Vai al contenuto

Post eliminazione MacKeeper


Dav48

Messaggi raccomandati

Per motivi che non vi sto a spiegare, il mio Mac è stato infettato da MacKeeper

Dopo aver rimosso tutto seguendo varie guide e utilizzando uno script della shell trovato su Github, ho notato che Chrome crasha molto spesso

Possono le due cose essere collegate

Presupponendo che io non abbia MAI avviato l'eseguibile di Mackeeper e che la scansione con MalwareBytes non abbia rilevato nulla, ecco il risultato della scansione con EtreCheck:

EtreCheck version: 3.4.6 (460)
Report generated 2018-01-24 12:11:00
Download EtreCheck from https://etrecheck.com
Runtime: 2:10
Performance: Excellent

Click the [Lookup] links for more information from Apple Support Communities.
Click the [Details] links for more information about that line.
Click the [Remove/Report] links to remove adware or update the whitelist of legitimate software.
Click the [Clean up] link to delete unused files.

Problem: Apps are crashing

Hardware Information: ⓘ
    iMac (Retina 5K, 27-inch, 2017) 
    [Technical Specifications] - [User Guide] - [Warranty & Service]
    iMac - model: iMac18,3
    1 3,4 GHz Intel Core i5 (i5-7500) CPU: 4-core
    8 GB RAM Upgradeable - [Instructions]
        BANK 0/DIMM0
            4 GB DDR4 2400 MHz ok
        BANK 0/DIMM1
            Empty   
        BANK 1/DIMM0
            4 GB DDR4 2400 MHz ok
        BANK 1/DIMM1
            Empty   
    Handoff/Airdrop2: supported
    Wireless:  en1: 802.11 a/b/g/n/ac
    iCloud Quota: 4.98 GB available

Video Information: ⓘ
    Radeon Pro 570 - VRAM: 4096 MB
        iMac 5120 x 2880

Disk Information: ⓘ
    APPLE HDD ST1000DM003 disk0: (1 TB) (Rotational)
    [Show SMART report]
        EFI (disk0s1 - MS-DOS FAT32) <not mounted>  [EFI]: 210 MB 
        (disk0s2) <not mounted>  [CoreStorage Container]: 698.37 GB
        Recovery HD (disk0s3 - Journaled HFS+) <not mounted>  [Recovery]: 650 MB 
        BOOTCAMP (disk0s4 - NTFS) /Volumes/BOOTCAMP : 300.98 GB (163.46 GB free)

    APPLE SSD SM0032L disk1: (28 GB) (Solid State - TRIM: Yes)
        (disk1s1) <not mounted>  [EFI]: 315 MB
        (disk1s2) <not mounted>  [CoreStorage Container]: 27.55 GB
        (disk1s3) <not mounted>  [Boot]: 134 MB

USB Information: ⓘ
     USB30Bus 
        Broadcom Corp. Bluetooth USB Host Controller 
        Apple Inc. FaceTime HD Camera (Built-in) 
         USB2.0 HUB 
            Logitech USB Laser Mouse 
     USB31Bus 

Thunderbolt Information: ⓘ
    Apple Inc. thunderbolt_bus

Virtual disks: ⓘ
    Machintosh HD (disk2 - Journaled HFS+) /  [Startup]: 725.00 GB (635.01 GB free)
        Physical disk: disk1s2 27.55 GB Online
        Physical disk: disk0s2 698.37 GB Online

System Software: ⓘ
    macOS Sierra  10.12.6 (16G1212) - Time since boot: less than an hour

Gatekeeper: ⓘ
    Anywhere [Fix Gatekeeper security]

Possible adware: ⓘ
    Unknown file: ~/Library/LaunchAgents/com.traumatropism.sb.plist
    	~/Library/traumatropism.sb/traumatropism.sb.app/Contents/MacOS/traumatropism.sb
    Adware: ~/Library/LaunchAgents/macsearch.plist
    2 possible adware files found. [Remove/Report]

