Probabile malware su macbook pro

[je90]

Salve a tutti,

ieri, dopo avere scaricato e installato un contenuto da uno sviluppatore non identificato (mannaggia a me!) ho visto aprirsi nel giro di un istante una probabile installazione credo di flash player. Poi mi si è chiuso google chrome e Malvarebytes mi ha messo in quarantena dei file che poi ho eliminato. Presa dal panico ho scaricato degli antivirus per fare una scansione e poi eliminarli. Ora seguendo dei consigli qui ho fatto un test con EtreCheck. Qualcuno sarebbe così gentile da verificare se ho fatto qualche pasticcio?e magari mi aiuta a risolverlo...premetto che il mac non mi ha verificato altre stranezze se non in google chrome, cosette che già ho risolto cancellando cronologia e cache. Grazie 1000 in anticipo.

 

EtreCheck version: 4.2 (4C009)

Report generated: 2018-04-14 08:48:38

Download EtreCheck from https://etrecheck.com

Runtime: 3:23

Performance: Good

 

Problem: No problem - just checking

 

Major Issues:

Anything that appears on this list needs immediate attention.

 

Time Machine backup out-of-date - The last Time Machine backup is over 10 days old.

 

Minor Issues:

These issues do not need immediate attention but they may indicate future problems.

 

Apps with heavy CPU usage - There have been numerous cases of apps with heavy CPU usage.

Unsigned files - There is unsigned software installed. They appear to be legitimate but should be reviewed.

32-bit Apps - This machine has 32-bits apps that may have problems in the future.

 

Hardware Information:

MacBook Pro (13-inch, 2016, Two Thunderbolt 3 ports)

MacBook Pro Model: MacBookPro13,1

1 2 GHz Intel Core i5 (i5-6360U) CPU: 2-core

8 GB RAM Not upgradeable

BANK 0/DIMM0 - 4 GB LPDDR3 1867 ok

BANK 1/DIMM0 - 4 GB LPDDR3 1867 ok

Battery: Health = Normal - Cycle count = 166

 

Video Information:

Intel Iris Graphics 540 - VRAM: 1536 MB

Color LCD 2880 x 1800

 

Drives:

disk0 - APPLE SSD AP0256J 251.00 GB (Solid State - TRIM: Yes)

Internal PCI-Express 8.0 GT/s x4 NVM Express

disk0s1 - EFI () [EFI] 315 MB

disk0s2 () 250.69 GB

disk1s1 - Macintosh HD (APFS) 250.69 GB (78.35 GB used)

disk1s2 - Preboot (APFS) [APFS Preboot] 250.69 GB (21 MB used)

disk1s3 - Recovery (APFS) [Recovery] 250.69 GB (510 MB used)

disk1s4 - VM (APFS) [APFS VM] 250.69 GB (1.07 GB used)

 

Mounted Volumes:

disk1s1 - Macintosh HD 250.69 GB (170.59 GB free)

APFS

Mount point: /

Encrypted

 

disk1s4 - VM [APFS VM] 250.69 GB (170.59 GB free)

APFS

Mount point: /private/var/vm

 

Network:

Interface en3: Apple USB Ethernet Adapter

Interface en5: iPhone

Interface en0: Wi-Fi

802.11 a/b/g/n/ac

One IPv4 address

Interface en4: Bluetooth PAN

Interface bridge0: Thunderbolt Bridge

iCloud Quota: 4.04 GB available

 

System Software:

macOS High Sierra 10.13.3 (17D102)

Time since boot: Less than an hour

System Load: 1.89 (1 min ago) 2.08 (5 min ago) 2.02 (15 min ago)

 

Security:

System	Status
Gatekeeper	Mac App Store and identified developers
System Integrity Protection	Enabled

 

Unsigned Files:

Launchd: /Library/LaunchAgents/com.brother.LOGINserver.plist

Executable: /Library/Printers/Brother/Utilities/Server/LOGINserver.app/Contents/MacOS/LOGINserver

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.sony.WirelessAutoImportLauncher.agent.plist

Executable: /Library/Application Support/WirelessAutoImport/WirelessImporterDaemon

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool

Details: Exact match found in the whitelist - probably OK

 

32-bit Applications:

49 32-bit apps

 

Kernel Extensions:

/Applications/PMHMac.app

[Not Loaded] SONYDeviceType01.kext (Sony Corporation, 1.2.00.09240 - SDK 10.7)

 

/Applications/Wondershare Filmora.app

[Not Loaded] SystemAudioRecorder.kext (1.1.0 - SDK 10.6)

 

/Library/Extensions

[Loaded] MB_MBAM_Protection.kext (Malwarebytes Corporation, 3.2 - SDK 10.13)

[Not Loaded] SONYDeviceType04.kext (Sony Corporation, 1.3.0.06030 - SDK 10.10)

 

System Launch Agents:

[Not Loaded]	8 Apple tasks
[Loaded]	180 Apple tasks
[Running]	102 Apple tasks

 

System Launch Daemons:

[Not Loaded]	37 Apple tasks
[Loaded]	187 Apple tasks
[Running]	107 Apple tasks

 

Launch Agents:

[Running]	com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2017-09-29)
[Running]	com.sony.SonyAutoLauncher.agent.plist (Sony Corporation - installed 2017-05-02)
[Not Loaded]	com.adobe.AAM.Updater-1.0.plist (? ffb65062 - installed 2017-05-16)
[Running]	com.sony.WirelessAutoImportLauncher.agent.plist (? c33fba7e - installed 2017-05-02)
[Not Loaded]	com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-01-29)
[Loaded]	com.oracle.java.Java-Updater.plist (? ccea1138 - installed 2018-02-20)
[Running]	com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2018-02-26)
[Running]	com.brother.LOGINserver.plist (? a1772de2 - installed 2014-05-09)

