Lorigor Inviato 11 Agosto 2018 Segnala Condividi Inviato 11 Agosto 2018 Salve dopo aver scaricato vari programmi per un problema con una micro sd falsa da riformattare il giorno seguente accendendo il Mac è comparso un avviso "uninstaller sta provando a modificare il network di sistema" chiedendomi Username e Password, non ci do molto peso, però la cosa si è ripetuta, al chè ho incominciato a preoccuparmi. Insomma per non tirarla troppo sono capitato in una delle discussioni qui presenti dove consigliavano Etrecheck per verificare se avessi qualche malware. L'ho scaricato, avviato, fatto il report ed eliminato quella che sembrava la minaccia che chiedeva di modificare il network. Dato che non sono un esperto, ne un tecnico ma solo un utilizzatore del sistema da parecchi anni vorrei sapere se c'è qualcos'altro da dover modificare secondo il report. EtreCheck version: 4.3.6 (4D041) Report generated: 2018-08-11 20:56:38 Download EtreCheck from https://etrecheck.com Runtime: 2:41 Performance: Excellent Problem: Other problem Description: app asks to reconfigure network Major Issues: Anything that appears on this list needs immediate attention. No Time Machine backup- Time Machine backup not found. Adware- Adware detected. Unsigned files- There are unsigned software installed that could be adware and should be reviewed. Minor Issues: These issues do not need immediate attention but they may indicate future problems. Low disk space- This machine is running low on free hard drive space. Clean up- There are orphan files that could be removed. Hardware Information: MacBook Pro (Retina, 13-inch, Early 2015) MacBook Pro Model: MacBookPro12,1 1 2,7 GHz Intel Core i5 (i5-5257U) CPU: 2-core 8 GB RAM - Not upgradeable BANK 0/DIMM0 - 4 GB DDR3 1867 ok BANK 1/DIMM0 - 4 GB DDR3 1867 ok Battery: Health = Normal - Cycle count = 349 Video Information: Intel Iris Graphics 6100 - VRAM: 1536 MB Color LCD 2560 x 1600 Drives: disk0 - APPLE SSD SM0128G 121.33 GB (Solid State - TRIM: Yes) Internal PCI 5.0 GT/s x4 Serial ATA disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB disk0s2 [Core Storage Container] 120.47 GB disk1 - Macintosh HD (Journaled HFS+) 120.11 GB disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB Mounted Volumes: disk1 - Macintosh HD 120.11 GB (12.66 GB free) Journaled HFS+ Mount point: / Encrypted Network: Interface SAMSUNG_MDM: SAMSUNG Modem Interface en5: iPad Interface en0: Wi-Fi 802.11 a/b/g/n/ac One IPv4 address Interface en4: iPhone Interface en3: Bluetooth PAN Interface bridge0: Thunderbolt Bridge iCloud Quota: 2.96 GB available System Software: macOS Sierra 10.12.6 (16G1212) Time since boot: Less than an hour System Load: 1.01 (1 min ago) 1.51 (5 min ago) 1.58 (15 min ago) Security: System Status Gatekeeper Mac App Store and identified developers System Integrity Protection Enabled Adware: Launchd: ~/Library/LaunchAgents/com.spigot.ApplicationManager.plist Reason: Adware name match Executable: ~/Library/Application Support/Spigot/ApplicationManager --protect Launchd: ~/Library/LaunchAgents/macsearch.plist Reason: Adware name match Executable: ~/Library/Application Support/Agent/macsearch DistributerName=sfmctar2 ChannelId=201 DeviceId=903316a1-e7b0-537f-a2e3-2a28636d97ce Country=IT BarcodeId=52143201 Date=2018-08-10 Unsigned Files: Launchd: /Library/LaunchAgents/com.brother.LOGINserver.plist Executable: /Library/Printers/Brother/Utilities/Server/LOGINserver.app/Contents/MacOS/LOGINserver Details: Exact match found in the whitelist - probably OK Launchd: ~/Library/LaunchAgents/com.ciceronage.ip.plist Executable: ~/Library/ciceronage.ip/ciceronage.ip.app/Contents/MacOS/ciceronage.ip Details: Domain name invalid - possibly adware Launchd: ~/Library/LaunchAgents/spid-uninstall.plist Executable: /bin/sh -c "$HOME/Library/SPI/uninstallerwatcher.sh" Details: Domain name invalid - possibly adware Launchd: /Library/LaunchDaemons/com.adobe.SwitchBoard.plist Executable: /Library/Application Support/Adobe/SwitchBoard/SwitchBoard.app/Contents/MacOS/launch.switchboard Details: Exact match found in the whitelist - probably OK Kernel Extensions: /System/Library/Extensions [Not Loaded] ssuddrv.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) /System/Library/Extensions/ssuddrv.kext/Contents/PlugIns [Not Loaded] ssudmdmcontrol.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssudmdmdata.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssudmtp.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.5) [Not Loaded] ssudserial.