HELP!! Cant remove unknown menubar icon!!!

Discussion in 'Mac Basics and Help' started by herbsties, Feb 12, 2011.

  1. herbsties macrumors newbie

    Joined:
    Feb 12, 2011
    #1
    I have an imac running 10.5.8. I an icon that looks like a capital "R" with a hook on the right leg, the top looks like an eye and there is a eyebrow above has appeared on my menu bar. I dont know what its for but fear it's some sort of spyware or spy software. when i left or right click on it i only get 3 options : view log, settings ,or quit. When i click on any of them i am ask for a username and password. I have tried all of the normal ways to remove it but nothing works. How can I identify it? and remove it? I have attached a immage of it. Thanks.
     

    Attached Files:

  2. neko girl macrumors 6502a

    neko girl

    Joined:
    Jan 20, 2011
    #2
    It's the Eye of Horus. What happens when you left click on it once? What do you see?

    If it's a virus, it likely won't have any additional control of your system if you simply click the icon.
     
  3. herbsties thread starter macrumors newbie

    Joined:
    Feb 12, 2011
    #3
    I get the three choices : view log, settings or quit
     
  4. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #4
    First, try holding the Option key while clicking the icon, to see if another menu pops up that might identify it. Also, look at Activity Monitor, showing "All Processes", to see if you recognize an unfamiliar app. If you're not sure what to look for, post screen captures of your AM process listing. It's highly unlikely that it's any kind of malware. It's more likely that some app wasn't completely removed.
    It's not. None exist that run on current Mac OS X.
     
  5. herbsties thread starter macrumors newbie

    Joined:
    Feb 12, 2011
    #5
    Holy Processes Batman!!!

    Wow I had no idea i had so many things running. There are probably many I don't need. I hope this can help you identify the "mystery" program. If you or anyone else has any suggestions as to what i should or should not have running, any advice would be greatly appreciated. Also where I would remove them from being restarted when i reboot.
     

    Attached Files:

  6. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #6
    You're only showing "My Processes". Find where it shows "My Processes" and switch it to "All Processes", then repost the screen caps.
     
  7. herbsties thread starter macrumors newbie

    Joined:
    Feb 12, 2011
    #7
    Here is ALL of the processes running...

    There are 3 pages of processes running is that the way it is supposed to be?
     

    Attached Files:

  8. GGJstudios, Feb 12, 2011
    Last edited: Feb 12, 2011

    GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #8
    Yes, it's perfectly normal to have that many processes running. Most are components of Mac OS X and the applications and widgets you have running. I don't see anything on the list that stands out that might account for that icon.

    First, try holding your Command key down while dragging that icon off the Menu Bar. It probably won't work, but it's worth trying.

    Next, check your Login Items under System Preferences > Accounts to see what you may have automatically launching.

    Before you start the following procedure of killing processes, make sure you've closed any apps you have running, so you don't lose any work you might have open. Also, log all other users off your Mac. In fact, it's a good idea to restart your Mac before you begin:

    You can also try killing various processes until you identify the one responsible for the icon. If you kill a process that controls the icon, the icon should disappear. You probably won't be able to kill any process critical to Mac OS X, but if you do, the worst that can happen is your Mac will shut down. Simply reboot and continue the process until you've identified the process responsible for the icon. Before you start this procedure of killing processes, make sure you've closed any apps you have running, so you don't lose any work you might have open.

    I didn't take the time to look up all processes and I don't recall them all from memory, but you could start by killing the following:

    Grab
    HP Event Handler
    HPIO Trap Monitor
    master
    mcxalr
    smoke
    xgridagentd
    xgridagenthelper
     
  9. Gregg2 macrumors 603

    Joined:
    May 22, 2008
    Location:
    Milwaukee, WI
    #9
    So, you're looking for an abnormal way?

    If it's a what? Besides the point above, that's not what a virus is.