Clean up: ⓘ
    /Library/LaunchAgents/com.paragon-software.ntfs.notification-agent.plist
        /Library/Application Support/Paragon Software/com.paragon-software.ntfs.notification-agent.app/Contents/MacOS/NotificationAgent
        Executable not found!
    ~/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist
        /Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility -mode=scheduled
        Executable not found!
    2 orphan files found. [Clean up]

Kernel Extensions: ⓘ
        /Applications/Parallels Desktop.app
    [not loaded]    com.parallels.kext.hypervisor (13.2.0 43213 - SDK 10.9) [Lookup]
    [not loaded]    com.parallels.kext.netbridge (13.2.0 43213 - SDK 10.9) [Lookup]
    [not loaded]    com.parallels.kext.usbconnect (13.2.0 43213 - SDK 10.9) [Lookup]
    [not loaded]    com.parallels.kext.vnic (13.2.0 43213 - SDK 10.9) [Lookup]

        /Library/Extensions
    [not loaded]    com.mice.driver.Wireless360Controller (1.0.0d15 - SDK 10.10) [Lookup]
    [not loaded]    com.mice.driver.WirelessGamingReceiver (1.0.0d15 - SDK 10.10) [Lookup]
    [not loaded]    com.paragon-software.filesystems.ntfs (15.0.**1 - SDK 10.10) [Lookup]

        /System/Library/Extensions
    [not loaded]    com.mice.driver.Xbox360Controller (1.0.0d15 - SDK 10.10) [Lookup]

System Launch Agents: ⓘ
    [not loaded]    6 Apple tasks
    [loaded]    183 Apple tasks
    [running]    96 Apple tasks

System Launch Daemons: ⓘ
    [not loaded]    42 Apple tasks
    [loaded]    178 Apple tasks
    [running]    98 Apple tasks

Launch Agents: ⓘ
    [failed]    com.paragon-software.ntfs.notification-agent.plist (? fc90e230 0 - installed 2017-08-21) [Lookup] - /Library/Application Support/Paragon Software/com.paragon-software.ntfs.notification-agent.app/Contents/MacOS/NotificationAgent: Executable not found!

Launch Daemons: ⓘ
    [running]    com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2017-10-07) [Lookup]
    [running]    com.mice.360Daemon.plist (Drew Mills - installed 2017-10-13) [Lookup]

User Launch Agents: ⓘ
    [loaded]    com.adobe.AAM.Updater-1.0.plist (? 6a3cceca 0 - installed 2017-10-06) [Lookup] - /Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility: Executable not found!
    [loaded]    com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2017-10-02) [Lookup]
    [loaded]    com.google.keystone.agent.plist (Google, Inc. - installed 2017-10-01) [Lookup]
    [running]    com.spotify.webhelper.plist (Spotify - installed 2018-01-23) [Lookup]
    [loaded]    com.traumatropism.sb.plist (? cfb87cc9 41109ad0 - installed 2018-01-23) [Lookup]
    [loaded]    com.valvesoftware.steamclean.plist (? 917ff568 f3aca444 - installed 2018-01-23) [Lookup]
    [loaded]    macsearch.plist (? a10c1dc8 4f77794f - installed 2018-01-23) Adware!  [Remove/Report]
        ~/Library/Application Support/Agent/macsearch

User Login Items: ⓘ
    Dropbox    Applicazione - Hidden 
        (/Applications/Dropbox.app)
    Itsycal    Applicazione - Hidden 
        (/Applications/Itsycal.app)
    Alt-C    Applicazione - Hidden 
        (/Applications/Alt-C.app)
    Android File Transfer Agent    Applicazione 
        (~/Library/Application Support/Google/Android File Transfer/Android File Transfer Agent.app)

Internet Plug-ins: ⓘ
    QuickTime Plugin: 7.7.3 (installed 2018-01-24)

