EtreCheck 2.9.3: Suspected Adware or Malware

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Pndrgnsvc, Feb 11, 2016.

  1. Pndrgnsvc, Feb 11, 2016
    Last edited: Feb 11, 2016

    Pndrgnsvc macrumors 6502


    Jun 13, 2008
    Georgetown, Texas
    EtreCheck 2.9.3 just noted these 2 unknown files that may be Adware or Malware:
    1. ~/Library/LaunchAgents/com.macupdate.desktop5.scanner.plist
    2. ~/Library/LaunchAgents/.dat.nosync022a.rOuyuR (hidden)

    But before deleting these 2 files, I would like the advice of the experts here ‘bouts.

    FWIW: Malwarebytes does not note this issue.

    Waddya think, should I consign these two files to the trash or should they be retained?
  2. briloronmacrumo macrumors 6502


    Jan 25, 2008
    Well, #1 is used by Macupdate's MacUpdate Desktop app. If you're not using ( or don't have it installed ), it can clearly be deleted. #2 doesn't look familiar at all. However, 'user' launchagents, can typically be deleted unless there is a known app that needs them ( i.e. this isn't a OS X system launch agent, so its removal won't break anything except possibly the app using it ). Most apps needing these agents can repopulate from their own /Contents/Resources bundle if they aren't found.

    Bottom line: I would delete both files.
  3. Pndrgnsvc, Feb 12, 2016
    Last edited: Feb 12, 2016

    Pndrgnsvc thread starter macrumors 6502


    Jun 13, 2008
    Georgetown, Texas
    I deleted the two "suspect" files with the following result:

    1. Upon relaunching MacUpdate Desktop, I had to (re)install my SN & PW. Also, I had to reset a few options/selections. AFAIK, all is (again) normal in that regard.

    Since MU checks for outdated apps upon launch, maybe that's related...

    2. As yet, I see no consequence from deleting the ".dat.nosync022a.rOuyuR (hidden)" file. Perhaps I just haven't done anything to prompt it.

    As a side note, EtreCheck did not highlight that file on my other machine that has identical applications. Perhaps I installed something on one machine and then deleted it prior to installing it on the other. Curious and curiouser...

    And many thanks for your time and sharing your insight/expertise.

Share This Page