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssdumdrv.kext (Samsung Electronics, 1.3) System Launch Agents: [Not Loaded] 6 Apple tasks [Loaded] 180 Apple tasks [Running] 99 Apple tasks System Launch Daemons: [Not Loaded] 42 Apple tasks [Loaded] 173 Apple tasks [Running] 103 Apple tasks [Other] 2 Apple tasks Launch Agents: [Not Loaded] com.adobe.AAM.Updater-1.0.plist (? ffb65062 - installed 2017-09-20) [Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Systems, Inc. - installed 2018-02-17) [Running] com.brother.LOGINserver.plist (? a1772de2 - installed 2015-03-12) Launch Daemons: [Loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2018-02-17) [Other] com.easeus.dataprotectbackup.plist (? 12fff45e - installed 2018-08-10) [Running] com.cleverfiles.cfbackd.plist (Justin Johnson - installed 2018-08-10) [Loaded] com.adobe.SwitchBoard.plist (? 68cad67 - installed 2017-09-20) [Loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2018-06-26) [Running] com.fitbit.galileod.plist (? 485714a8 - installed 2015-10-30) [Loaded] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2018-02-17) User Launch Agents: [Running] com.spigot.ApplicationManager.plist (Adware - installed 2016-12-28) [Loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2018-07-21) [Loaded] com.ciceronage.ip.plist (? 0 - installed 2018-08-10) [Loaded] spid-uninstall.plist (? 0 - installed 2018-04-12) [Loaded] com.skype.skype.shareagent.plist (Skype Communications S.a.r.l - installed 2018-07-12) [Other] spid.plist (? 0 - installed 2018-04-12) [Loaded] com.adobe.AAM.Updater-1.0.plist (? 0 - installed 2017-09-20) [Loaded] com.bittorrent.uTorrent.plist (BitTorrent, Inc - installed 2016-03-17) [Loaded] macsearch.plist (Adware - installed 2018-08-10) User Login Items: iTunesHelper Applicazione (Apple - installed 2018-06-02) (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app) Fitbit Connect Menubar Helper Applicazione (? - installed 2016-02-12) (/Applications/Fitbit Connect.app/Contents/MacOS/Fitbit Connect Menubar Helper.app) SpeechSynthesisServer Applicazione (? - installed 2018-01-30) (/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app) com.adobe.SwitchBoard.monitor.plist MachInit (?) (/etc/mach_init_per_user.d/com.adobe.SwitchBoard.monitor.plist) Internet Plug-ins: AdobePDFViewerNPAPI: (installed 2018-07-21) FlashPlayer-10.6: (installed 2018-07-12) QuickTime Plugin: (installed 2018-01-30) AdobePDFViewer: (installed 2018-07-21) Flash Player: (installed 2018-07-12) Safari Extensions: Adblock Plus.safariextz - Eyeo GmbH - https://adblockplus.org/(installed 2017-06-29) 3rd Party Preference Panes: Flash Player (installed 2018-06-26) FUSE for OS X (OSXFUSE) (installed 2015-10-25) Time Machine: Time Machine Not Configured! Top Processes by CPU: Process (count) Source % of CPU Location WindowServer Apple 7 kernel_task Apple 2 Fitbit Connect Menubar Helper ? 1 /Applications/Fitbit Connect.app launchservicesd Apple 0 trustd (3) Apple 0 Top Processes by Memory: Process (count) Source RAM usage Location kernel_task Apple 676 MB com.apple.WebKit.WebContent (6) Apple 565 MB Safari Apple 539 MB helpd Apple 208 MB Finder Apple 154 MB Top Processes by Network Use: Process Source Input Output Location com.apple.WebKit.Networking Apple 3 MB 13 KB apsd Apple 10 KB 12 KB mDNSResponder Apple 16 KB 5 KB ntpd Apple 432 B 480 B netbiosd Apple 522 B 354 B Top Processes by Energy Use: Process (count) Source Energy (0-100) Location WindowServer Apple 5 Fitbit Connect Menubar Helper ? 0 /Applications/Fitbit Connect.app launchservicesd Apple 0 galileod ? 0 /Library/Application Support/Fitbit Connect UserEventAgent (2) Apple 0 Virtual Memory Information: Available RAM 3.69 GB Free RAM 18 MB Used RAM 4.31 GB Cached files 3.68 GB Swap Used 0 B Software Installs (past 30 days): Name Version Install Date Adobe Flash Player 30.0.0.134 2018-07-12 Adobe Acrobat Reader DC (18.011.20055) 18.011.20055 2018-07-21 Smart Switch Mac 4.2 2018-08-04 Gatekeeper Configuration Data 150 2018-08-07 Clean up: ~/Library/LaunchAgents/spid.plist /Applications/spi.app Executable not found /Library/LaunchDaemons/com.easeus.dataprotectbackup.plist /Applications/EaseUS Data Recovery Wizard.app/Contents/MacOS/EaseUS Data Recovery Wizard.app/Contents/Resources/EUDataDaemon.app/Contents/MacOS/eudataback Executable not found Diagnostics Information (past 7 days): 2018-08-10 22:33:55 Disk Drill.app CPU /Applications/Disk Drill.app End of report Link al commento Condividi su altri siti Altre opzioni di condivisione...
Elliot Inviato 12 Agosto 2018 Segnala Condividi Inviato 12 Agosto 2018 Elimina tutto quello nello screen e fai girare Malwarebytes e vedi, come AD Block usa KaBlock Link al commento Condividi su altri siti Altre opzioni di condivisione...