Safari Extensions: ⓘ
    [enabled]    Evernote Web Clipper - Evernote Corp. - http://evernote.com (installed 2017-12-31)
    [enabled]    Adblock Plus - Eyeo GmbH - https://adblockplus.org/ (installed 2017-12-31)
    [not loaded]    Open in Internet Explorer - Parallels - http://www.parallels.com (installed 2017-10-08)
    [enabled]    Translate - SideTree.com - Apps for Mac - http://SideTree.com/extensions.html#Translate (installed 2017-12-31)

3rd Party Preference Panes: ⓘ
    Xbox 360 Controllers (installed 2017-04-18) [Lookup]

Time Machine: ⓘ
    Mobile backups: OFF
    Auto backup: NO - Auto backup turned off
    Volumes being backed up:
        Machintosh HD: Disk size: 725.00 GB Disk used: 89.99 GB
    Destinations:
        Backup [Local] 
        Total size: 999.86 GB 
        Total number of backups: 5 
        Oldest backup: 09/11/17, 23:25 
        Last backup: 19/01/18, 21:45 
        Size of backup disk: Adequate
            Backup size 999.86 GB > (Disk used 89.99 GB X 3)

Top Processes by CPU: ⓘ
         4%   	Google Chrome Helper
         2%   	Google Chrome
         1%   	kernel_task
         1%   	WindowServer
         0%   	Google Chrome Helper

Top Processes by Memory: ⓘ
    972 MB    	kernel_task
    508 MB    	Telegram
    330 MB    	Google Chrome
    310 MB    	WindowServer
    251 MB    	Google Chrome Helper

Top Processes by Network Use: ⓘ
    Input     	Output    	Process name
    75 KB     	104 KB    	Dropbox
    41 KB     	9 KB      	Telegram
    25 KB     	6 KB      	mDNSResponder
    10 KB     	8 KB      	apsd
    522 B     	354 B     	netbiosd

Top Processes by Energy Use: ⓘ
      4.76	WindowServer
      2.08	Google Chrome Helper
      1.34	Google Chrome
      1.14	mdworker

Virtual Memory Information: ⓘ
    2.71 GB   	Available RAM
    338 MB    	Free RAM
    5.29 GB   	Used RAM
    2.38 GB   	Cached files
    0 B       	Swap Used

Software installs (last 30 days): ⓘ
    Enpass: 5.6.3 (installed 2018-01-09)
    Alt-C:  (installed 2018-01-22)
    Malwarebytes for Mac:  (installed 2018-01-23)
    "Malwarebytes for Mac Uninstaller":  (installed 2018-01-23)

    Install information may not be complete.

Diagnostics Events (last 3 days for minor events): ⓘ
    2018-01-24 12:00:21    Last shutdown cause: -128 - Unknown
    2018-01-22 11:39:13    Microsoft Word.app High CPU use [Open] [Details]


Come agisco?

Link al commento
Condividi su altri siti

Comincia impostando Gatekeeper solo per AppStore e sviluppatori identificati.

Poi ti segnala dei probabili adware, traumatropism e macsearch. Premi su Remove per eliminarli.

Infine hai dei file orfani di applicazioni probabilmente già rimosse. Elimina anche loro.

E forse puoi fare a meno di Android File Transfer.

Di Mackeeper non sembra ci sia più traccia.

:apple: MacBook Pro 13" mid 2012 (macOS 10.14.6 Mojave) :apple: iPhone 6S (iOS 13.1.2) :apple: iPad mini (iOS 9.3.5) :apple: Apple TV 4a gen. :apple: iPod nano 5a gen.

- Le mie foto su flickr -

Link al commento
Condividi su altri siti

2 minuti fa, Luc4 dice:

Comincia impostando Gatekeeper solo per AppStore e sviluppatori identificati.

Poi ti segnala dei probabili adware, traumatropism e macsearch. Premi su Remove per eliminarli.

Infine hai dei file orfani di applicazioni probabilmente già rimosse. Elimina anche loro.

E forse puoi fare a meno di Android File Transfer.

