.0.0 (installed 2018-04-27)

FlashPlayer-10.6: 30.0.0.113 (installed 2018-06-15)

AdobePDFViewerNPAPI: 10.1.16 (installed 2016-04-10)

Silverlight: 4.0.51204.0 (installed 2011-09-07)

QuickTime Plugin: 7.7.3 (installed 2018-06-14)

Flash Player: 30.0.0.113 (installed 2018-06-15)

iPhotoPhotocast: 7.0 (installed 2010-12-26)

SharePointBrowserPlugin: 14.7.7 (installed 2017-09-19)

AdobePDFViewer: 10.1.16 (installed 2016-04-10)

PepperFlashPlayer: 30.0.0.113 (installed 2018-06-15)

CitrixICAClientPlugIn: 12.4.0 (installed 2016-12-15)

EPPEX Plugin: 10.0 (installed 2014-09-16)

User Internet Plug-ins:

ZoomUsPlugIn: 4.1.11049.1024 (installed 2017-11-29)

WebEx64: 1.0 (installed 2013-03-17)

Safari Extensions:

AllMyTube.safariextz - Wondershare - http://www.wondershare.com(installed

2016-07-19)

3rd Party Preference Panes:

Flash Player (installed 2018-06-01)

Flip4Mac WMV (installed 2011-01-13)

Logitech Control Center (installed 2013-11-02)

Perian (installed 2011-04-08)

Time Machine:

Skip System Files: No

Mobile backups:

Auto backup: Yes

Volumes being backed up:

Destinations:

M*****************c [Local] (Last used)

Total size: 0 B

Total number of backups: 10

Oldest backup: 2017-09-17 16:24:32

Last backup: 2018-04-21 18:48:50

Top Processes by CPU:

Process (count) Source % of CPU Location

kernel_task Apple 16

WindowServer Apple 8

sysmond Apple 2

Adobe CEF Helper (3) Adobe Systems, Inc. 1

sandboxd Apple 1

Top Processes by Memory:

Process (count) Source RAM usage Location

kernel_task Apple 1.04 GB

firefox Mozilla Corporation 930 MB

mds_stores Apple 919 MB

plugin-container (2) Mozilla Corporation 523 MB

savapi ? 374 MB

/Applications/

Avira.app

Top Processes by Network Use:

Process Source Input Output Location

mDNSResponde

r

Apple 42 KB 31 KB

biometrickitd Apple 5 KB 61 KB

servicehubd Avira Operations GmbH & Co. KG 13 KB 7 KB

apsd Apple 4 KB 4 KB

netbiosd Apple 714 B 490 B

Process Source Input Output Location

mDNSResponde

r

Apple 42 KB 31 KB

biometrickitd Apple 5 KB 61 KB

servicehubd Avira Operations GmbH & Co. KG 13 KB 7 KB

apsd Apple 4 KB 4 KB

netbiosd Apple 714 B 490 B

Top Processes by Energy Use:

Process (count) Source Energy (0-100) Location

WindowServer Apple 2

Adobe CEF Helper (3) Adobe Systems, Inc. 1

sysmond Apple 0

avguard-ondemand-mgmt ? 0

/Applications/

Avira.app

Creative Cloud Adobe Systems, Inc. 0

Virtual Memory Information:

Available RAM

8.09

GB

Free RAM

3.11

GB

Used RAM

7.91

GB

Cached files

4.98

GB

Swap Used 0 B

Software Installs (past 30 days):

Name Version

Install

Date

iTunes 12.7.5 2018-06-14

Adobe Flash Player

30.0.0.11

3

2018-06-15

Adobe Pepper Flash Player

30.0.0.11

3

2018-06-15

Gatekeeper Configuration Data 142 2018-06-19

MRTConfigData 1.35 2018-06-19

Malwarebytes for Mac 1.0 2018-06-23

Avira Antivirus 3.0 2018-06-23

Clean up:

~/Library/LaunchAgents/com.apple.CSConfigDotMacCert-***@***-SharedServices.Agent .plist

/System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices.framewor k/Versions/CSConfigDotMacCert

Executable not found

End of report