167-761 Inviato 12 Agosto 2018 Segnala Condividi Inviato 12 Agosto 2018 Hai indovinato: qull'avviso dipendeva da malware che hai nel Mac. Hai fatto bene a lanciare Etrecheck, dal quale si capisce che hai tanta merda nel Mac. Qui ti elenco gli orrori: 9 ore fa, Lorigor dice: Launchd: ~/Library/LaunchAgents/com.spigot.ApplicationManager.plist Executable: ~/Library/Application Support/Spigot/ApplicationManager --protect Launchd: ~/Library/LaunchAgents/macsearch.plist Executable: ~/Library/Application Support/Agent/macsearch DistributerName=sfmctar2 ChannelId=201 DeviceId=903316a1-e7b0-537f-a2e3-2a28636d97ce Country=IT BarcodeId=52143201 Date=2018-08-10 Launchd: ~/Library/LaunchAgents/com.ciceronage.ip.plist Executable: ~/Library/ciceronage.ip/ciceronage.ip.app/Contents/MacOS/ciceronage.ip Launchd: ~/Library/LaunchAgents/spid-uninstall.plist Executable: /bin/sh -c "$HOME/Library/SPI/uninstallerwatcher.sh" Launch Daemons: [Other] com.easeus.dataprotectbackup.plist (? 12fff45e - installed 2018-08-10) [Running] com.cleverfiles.cfbackd.plist (Justin Johnson - installed 2018-08-10) User Launch Agents: [Running] com.spigot.ApplicationManager.plist (Adware - installed 2016-12-28) [Loaded] com.ciceronage.ip.plist (? 0 - installed 2018-08-10) [Loaded] spid-uninstall.plist (? 0 - installed 2018-04-12) [Other] spid.plist (? 0 - installed 2018-04-12) [Loaded] macsearch.plist (Adware - installed 2018-08-10) e senz'altro tutto Disk Drill !!! Cita [Running] com.cleverfiles.cfbackd.plist (Justin Johnson - installed 2018-08-10) Prima disattiva la funzione "backup degli elementi cestinati", dopo disinstalla l'applicazione. Il problema di Disk Drill, è che ti mantiene copia di una marea di files, in una directory nascosta, che va ingrossandosi incontrollatamente, fino ad occupare svariati GB di spazio. Il che, su un SSD di appena 120 GB, non è carino. Ed è inutile, oltretutto: non è affatto un backup. Forse per quello usi "com.easeus.dataprotectbackup", rimuovilo. L'unico modo di tenere una copia di backup efficiente e sicura è: TIME MACHINE. Ti tieni collegato un HD da 500/1000 GB, e lo dedichi esclusivamente a Time Machine. Fine dei problemi. Rimuovi AdBlock, così potrai intercettare ulteriori malware. Come hai svolto la rimozione dell'intruso? Non è per niente facile rimuovere tutto e correttamente! Controlla, ad esempio, di non avere tra le Preferenze di Sistema un pannello "Profili"! Se non lo usi, rimuovi il driver Samsung per collegare i telefonini android. 9 ore fa, Lorigor dice: Kernel Extensions: /System/Library/Extensions [Not Loaded] ssuddrv.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) /System/Library/Extensions/ssuddrv.kext/Contents/PlugIns [Not Loaded] ssudmdmcontrol.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssudmdmdata.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssudmtp.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.5) [Not Loaded] ssudserial.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssdumdrv.kext (Samsung Electronics, 1.3) Link al commento Condividi su altri siti Altre opzioni di condivisione...
Lorigor Inviato 12 Agosto 2018 Autore Segnala Condividi Inviato 12 Agosto 2018 Disk drill l'ho eliminato immediatamente dopo averlo scaricato, buttando tutto nel cestino. In questo momento sto facendo un ulteriore report per vedere se ci sono questi file elencati perché nel momento in cui ho visto i suggerimenti di rimozione e cosa fossero quegli elementi (non riconoscendoli o attribuendoli ad altro) li ho subito eliminati. Appena posso elenco l'ultima run di etrecheck. Link al commento Condividi su altri siti Altre opzioni di condivisione...