Di Mackeeper non sembra ci sia più traccia.

mi consigli di rifar una riparazione dei permessi con Onyx?

Link al commento
Condividi su altri siti

Non credo. Anzi, occhio a come usi Onyx. Va fatto con cognizione di causa.

La riparazione dei permessi da un paio di OS fa mi pare sia affidata esclusivamente al sistema, non dovrebbe più essere necessario farla manualmente.

:apple: MacBook Pro 13" mid 2012 (macOS 10.14.6 Mojave) :apple: iPhone 6S (iOS 13.1.2) :apple: iPad mini (iOS 9.3.5) :apple: Apple TV 4a gen. :apple: iPod nano 5a gen.

- Le mie foto su flickr -

Link al commento
Condividi su altri siti

Ma di Chrome ne hai veramente bisogno? Meglio Safari su Mac.

Ah, altra cosa, guarda anche in Preferenze di Sistema > Utenti e Gruppi > "Tuo utente", alla voce Elementi di login. Dovresti trovarci macsearch. Eliminalo co il tasto (-).

Dopo che hai fatto tutto ripeti il test con Etrecheck e controlla che sia pulito. Non dovresti trovarci nessun Remove/Clean up.

:apple: MacBook Pro 13" mid 2012 (macOS 10.14.6 Mojave) :apple: iPhone 6S (iOS 13.1.2) :apple: iPad mini (iOS 9.3.5) :apple: Apple TV 4a gen. :apple: iPod nano 5a gen.

- Le mie foto su flickr -

Link al commento
Condividi su altri siti

1 minuto fa, Luc4 dice:

Ma di Chrome ne hai veramente bisogno? Meglio Safari su Mac.

Ah, altra cosa, guarda anche in Preferenze di Sistema > Utenti e Gruppi > "Tuo utente", alla voce Elementi di login. Dovresti trovarci macsearch. Eliminalo co il tasto (-).

Dopo che hai fatto tutto ripeti il test con Etrecheck e controlla che sia pulito. Non dovresti trovarci nessun Remove/Clean up.

Ho da sempre usato Chrome sul mio device android e, per forza dell'abitudine, lo uso anche sul mio mac; non avendo un iPhone, è impossibile per me passare a Safari.

Comunque, anche prima di avviare EtreCheck, non ho trovato macsearch tra gli elementi di login e, ovviamente, non lo trovo neanche ora.

Il log di Etrecheck non porta nessun risultato.

EtreCheck version: 3.4.6 (460)
Report generated 2018-01-24 12:58:17
Download EtreCheck from https://etrecheck.com
Runtime: 2:05
Performance: Excellent

Click the [Lookup] links for more information from Apple Support Communities.
Click the [Details] links for more information about that line.

Problem: No problem - just checking

Hardware Information: ⓘ
    27" iMac (Mid 2017) 
    [Technical Specifications] - [User Guide] - [Warranty & Service]
    iMac - model: iMac18,3
    1 3,4 GHz Intel Core i5 (i5-7500) CPU: 4-core
    8 GB RAM Upgradeable - [Instructions]
        BANK 0/DIMM0
            4 GB DDR4 2400 MHz ok
        BANK 0/DIMM1
            Empty   
        BANK 1/DIMM0
            4 GB DDR4 2400 MHz ok
        BANK 1/DIMM1
            Empty   
    Handoff/Airdrop2: supported
    Wireless:  en1: 802.11 a/b/g/n/ac
    iCloud Quota: 4.98 GB available

Video Information: ⓘ
    Radeon Pro 570 - VRAM: 4096 MB
        iMac 5120 x 2880

Disk Information: ⓘ
    APPLE HDD ST1000DM003 disk0: (1 TB) (Rotational)
    [Show SMART report]
        EFI (disk0s1 - MS-DOS FAT32) <not mounted>  [EFI]: 210 MB 
        (disk0s2) <not mounted>  [CoreStorage Container]: 698.37 GB
        Recovery HD (disk0s3 - Journaled HFS+) <not mounted>  [Recovery]: 650 MB 
        BOOTCAMP (disk0s4 - NTFS) /Volumes/BOOTCAMP : 300.98 GB (163.46 GB free)