 

Launch Daemons:

[Running]	com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2018-02-26)
[Running]	com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2018-02-26)
[Loaded]	com.adobe.acc.installer.plist (Adobe Systems, Inc. - installed 2018-01-03)
[Loaded]	com.oracle.java.Helper-Tool.plist (? e3fefdd2 - installed 2018-02-20)
[Running]	com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2018-01-29)
[Loaded]	com.macpaw.CleanMyMac3.Agent.plist (MacPaw Inc. - installed 2017-11-29)

 

User Launch Agents:

[Loaded]	com.google.keystone.agent.plist (Google, Inc. - installed 2018-02-04)
[Loaded]	com.logmein.GoToMeeting.G2MUpdate.plist (Citrix Online LLC - installed 2018-03-22)
[Loaded]	com.citrixonline.GoToMeeting.G2MUpdate.plist (Citrix Online LLC - installed 2017-11-08)
[Other]	com.wondershare.mobilegodaemon.plist (? 0 - installed 2018-02-20)
[Loaded]	com.macpaw.CleanMyMac3.Scheduler.plist (MacPaw Inc. - installed 2017-11-29)
[Not Loaded]	com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-02-01)
[Not Loaded]	com.adobe.AAM.Updater-1.0.plist (? 0 - installed 2017-05-16)

 

User Login Items:

Android File Transfer Agent Applicazione (?

(/Users/***/Library/Application Support/Google/Android File Transfer/Android File Transfer Agent.app)

iTunesHelper Applicazione (Apple - installed 2018-03-30)

(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

Amazon Drive Applicazione (?

(/Applications/Amazon Drive.app)

 

Internet Plug-ins:

JavaAppletPlugin: Java 8 Update 161 build 12 (installed 2018-02-20)

AdobeAAMDetect: 3.0.0.0 (installed 2017-09-29)

QuickTime Plugin: 7.7.3 (installed 2018-02-01)

 

3rd Party Preference Panes:

Java (installed 2017-12-20)

 

Time Machine:

Skip System Files:

Mobile backups:

Auto backup: Yes

Volumes being backed up:

Macintosh HD: Disk size: 250.69 GB - Disk used: 80.10 GB

Destinations:

U******d [Local] (Last used)

Total size: 2.00 TB

Total number of backups: 6

Oldest backup: 2017-05-16 18:44:44

Last backup: 2018-04-02 13:16:50

 

Top Processes by CPU:

Process (count)	Source	% of CPU
WindowServer	Apple	7
Google Chrome Helper (9)	Google, Inc.	7
Google Chrome	Google, Inc.	5
kernel_task	Apple	3
coreaudiod	Apple	2

 

Top Processes by Memory:

Process (count)	Source	RAM usage
Google Chrome Helper (11)	Google, Inc.	1.23 GB
kernel_task	Apple	695 MB
mdworker (17)	Apple	457 MB
WhatsApp Helper (2)	WhatsApp Inc.	343 MB
Adobe CEF Helper (3)	Adobe Systems, Inc.	238 MB

 

Top Processes by Network Use:

Process	Source	Input	Output
WhatsApp	WhatsApp Inc.	434 KB	8 KB
mDNSResponder	Apple	31 KB	27 KB
apsd	Apple	5 KB	7 KB
assistantd	Apple	4 KB	5 KB
netbiosd	Apple	618 B	422 B

 

Top Processes by Energy Use:

Process (count)	Source	Energy usage (0-100)
Google Chrome Helper (11)	Google, Inc.	15
WindowServer	Apple	5
Google Chrome	Google, Inc.	3
coreaudiod	Apple	1
hidd	Apple	1

 

Virtual Memory Information:

Available RAM	2.67 GB
Free RAM	48 MB
Used RAM	5.33 GB
Cached files	2.62 GB
Swap Used	0 B

 

Diagnostics Information (past 7 days):

2018-04-13 17:45:09 BitdefenderVirusScanner.app CPU (once)

2018-04-13 16:23:56 com.avg.daemon CPU (once)

2018-04-13 15:26:37 Wondershare Filmora.app CPU (once)

2018-04-10 14:45:55 installd CPU (3 times)

 

End of report

[Elliot]

Svuota la quarantena, elimina cleanymymac, elimina cronologia, svuota la cache, e non installare/far girare antivirus, fan solo dei danni. Fai girare Malwarebytes di nuovo 

[je90]

Grazie per la risposta. Cleanmymac l'avevo già disinstallato tempo fa e nel mac compaiono solo queste due cartelle (vuote) riguardanti. Mi basta eliminare queste?Ti ringrazio molto

[je90]

Fatto quanto mi hai detto, in quarantena non c'era nulla...dici che è tutto apposto?

[Elliot]

Dovrebbe, vedi come va e scrivi se hai bisogno.

[Elliot]

3 ore fa, je90 dice:

Grazie per la risposta. Cleanmymac l'avevo già disinstallato tempo fa e nel mac compaiono solo queste due cartelle (vuote) riguardanti. Mi basta eliminare queste?Ti ringrazio molto

Sisi, puoi usare anche App Cleaner a volte, per estirpare tutto alla radice

[je90]

Non mi da alcun segnale che ci possa essere qualcosa che non va...ti ringrazio molto!

[Elliot]

2 ore fa, je90 dice:

Non mi da alcun segnale che ci possa essere qualcosa che non va...ti ringrazio molto!