Lorigor Inviato 12 Agosto 2018 Autore Segnala Condividi Inviato 12 Agosto 2018 eccolo EtreCheck version: 4.3.6 (4D041) Report generated: 2018-08-12 12:22:53 Download EtreCheck from https://etrecheck.com Runtime: 2:60 Performance: Excellent Problem: Other problem Description: checking if there are more malware Major Issues: Anything that appears on this list needs immediate attention. No Time Machine backup- Time Machine backup not found. Minor Issues: These issues do not need immediate attention but they may indicate future problems. Low disk space- This machine is running low on free hard drive space. Clean up- There are orphan files that could be removed. Unsigned files- There are unsigned software file installed. They appear to be legitimate but should be reviewed. Hardware Information: MacBook Pro (Retina, 13-inch, Early 2015) MacBook Pro Model: MacBookPro12,1 1 2,7 GHz Intel Core i5 (i5-5257U) CPU: 2-core 8 GB RAM - Not upgradeable BANK 0/DIMM0 - 4 GB DDR3 1867 ok BANK 1/DIMM0 - 4 GB DDR3 1867 ok Battery: Health = Normal - Cycle count = 350 Video Information: Intel Iris Graphics 6100 - VRAM: 1536 MB Color LCD 2560 x 1600 Drives: disk0 - APPLE SSD SM0128G 121.33 GB (Solid State - TRIM: Yes) Internal PCI 5.0 GT/s x4 Serial ATA disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB disk0s2 [Core Storage Container] 120.47 GB disk1 - Macintosh HD (Journaled HFS+) 120.11 GB disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB Mounted Volumes: disk1 - Macintosh HD 120.11 GB (12.65 GB free) Journaled HFS+ Mount point: / Encrypted Network: Interface SAMSUNG_MDM: SAMSUNG Modem Interface en5: iPad Interface en0: Wi-Fi 802.11 a/b/g/n/ac One IPv4 address Interface en4: iPhone Interface en3: Bluetooth PAN Interface bridge0: Thunderbolt Bridge System Software: macOS Sierra 10.12.6 (16G1212) Time since boot: About 2 hours System Load: 1.93 (1 min ago) 1.63 (5 min ago) 1.55 (15 min ago) Security: System Status Gatekeeper Mac App Store and identified developers System Integrity Protection Enabled Unsigned Files: Launchd: /Library/LaunchDaemons/com.adobe.SwitchBoard.plist Executable: /Library/Application Support/Adobe/SwitchBoard/SwitchBoard.app/Contents/MacOS/launch.switchboard Details: Exact match found in the whitelist - probably OK Launchd: /Library/LaunchAgents/com.brother.LOGINserver.plist Executable: /Library/Printers/Brother/Utilities/Server/LOGINserver.app/Contents/MacOS/LOGINserver Details: Exact match found in the whitelist - probably OK Kernel Extensions: /System/Library/Extensions [Not Loaded] ssuddrv.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) /System/Library/Extensions/ssuddrv.kext/Contents/PlugIns [Not Loaded] ssudmdmcontrol.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssudmdmdata.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssudmtp.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.5) [Not Loaded] ssudserial.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssdumdrv.kext (Samsung Electronics, 1.3) System Launch Agents: [Not Loaded] 6 Apple tasks [Loaded] 172 Apple tasks [Running] 107 Apple tasks System Launch Daemons: [Not Loaded] 42 Apple tasks [Loaded] 172 Apple tasks [Running] 104 Apple tasks [Other] 2 Apple tasks Launch Agents: [Not Loaded] com.adobe.AAM.Updater-1.0.plist (? ffb65062 - installed 2017-09-20) [Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Systems, Inc. - installed 2018-02-17) [Running] com.brother.LOGINserver.plist (? a1772de2 - installed 2015-03-12) Launch Daemons: [Loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2018-02-17) [Other] com.easeus.dataprotectbackup.plist (? 12fff45e - installed 2018-08-10) [Running] com.cleverfiles.cfbackd.plist (Justin Johnson - installed 2018-08-10) [Loaded] com.adobe.SwitchBoard.plist (? 68cad67 - installed 2017-09-20) [Loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2018-06-26) [Running] com.fitbit.galileod.plist (? 485714a8 - installed 2015-10-30) [Loaded] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2018-02-17) User Launch Agents: [Loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2018-07-21) [Loaded] com.skype.skype.shareagent.plist (Skype Communications S.a.r.l - installed 2018-07-12) [Other] spid.plist (? 0 - installed 2018-04-12) [Loaded] com.adobe.AAM.Updater-1.0.plist (? 0 - installed 2017-09-20) [Loaded] com.bittorrent.uTorrent.plist (BitTorrent, Inc - installed 2016-03-17) User Login Items: iTunesHelper Applicazione (Apple - installed 2018-06-02) (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app) Fitbit Connect Menubar Helper Applicazione (? - installed 2016-02-12) (/Applications/Fitbit Connect.app/Contents/MacOS/Fitbit Connect Menubar Helper.app) SpeechSynthesisServer Applicazione (? - installed 2018-01-30) (/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app) com.adobe.SwitchBoard.monitor.plist MachInit (?) (/etc/mach_init_per_user.d/com.adobe.SwitchBoard.monitor.plist) Internet Plug-ins: AdobePDFViewerNPAPI: (installed 2018-07-21) FlashPlayer-10.6: (installed 2018-07-12) QuickTime Plugin: (installed 2018-01-30) AdobePDFViewer: (installed 2018-07-21) Flash Player: (installed 2018-07-12) 3rd Party Preference Panes: Flash Player (installed 2018-06-26) FUSE for OS X (OSXFUSE) (installed 2015-10-25) Time Machine: Time Machine Not Configured! Top Processes by CPU: Process (count) Source % of CPU Location DashboardClient Apple 31 WindowServer Apple 15 com.apple.WebKit.WebContent (5) Apple 7 kernel_task Apple 5 Safari Apple 1 Top Processes by Memory: Process (count) Source RAM usage Location com.apple.WebKit.WebContent (13) Apple 907 MB com.apple.WebKit.WebContent (5) Apple 825 MB kernel_task Apple 692 MB Safari Apple 572 MB com.apple.WebKit.Networking (13) Apple 448 MB Top Processes by Network Use: Process Source Input Output Location com.apple.WebKit.Networking Apple 251 KB 26 KB mDNSResponder Apple 62 KB 7 KB apsd Apple 12 KB 29 KB cloudd Apple 9 KB 991 B ntpd Apple 3 KB 4 KB Top Processes by Energy Use: Process (count) Source Energy (0-100) Location Finder Apple 13 DashboardClient Apple 12 WindowServer Apple 9 com.apple.WebKit.WebContent (5) Apple 3 hidd Apple 2 Virtual Memory Information: Available RAM 3.02 GB Free RAM 64 MB Used RAM 4.98 GB Cached files 2.95 GB Swap Used 0 B Software Installs (past 30 days): Name Version Install Date Adobe Acrobat Reader DC (18.011.20055) 18.011.20055 2018-07-21 Smart Switch Mac 4.2 2018-08-04 Gatekeeper Configuration Data 150 2018-08-07 Clean up: ~/Library/LaunchAgents/spid.plist /Applications/spi.app Executable not found /Library/LaunchDaemons/com.easeus.dataprotectbackup.plist /Applications/EaseUS Data Recovery Wizard.app/Contents/MacOS/EaseUS Data Recovery Wizard.app/Contents/Resources/EUDataDaemon.app/Contents/MacOS/eudataback Executable not found Diagnostics Information (past 7 days): 2018-08-10 22:33:55 Disk Drill.app CPU /Applications/Disk Drill.app End of report Alcune cose le avevo rimosse ma son ricomparse....... come i clean up Link al commento Condividi su altri siti Altre opzioni di condivisione...