    APPLE SSD SM0032L disk1: (28 GB) (Solid State - TRIM: Yes)
        (disk1s1) <not mounted>  [EFI]: 315 MB
        (disk1s2) <not mounted>  [CoreStorage Container]: 27.55 GB
        (disk1s3) <not mounted>  [Boot]: 134 MB

USB Information: ⓘ
     USB30Bus 
        Broadcom Corp. Bluetooth USB Host Controller 
        Apple Inc. FaceTime HD Camera (Built-in) 
         USB2.0 HUB 
            Logitech USB Laser Mouse 
     USB31Bus 

Thunderbolt Information: ⓘ
    Apple Inc. thunderbolt_bus

Virtual disks: ⓘ
    Machintosh HD (disk2 - Journaled HFS+) /  [Startup]: 725.00 GB (635.15 GB free)
        Physical disk: disk1s2 27.55 GB Online
        Physical disk: disk0s2 698.37 GB Online

System Software: ⓘ
    macOS Sierra  10.12.6 (16G1212) - Time since boot: less than an hour

Gatekeeper: ⓘ
    Anywhere [Fix Gatekeeper security]

Kernel Extensions: ⓘ
        /Applications/Parallels Desktop.app
    [not loaded]    com.parallels.kext.hypervisor (13.2.0 43213 - SDK 10.9) [Lookup]
    [not loaded]    com.parallels.kext.netbridge (13.2.0 43213 - SDK 10.9) [Lookup]
    [not loaded]    com.parallels.kext.usbconnect (13.2.0 43213 - SDK 10.9) [Lookup]
    [not loaded]    com.parallels.kext.vnic (13.2.0 43213 - SDK 10.9) [Lookup]

        /Library/Extensions
    [not loaded]    com.mice.driver.Wireless360Controller (1.0.0d15 - SDK 10.10) [Lookup]
    [not loaded]    com.mice.driver.WirelessGamingReceiver (1.0.0d15 - SDK 10.10) [Lookup]
    [not loaded]    com.paragon-software.filesystems.ntfs (15.0.**1 - SDK 10.10) [Lookup]

        /System/Library/Extensions
    [not loaded]    com.mice.driver.Xbox360Controller (1.0.0d15 - SDK 10.10) [Lookup]

System Launch Agents: ⓘ
    [not loaded]    6 Apple tasks
    [loaded]    182 Apple tasks
    [running]    97 Apple tasks

System Launch Daemons: ⓘ
    [not loaded]    42 Apple tasks
    [loaded]    179 Apple tasks
    [running]    97 Apple tasks

Launch Daemons: ⓘ
    [running]    com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2017-10-07) [Lookup]
    [running]    com.mice.360Daemon.plist (Drew Mills - installed 2017-10-13) [Lookup]

User Launch Agents: ⓘ
    [loaded]    com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2017-10-02) [Lookup]
    [loaded]    com.google.keystone.agent.plist (Google, Inc. - installed 2017-10-01) [Lookup]
    [running]    com.spotify.webhelper.plist (Spotify - installed 2018-01-24) [Lookup]
    [loaded]    com.valvesoftware.steamclean.plist (? 917ff568 f3aca444 - installed 2018-01-23) [Lookup]

User Login Items: ⓘ
    Dropbox    Applicazione - Hidden 
        (/Applications/Dropbox.app)
    Itsycal    Applicazione - Hidden 
        (/Applications/Itsycal.app)
    Alt-C    Applicazione - Hidden 
        (/Applications/Alt-C.app)

Internet Plug-ins: ⓘ
    QuickTime Plugin: 7.7.3 (installed 2018-01-24)

