Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Mac crashes on restart if I have deleted . . .

. . . if I have deleted a "leftover" file that Malwarebytes and Norton flag as a security threat. Months ago I installed MacKeeper. Then I uninstalled it, and a leftover file (Library/Security/SecurityAgentPlugins/MKAuthPlugin.bundle/Contents/MacOS/MKAut hPlugin!) is flagged. If I choose to let either MalwareBytes or Norton delete it . . . OMG! The system will always crash on restart, and then I have to do a restore from Time Machine. If I ignore the threat warning, everything will be OK. Needless to say, I have improved my sanity because I have quit doing the same thing (deleting the file) over and over again while hoping for a different result. Anybody got any ideas that I might pursue in order to get my machine cleared of this leftover file? I have a late 2014 production of Mac 27" Retina 5K, running High Sierra, latest version.

iMac with Retina 5K display, OS X El Capitan (10.11.4)

Posted on Jul 6, 2018 4:59 PM

Reply
Question marked as Best reply

Posted on Jul 8, 2018 2:49 PM

Yes, do an erase and install of Mac OS and NEVER install any antivirus, cleaning or ANY third party maintenance utilities. Mac OS does not benefit from any of these, all Mac OS need to run trouble free is to be kept up-to-date and otherwise left alone. After you are done the erase and install manually restore your data from your Time Machine backup and manually install all third party apps, do not restore them!

Similar questions

6 replies
Question marked as Best reply

Jul 8, 2018 2:49 PM in response to HosMartys

Yes, do an erase and install of Mac OS and NEVER install any antivirus, cleaning or ANY third party maintenance utilities. Mac OS does not benefit from any of these, all Mac OS need to run trouble free is to be kept up-to-date and otherwise left alone. After you are done the erase and install manually restore your data from your Time Machine backup and manually install all third party apps, do not restore them!

Aug 7, 2018 9:30 AM in response to HosMartys

I just had this same issue after cleaning my parents El Capitan OSX install infested with MacKeeper (and other wonderful optimization programs) and spending a couple days trying to isolate why.


After a couple of tries/recovery attempts I found the removal of MKAuthPlugin.bundle as shown in ClamXAV caused the laptop to crash right before login.


I followed the instructions in the following Stack Overflow post to modify your AuthPlugin list and remove the reference to MKAuthPlugin BEFORE you get ClamX to remove/quarantine that file. If you remove the file and your authplugin still references it, you crash.


xcode - Custom login/lock screen in OS X Mavericks - Stack Overflow


  1. security authorizationdb read system.login.console > outfile.plist
  2. edit the outfile.plist and delete the lines with references to MKAuthPlugin (i think there was 2 or three in mine)
  3. Save the file
  4. security authorizationdb write system.login.console < outfile.plist

Once that's done - reboot to ensure you didn't break anything (back up before you do any of this). Then you can safely remove that file (now that there's no longer a reference to it on boot) and reboot again to make sure you didn't break anything.


That should clean you up.

Aug 8, 2018 5:45 AM in response to HosMartys

I just saw this discussion, and I'm intrigued. I am actually responsible for Malwarebytes for Mac, and I can't recall ever having seen that MKAuthPlugin before. I searched all our rules, and I don't see anything that ought to detect that file.


If you're able and willing, I'd be very interested in seeing the entire contents of the /Library/Security/SecurityAgentPlugins/MKAuthPlugin.bundle folder. If you still have that, and are willing to help, please do the following:


1) In the Finder, choose Go to Folder from the Go menu, and enter the following path in the window that appears:


/Library/Security/SecurityAgentPlugins


Then click Go.


2) Select the MKAuthPlugin.bundle item.


3) Choose Compress "MKAuthPlugin.bundle" from the File menu. A file named "MKAuthPlugin.bundle.zip" will be created on the desktop.


4) Go to the Malwarebytes support site here:


https://support.malwarebytes.com/community/consumer/pages/contact-us


5) Fill out the form under Create Ticket, including a link to this discussion, mentioning me by name (Thomas Reed), and attach that MKAuthPlugin.bundle.zip file. Submit the form.

Aug 11, 2018 6:18 AM in response to krustydonkey

Thanks!


For the benefit of everyone else reading, this is definitely not detected by Malwarebytes for Mac at this time. It sounds like this is actually a good thing in this case, as removal of the bundle itself will cause a boot failure, due to entries in the authorization database.


This looks like it's nasty to remove, requiring changes to the authorization database, which could be a very bad thing if done improperly. I do not recommend doing so if you don't know exactly what you're doing. (This reminds me of a similar issue with the Genieo malware years ago, which caused a similar problem if the launchd.conf file was not edited or deleted along with a couple dylib files. I saw many people mess up removal and brick their Macs.)


For those who do feel confident in their ability to follow them, the directions posted by krustydonkey above should work. Just be extremely cautious, and make sure you have good backups in case something goes wrong.


I will be doing further research to determine exactly what this plugin is doing, what the security implications are, and how we can properly remove it for folks who are not able to confidently remove it manually.

Mac crashes on restart if I have deleted . . .

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.