Lorigor Inviato 12 Agosto 2018 Autore Segnala Condividi Inviato 12 Agosto 2018 5 ore fa, Sim0ne72 dice: Elimina tutto quello nello screen e fai girare Malwarebytes e vedi, come AD Block usa KaBlock sei sicuro che devo eliminare anche fuse? o.O i plug-ins non sono visibili in safari avendo tolto i maggiori, li riesco a visualizzare solo nel folder con etrecheck, sicuro che devo eliminarli tutti gettandoli nel cestino? Link al commento Condividi su altri siti Altre opzioni di condivisione...
Lorigor Inviato 12 Agosto 2018 Autore Segnala Condividi Inviato 12 Agosto 2018 6 ore fa, 167-761 dice: Hai indovinato: qull'avviso dipendeva da malware che hai nel Mac. Hai fatto bene a lanciare Etrecheck, dal quale si capisce che hai tanta merda nel Mac. Qui ti elenco gli orrori: e senz'altro tutto Disk Drill !!! Prima disattiva la funzione "backup degli elementi cestinati", dopo disinstalla l'applicazione. Il problema di Disk Drill, è che ti mantiene copia di una marea di files, in una directory nascosta, che va ingrossandosi incontrollatamente, fino ad occupare svariati GB di spazio. Il che, su un SSD di appena 120 GB, non è carino. Ed è inutile, oltretutto: non è affatto un backup. Forse per quello usi "com.easeus.dataprotectbackup", rimuovilo. L'unico modo di tenere una copia di backup efficiente e sicura è: TIME MACHINE. Ti tieni collegato un HD da 500/1000 GB, e lo dedichi esclusivamente a Time Machine. Fine dei problemi. Rimuovi AdBlock, così potrai intercettare ulteriori malware. Come hai svolto la rimozione dell'intruso? Non è per niente facile rimuovere tutto e correttamente! Controlla, ad esempio, di non avere tra le Preferenze di Sistema un pannello "Profili"! Se non lo usi, rimuovi il driver Samsung per collegare i telefonini android. Ho fatto due ulteriori run di etrecheck, l'ultima continua a dirmi che disk drill è presente, ma io non trovo nessuna traccia dell'app. dato che non ho acquistato etrecheck non posso vederlo nel finder. non so più cosa fare, idee?? aiuti??? EtreCheck version: 4.3.6 (4D041) Report generated: 2018-08-12 14:24:06 Download EtreCheck from https://etrecheck.com Runtime: 2:28 Performance: Excellent Problem: Other problem Major Issues: Anything that appears on this list needs immediate attention. No Time Machine backup- Time Machine backup not found. Minor Issues: These issues do not need immediate attention but they may indicate future problems. Low disk space- This machine is running low on free hard drive space. Unsigned files- There are unsigned software file installed. They appear to be legitimate but should be reviewed. Hardware Information: MacBook Pro (Retina, 13-inch, Early 2015) MacBook Pro Model: MacBookPro12,1 1 2,7 GHz Intel Core i5 (i5-5257U) CPU: 2-core 8 GB RAM - Not upgradeable BANK 0/DIMM0 - 4 GB DDR3 1867 ok BANK 1/DIMM0 - 4 GB DDR3 1867 ok Battery: Health = Normal - Cycle count = 350 Video Information: Intel Iris Graphics 6100 - VRAM: 1536 MB Color LCD 2560 x 1600 Drives: disk0 - APPLE SSD SM0128G 121.33 GB (Solid State - TRIM: Yes) Internal PCI 5.0 GT/s x4 Serial ATA disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB disk0s2 [Core Storage Container] 120.47 GB disk1 - Macintosh HD (Journaled HFS+) 120.11 GB disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB Mounted Volumes: disk1 - Macintosh HD 120.11 GB (12.86 GB free) Journaled HFS+ Mount point: / Encrypted Network: Interface SAMSUNG_MDM: SAMSUNG Modem Interface en5: iPad Interface en0: Wi-Fi 802.11 a/b/g/n/ac One IPv4 address Interface en4: iPhone Interface en3: Bluetooth PAN Interface bridge0: Thunderbolt Bridge iCloud Quota: 2.96 GB available System Software: macOS Sierra 10.12.6 (16G1212) Time since boot: Less than an hour System Load: 1.37 (1 min ago) 2.40 (5 min ago) 1.74 (15 min ago) Security: System Status Gatekeeper Mac App Store and identified developers System Integrity Protection Enabled Unsigned Files: Launchd: /Library/LaunchAgents/com.brother.LOGINserver.plist Executable: /Library/Printers/Brother/Utilities/Server/LOGINserver.app/Contents/MacOS/LOGINserver Details: Exact match found in the whitelist - probably OK Launchd: /Library/LaunchDaemons/com.adobe.SwitchBoard.plist Executable: /Library/Application Support/Adobe/SwitchBoard/SwitchBoard.app/Contents/MacOS/launch.switchboard Details: Exact match found in the whitelist - probably OK Kernel Extensions: /System/Library/Extensions [Not Loaded] ssuddrv.