Safari Extensions: ⓘ
    [enabled]    Evernote Web Clipper - Evernote Corp. - http://evernote.com (installed 2017-12-31)
    [enabled]    Adblock Plus - Eyeo GmbH - https://adblockplus.org/ (installed 2017-12-31)
    [not loaded]    Open in Internet Explorer - Parallels - http://www.parallels.com (installed 2017-10-08)
    [enabled]    Translate - SideTree.com - Apps for Mac - http://SideTree.com/extensions.html#Translate (installed 2017-12-31)

3rd Party Preference Panes: ⓘ
    Xbox 360 Controllers (installed 2017-04-18) [Lookup]

Time Machine: ⓘ
    Mobile backups: OFF
    Auto backup: NO - Auto backup turned off
    Volumes being backed up:
        Machintosh HD: Disk size: 725.00 GB Disk used: 89.85 GB
    Destinations:
        Backup [Local] 
        Total size: 999.86 GB 
        Total number of backups: 5 
        Oldest backup: 09/11/17, 23:25 
        Last backup: 19/01/18, 21:45 
        Size of backup disk: Adequate
            Backup size 999.86 GB > (Disk used 89.85 GB X 3)

Top Processes by CPU: ⓘ
        29%   	mdworker
        27%   	mdworker
         6%   	Google Chrome Helper
         4%   	Google Chrome
         3%   	kernel_task

Top Processes by Memory: ⓘ
    933 MB    	kernel_task
    293 MB    	Google Chrome
    220 MB    	Google Chrome Helper
    194 MB    	Spotify Helper
    194 MB    	Google Chrome Helper

Top Processes by Network Use: ⓘ
    Input     	Output    	Process name
    1 MB      	43 KB     	Mail
    455 KB    	114 KB    	Spotify
    76 KB     	111 KB    	Dropbox
    27 KB     	5 KB      	mDNSResponder
    14 KB     	17 KB     	apsd

Top Processes by Energy Use: ⓘ
      7.02	Google Chrome Helper
      4.04	coreaudiod
      3.60	bluetoothaudiod
      3.08	Google Chrome

Virtual Memory Information: ⓘ
    3.23 GB   	Available RAM
    1.07 GB   	Free RAM
    4.77 GB   	Used RAM
    2.16 GB   	Cached files
    0 B       	Swap Used

Software installs (last 30 days): ⓘ
    Enpass: 5.6.3 (installed 2018-01-09)
    Alt-C:  (installed 2018-01-22)
    Malwarebytes for Mac:  (installed 2018-01-23)
    "Malwarebytes for Mac Uninstaller":  (installed 2018-01-23)

    Install information may not be complete.

Diagnostics Events (last 3 days for minor events): ⓘ
    2018-01-24 12:48:05    Last shutdown cause: -128 - Unknown
    2018-01-22 11:39:13    Microsoft Word.app High CPU use [Open] [Details]

Files deleted by EtreCheck: ⓘ
    2018-01-24 12:25:58 - ~/Library/LaunchAgents/com.traumatropism.sb.plist - Unknown
    2018-01-24 12:25:58 - ~/Library/LaunchAgents/macsearch.plist - Unknown
    2018-01-24 12:41:02 - ~/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist - Unknown
    2018-01-24 12:41:10 - /Library/LaunchAgents/com.paragon-software.ntfs.notification-agent.plist - Unknown

 

Link al commento
Condividi su altri siti

Hai eliminato tutto allora.

Ti resta solo da sistemare il Gatekeeper in Preferenze di Sistema > Sicurezza e privacy. Metti la spunta in Consenti applicazioni scaricate da Mac App Store e sviluppatori identificati.

:apple: MacBook Pro 13" mid 2012 (macOS 10.14.6 Mojave) :apple: iPhone 6S (iOS 13.1.2) :apple: iPad mini (iOS 9.3.5) :apple: Apple TV 4a gen. :apple: iPod nano 5a gen.

- Le mie foto su flickr -

Link al commento
Condividi su altri siti

Archiviato

Questa discussione è archiviata e chiusa a future risposte.

×
×
  • Crea Nuovo...