    OP, hold down the command key and drag it to your Desktop and release. Ooops! That's a normal way. ;)
     
  10. herbsties thread starter macrumors newbie

    Joined:
    Feb 12, 2011
    #10
    Making progress!!!!

    OK that worked when i quit a process called smoke it disappeared. when i rebooted it was running again. It does not appear when i go to account start-up processes. How do I get rid of it forever. Also whenever i open Google chrome ,it flashes that about blank is starting is there a similar way to rid myself of that? I love Chrome but don't use it because of that. Thanks SO MUCH for all your help.
     
  11. shwc macrumors regular

    Joined:
    Jul 2, 2005
    #11
    Out of curiosity do you have administrator access to your computer? That is when asked for a password, does you password allow you to install programs, change system settings, etc.?
     
  12. herbsties thread starter macrumors newbie

    Joined:
    Feb 12, 2011
    #12
    Administrator

    Yes I do Have admin. privileges. But no absolutely about things that would have to be done in terminal or anything like or deeper than that. I have had my imac for 5 years for 5 years but have had zero problems with it so the flip side to that is I have not learned how to fix things.
     
  13. shwc macrumors regular

    Joined:
    Jul 2, 2005
    #13
    One last question before I tell you what the program is.
    Sorry to be intrusive, but how old are you?
     
  14. herbsties thread starter macrumors newbie

    Joined:
    Feb 12, 2011
    #14
    Age????

    Well I know I'm old enough to wish that I am am not as old as I am. What does that matter? Just curious......
     
  15. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #15
    First, look for "smoke" in one of 3 locations:
    • System Preferences > Accounts > youraccount > Login Items
    • /Library/LaunchAgents/
    • /Users/username/Library/LaunchAgents/
    If you don't find it there, use the following method to search for it.

    The only effective method for complete app removal is manual deletion:
     
  16. shwc macrumors regular

    Joined:
    Jul 2, 2005
    #16
    Sorry about that. I did not want to instigate family unrest.
    I think the program is called Refog, a keylogging program.

    Link 1
    Link 2

    You would have had to install it yourself and supply your password to install.
     
  17. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #17
    It's not the Refog keylogger app. The OP already identified it as smoke, and the Refog menu is different from what the OP quoted.
     
  18. shwc macrumors regular

    Joined:
    Jul 2, 2005
    #18
    I guess I was assuming that smoke was the name of the stealth process set up by Refog.

    Refog was the only "logging program" I found that had a similar icon. Refog has a checkbox to place a menu item in the menu bar.

    I am glad to hear that it is not Refog.
     
  19. herbsties thread starter macrumors newbie

    Joined:
    Feb 12, 2011
    #19
    Refrog

    I believe it is refrog i looked at their site and that is the exact icon. And believe that i had that installed at one time when i was looking and trying different security options for this computer since several children have access to it. If i were to reinstall it and do a complete clean uninstall do you think it would remove it. Although iI am not as concerned about it now.
     
  20. shwc macrumors regular

    Joined:
    Jul 2, 2005
    #20
    Yes, I would thing that running the refog install/uninstaller (assuming they have one) should do the trick nicely.
     
  21. herbsties thread starter macrumors newbie

    Joined:
    Feb 12, 2011
    #21
    reinstall

    Nope that won't work. When I try to reinstall, the password prompt comes up from the previous install, and will not let me go any farther without it. I have tried every thing I can think of for the password.
     
  22. shwc macrumors regular

    Joined:
    Jul 2, 2005
    #22
    You can try emailing the Refog people or see if they have a FAQ on their website. I am sure the company must get the "I forgot my password. How do I uninstall?" question a lot.
     
  23. herbsties thread starter macrumors newbie

    Joined:
    Feb 12, 2011
    #23
    Thanks for the help all ! I will have to contact the refrog people.
     
  24. g4cubed macrumors 6502a

    g4cubed

    Joined:
    Jun 2, 2004

Share This Page