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) /System/Library/Extensions/ssuddrv.kext/Contents/PlugIns [Not Loaded] ssudmdmcontrol.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssudmdmdata.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssudmtp.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.5) [Not Loaded] ssudserial.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssdumdrv.kext (Samsung Electronics, 1.3) System Launch Agents: [Not Loaded] 6 Apple tasks [Loaded] 180 Apple tasks [Running] 99 Apple tasks System Launch Daemons: [Not Loaded] 42 Apple tasks [Loaded] 173 Apple tasks [Running] 103 Apple tasks [Other] 2 Apple tasks Launch Agents: [Not Loaded] com.adobe.AAM.Updater-1.0.plist (? ffb65062 - installed 2017-09-20) [Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Systems, Inc. - installed 2018-02-17) [Running] com.brother.LOGINserver.plist (? a1772de2 - installed 2015-03-12) Launch Daemons: [Loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2018-02-17) [Running] com.cleverfiles.cfbackd.plist (Justin Johnson - installed 2018-08-10) [Loaded] com.adobe.SwitchBoard.plist (? 68cad67 - installed 2017-09-20) [Loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2018-06-26) [Running] com.fitbit.galileod.plist (? 485714a8 - installed 2015-10-30) [Loaded] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2018-02-17) User Launch Agents: [Loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2018-07-21) [Loaded] com.skype.skype.shareagent.plist (Skype Communications S.a.r.l - installed 2018-07-12) [Loaded] com.adobe.AAM.Updater-1.0.plist (? 0 - installed 2017-09-20) [Loaded] com.bittorrent.uTorrent.plist (BitTorrent, Inc - installed 2016-03-17) User Login Items: iTunesHelper Applicazione (Apple - installed 2018-06-02) (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app) Fitbit Connect Menubar Helper Applicazione (? - installed 2016-02-12) (/Applications/Fitbit Connect.app/Contents/MacOS/Fitbit Connect Menubar Helper.app) com.adobe.SwitchBoard.monitor.plist MachInit (?) (/etc/mach_init_per_user.d/com.adobe.SwitchBoard.monitor.plist) Internet Plug-ins: AdobePDFViewerNPAPI: (installed 2018-07-21) FlashPlayer-10.6: (installed 2018-07-12) QuickTime Plugin: (installed 2018-01-30) AdobePDFViewer: (installed 2018-07-21) Flash Player: (installed 2018-07-12) 3rd Party Preference Panes: Flash Player (installed 2018-06-26) FUSE for OS X (OSXFUSE) (installed 2015-10-25) Time Machine: Time Machine Not Configured! Top Processes by CPU: Process (count) Source % of CPU Location WindowServer Apple 18 Finder Apple 11 kernel_task Apple 9 helpd Apple 8 hidd Apple 5 Top Processes by Memory: Process (count) Source RAM usage Location kernel_task Apple 708 MB mdworker (18) Apple 497 MB Finder Apple 258 MB WindowServer Apple 207 MB Pages Mac App Store 197 MB Top Processes by Network Use: Process Source Input Output Location mDNSResponder Apple 19 KB 14 KB helpd Apple 14 KB 13 KB apsd Apple 11 KB 16 KB assistantd Apple 5 KB 5 KB netbiosd Apple 522 B 354 B Top Processes by Energy Use: Process (count) Source Energy (0-100) Location WindowServer Apple 4 Keychain Access Apple 3 hidd Apple 1 Fitbit Connect Menubar Helper ? 0 /Applications/Fitbit Connect.app helpd Apple 0 Virtual Memory Information: Available RAM 4.28 GB Free RAM 164 MB Used RAM 3.72 GB Cached files 4.12 GB Swap Used 0 B Software Installs (past 30 days): Name Version Install Date Adobe Acrobat Reader DC (18.011.20055) 18.011.20055 2018-07-21 Smart Switch Mac 4.2 2018-08-04 Gatekeeper Configuration Data 150 2018-08-07 Safari 11.1.2 2018-08-12 Diagnostics Information (past 7 days): 2018-08-10 22:33:55 Disk Drill.app CPU /Applications/Disk Drill.app End of report Link al commento Condividi su altri siti Altre opzioni di condivisione...
167-761 Inviato 12 Agosto 2018 Segnala Condividi Inviato 12 Agosto 2018 non pensare che Etrecheck possa scandagliarti TUTTO il Mac. Ti dà degli "hints", delle dritte, ecco tutto. Sta a te risolvere -definitivamente- i problemi. Non è che cestinando un files che appare nel report, ti liberi di tutti i 57 files, launchDaemons, LaunchAgents, prefs, e soprattutto intere directory sotto /tmp/ e /var/ che il malware si è costruito e interlacciato. Orrendo: Search Page Injection (SPI). 2 ore fa, Lorigor dice: [Other] spid.plist (? 0 - installed 2018-04-12) Cattivissimo: Disk Drill 2 ore fa, Lorigor dice: Launch Daemons: [Running] com.cleverfiles.cfbackd.plist (Justin Johnson - installed 2018-08-10) Stupido: DataProtect Cita Launch Daemons: [Other] com.easeus.dataprotectbackup.plist (? 12fff45e - installed 2018-08-10) Link al commento Condividi su altri siti Altre opzioni di condivisione...
167-761 Inviato 12 Agosto 2018 Segnala Condividi Inviato 12 Agosto 2018 3 minuti fa, Lorigor dice: dato che non ho acquistato etrecheck non posso vederlo nel finder. non so più cosa fare, idee?? Lo acquisti, e in un colpo solo risolvi due problemi: il tuo, e quello dello sviluppatore che almeno ha lavorato per qualco$a. Link al commento Condividi su altri siti Altre opzioni di condivisione...
167-761 Inviato 12 Agosto 2018 Segnala Condividi Inviato 12 Agosto 2018 1 ora fa, Lorigor dice: sei sicuro che devo eliminare anche fuse? a cosa puo' ancora servirti, esattamente? Link al commento Condividi su altri siti Altre opzioni di condivisione...
167-761 Inviato 12 Agosto 2018 Segnala Condividi Inviato 12 Agosto 2018 Qua qualcuno è incappato nel tuo medesimo problema Forse ti conviene reinstallare DiskDrill, disattivare il "backup automatico" (o "iper mega galattico"? non lo so), poi disinstallare DiskDrill come da manuale. Qui le istruzioni sul loro sito, pero' tralasciano la parte riguardante le corpose directory invisibili sotto /tmp/ Per vedere i files nascosti dentro la cartella /tmp/ e sottocartelle, digita i tre tasti: maiusc cmd punto Link al commento Condividi su altri siti Altre opzioni di condivisione...
Lorigor Inviato 12 Agosto 2018 Autore Segnala Condividi Inviato 12 Agosto 2018 40 minuti fa, 167-761 dice: Qua qualcuno è incappato nel tuo medesimo problema Forse ti conviene reinstallare DiskDrill, disattivare il "backup automatico" (o "iper mega galattico"? non lo so), poi disinstallare DiskDrill come da manuale. Qui le istruzioni sul loro sito, pero' tralasciano la parte riguardante le corpose directory invisibili sotto /tmp/ Per vedere i files nascosti dentro la cartella /tmp/ e sottocartelle, digita i tre tasti: maiusc cmd punto reinstallato, non riesco a trovare la voce "backup automatico".... Link al commento Condividi su altri siti Altre opzioni di condivisione...
Lorigor Inviato 12 Agosto 2018 Autore Segnala Condividi Inviato 12 Agosto 2018 1 ora fa, 167-761 dice: a cosa puo' ancora servirti, esattamente? Non riesco ad eliminarlo o.O vado su remove, si carica, finisce, non sparisce, riavvio e sta a ancora là. Tolto da system preferences. Link al commento Condividi su altri siti Altre opzioni di condivisione...
Lorigor Inviato 12 Agosto 2018 Autore Segnala Condividi Inviato 12 Agosto 2018 Ultimo report e giuro che la smetto ^^"""""" Credo di aver rimosso tutto... almeno spero! di Disk drill continuo a non trovare nulla nemmeno nella library EtreCheck version: 4.3.6 (4D041) Report generated: 2018-08-12 15:54:42 Download EtreCheck from https://etrecheck.com Runtime: 2:14 Performance: Excellent Problem: Other problem Major Issues: Anything that appears on this list needs immediate attention. No Time Machine backup- Time Machine backup not found. Minor Issues: These issues do not need immediate attention but they may indicate future problems. Low disk space- This machine is running low on free hard drive space. Unsigned files- There are unsigned software file installed. They appear to be legitimate but should be reviewed. Hardware Information: MacBook Pro (Retina, 13-inch, Early 2015) MacBook Pro Model: MacBookPro12,1 1 2,7 GHz Intel Core i5 (i5-5257U) CPU: 2-core 8 GB RAM - Not upgradeable BANK 0/DIMM0 - 4 GB DDR3 1867 ok BANK 1/DIMM0 - 4 GB DDR3 1867 ok Battery: Health = Normal - Cycle count = 350 Video Information: Intel Iris Graphics 6100 - VRAM: 1536 MB Color LCD 2560 x 1600 Drives: disk0 - APPLE SSD SM0128G 121.33 GB (Solid State - TRIM: Yes) Internal PCI 5.0 GT/s x4 Serial ATA disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB disk0s2 [Core Storage Container] 120.47 GB disk1 - Macintosh HD (Journaled HFS+) 120.11 GB disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB Mounted Volumes: disk1 - Macintosh HD 120.11 GB (12.62 GB free) Journaled HFS+ Mount point: / Encrypted Network: Interface SAMSUNG_MDM: SAMSUNG Modem Interface en5: iPad Interface en0: Wi-Fi 802.11 a/b/g/n/ac One IPv4 address Interface en4: iPhone Interface en3: Bluetooth PAN Interface bridge0: Thunderbolt Bridge iCloud Quota: 2.96 GB available System Software: macOS Sierra 10.12.6 (16G1212) Time since boot: Less than an hour System Load: 1.17 (1 min ago) 1.39 (5 min ago) 1.49 (15 min ago) Security: System Status Gatekeeper Mac App Store and identified developers System Integrity Protection Enabled Unsigned Files: Launchd: /Library/LaunchDaemons/com.adobe.SwitchBoard.plist Executable: /Library/Application Support/Adobe/SwitchBoard/SwitchBoard.app/Contents/MacOS/launch.switchboard Details: Exact match found in the whitelist - probably OK Launchd: /Library/LaunchAgents/com.brother.LOGINserver.plist Executable: /Library/Printers/Brother/Utilities/Server/LOGINserver.app/Contents/MacOS/LOGINserver Details: Exact match found in the whitelist - probably OK Kernel Extensions: /System/Library/Extensions [Not Loaded] ssuddrv.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) /System/Library/Extensions/ssuddrv.kext/Contents/PlugIns [Not Loaded] ssudmdmcontrol.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssudmdmdata.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssudmtp.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.5) [Not Loaded] ssudserial.kext (DEVGURU Co., Ltd., 1.4.45 - SDK 10.6) [Not Loaded] ssdumdrv.kext (Samsung Electronics, 1.3) System Launch Agents: [Not Loaded] 6 Apple tasks [Loaded] 181 Apple tasks [Running] 98 Apple tasks System Launch Daemons: [Not Loaded] 42 Apple tasks [Loaded] 174 Apple tasks [Running] 102 Apple tasks [Other] 2 Apple tasks Launch Agents: [Not Loaded] com.adobe.AAM.Updater-1.0.plist (? ffb65062 - installed 2017-09-20) [Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Systems, Inc. - installed 2018-02-17) [Running] com.brother.LOGINserver.plist (? a1772de2 - installed 2015-03-12) Launch Daemons: [Loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2018-02-17) [Loaded] com.adobe.SwitchBoard.plist (? 68cad67 - installed 2017-09-20) [Loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2018-06-26) [Running] com.fitbit.galileod.plist (? 485714a8 - installed 2015-10-30) [Loaded] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2018-02-17) User Launch Agents: [Loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2018-07-21) [Loaded] com.skype.skype.shareagent.plist (Skype Communications S.a.r.l - installed 2018-07-12) [Loaded] com.adobe.AAM.Updater-1.0.plist (? 0 - installed 2017-09-20) [Loaded] com.bittorrent.uTorrent.plist (BitTorrent, Inc - installed 2016-03-17) User Login Items: iTunesHelper Applicazione (Apple - installed 2018-06-02) (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app) Fitbit Connect Menubar Helper Applicazione (? - installed 2016-02-12) (/Applications/Fitbit Connect.app/Contents/MacOS/Fitbit Connect Menubar Helper.app) com.adobe.SwitchBoard.monitor.plist MachInit (?) (/etc/mach_init_per_user.d/com.adobe.SwitchBoard.monitor.plist) Internet Plug-ins: AdobePDFViewerNPAPI: (installed 2018-07-21) FlashPlayer-10.6: (installed 2018-07-12) QuickTime Plugin: (installed 2018-01-30) AdobePDFViewer: (installed 2018-07-21) Flash Player: (installed 2018-07-12) 3rd Party Preference Panes: Flash Player (installed 2018-06-26) FUSE for OS X (OSXFUSE) (installed 2015-10-25) Time Machine: Time Machine Not Configured! Top Processes by CPU: Process (count) Source % of CPU Location WindowServer Apple 7 kernel_task Apple 3 com.apple.WebKit.WebContent (6) Apple 2 Fitbit Connect Menubar Helper ? 1 /Applications/Fitbit Connect.app launchservicesd Apple 0 Top Processes by Memory: Process (count) Source RAM usage Location com.apple.WebKit.WebContent (6) Apple 785 MB kernel_task Apple 636 MB mds_stores Apple 192 MB Finder Apple 160 MB Safari Apple 156 MB Top Processes by Network Use: Process Source Input Output Location com.apple.WebKit.Networking Apple 138 KB 12 KB mDNSResponder Apple 30 KB 8 KB apsd Apple 10 KB 14 KB assistantd Apple 4 KB 2 KB ntpd Apple 576 B 720 B Top Processes by Energy Use: Process (count) Source Energy (0-100) Location WindowServer Apple 5 com.apple.WebKit.WebContent (6) Apple 1 Fitbit Connect Menubar Helper ? 0 /Applications/Fitbit Connect.app launchservicesd Apple 0 com.apple.WebKit.Networking Apple 0 Virtual Memory Information: Available RAM 4.11 GB Free RAM 266 MB Used RAM 3.89 GB Cached files 3.85 GB Swap Used 0 B Software Installs (past 30 days): Name Version Install Date Adobe Acrobat Reader DC (18.011.20055) 18.011.20055 2018-07-21 Smart Switch Mac 4.2 2018-08-04 Gatekeeper Configuration Data 150 2018-08-07 Safari 11.1.2 2018-08-12 Diagnostics Information (past 7 days): 2018-08-10 22:33:55 Disk Drill.app CPU /Applications/Disk Drill.app End of report Link al commento Condividi su altri siti Altre opzioni di condivisione...
Messaggi raccomandati
Archiviato
Questa discussione è archiviata e chiusa a future risposte.