There seems to be some type of virus on my Mac and I cant seem to figure out where it is or where its coming from. A few times a day i'll click on something and it'll open a new tab with virus information and popups that take a while to close. It also pops up with a "Mac Help" number that it says to call, but i'm not stupid and I know its a scam. It's pretty annoying and I want to get rid of it asap, any suggestions would be appreciated, thanks.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
MacBook Pro Virus?
- Thread starter JDalli
- Start date
- Sort by reaction score
No you do not have a virus. Either you have a browser plugin, or you installed some malware. Run malware medic.
It looks like you installed Chrome - that's pretty much equal to malware. Ditch it.
One more thing - that pop-up usually appears if you've been to a questionable or naughty site.
One more thing - that pop-up usually appears if you've been to a questionable or naughty site.
Last edited:
What kinds of sites is it coming up on? It's a common scam to make popups that claim your computer has malware on it when it doesn't and it's just the site you are visiting.
Or it is possible that you installed one of the trojans out there for macs, did you type your administrator password in for anything that seemed odd lately, or installed any pirated software?
Or it is possible that you installed one of the trojans out there for macs, did you type your administrator password in for anything that seemed odd lately, or installed any pirated software?
I don't think a Mac would be showing a BSOD with a Windows health error message. Also I don't think Microsoft issues actual BSOD error codes. But apart from that it looks very genuine.
Usually these things are launched by websites running a rogue ad. The easiest solution is to block javascript on that site when you find the culprit.
Usually these things are launched by websites running a rogue ad. The easiest solution is to block javascript on that site when you find the culprit.
This is nothing but a Javascript popup and a scam and you have nothing to worry about. Give this article a read.
Just command-q quit your browser then hold the shift key when you relaunch the browser to stop from being redirected to the popup site. If you really need to use that site, just turn off Javascript in your browser and it will stop the popup.
If that is the case, then yes, you have likely installed some malware on there.
Use this app mentioned earlier to scan for malware.
Okay so I tried all the apps and programs mentioned, I have AVG and all the protection up to date on my mac. Ive deleted chrome completely and reinstalled it but the pop ups and spam continues. Do you guys have any other ideas before I wipe my Mac completely (which I'd really rather not) Thanks
Try this; install KnockKnock, run it, be sure to read the developers associated page.
Malware installs itself persistently, to ensure it is automatically executed each time a computer is restarted. KnockKnock uncovers persistently installed software in order to generically reveal such malware.
Q-6
Last edited:
DL and run the app Etrecheck. That will produce an anonymized report that lists all process and launch/startup items on your Mac. Post the report here so we can have a look and hopefully ID the culprit for you.
EtreCheck version: 2.4.2 (142)
Report generated 9/16/15, 1:07 PM
Download EtreCheck from http://etresoft.com/etrecheck
Click the [Click for support] links for help with non-Apple products.
Click the [Click for details] links for more information about that line.
Hardware Information: (What does this mean?)
MacBook Pro (Retina, 13-inch, Late 2013) (Technical Specifications)
MacBook Pro - model: MacBookPro11,1
1 2.8 GHz Intel Core i7 CPU: 2-core
16 GB RAM Not upgradeable
BANK 0/DIMM0
8 GB DDR3 1600 MHz ok
BANK 1/DIMM0
8 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en0: 802.11 a/b/g/n/ac
Battery: Health = Normal - Cycle count = 410 - SN = D864175T4ADFVN7AM
Video Information: (What does this mean?)
Intel Iris
E32-C1 1920 x 1080
System Software: (What does this mean?)
OS X 10.10.5 (14F27) - Time since boot: about 2 days
Disk Information: (What does this mean?)
APPLE SSD SM0512F disk0 : (500.28 GB) (Solid State - TRIM: Yes)
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Untitled (disk0s4) /Volumes/Untitled : 50.00 GB (41.32 GB free)
Macintosh HD (disk1) / : 449.06 GB (276.93 GB free)
Encrypted AES-XTS Unlocked
Core Storage: disk0s2 449.42 GB Online
USB Information: (What does this mean?)
Apple Internal Memory Card Reader
Apple Inc. iPhone
Logitech USB Receiver
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Inc. Apple Internal Keyboard / Trackpad
Thunderbolt Information: (What does this mean?)
Apple Inc. thunderbolt_bus
Configuration files: (What does this mean?)
/etc/sysctl.conf - File exists but not expected
/etc/hosts - Count: 15
Gatekeeper: (What does this mean?)
Mac App Store
Kernel Extensions: (What does this mean?)
/Applications/AVG AntiVirus.app
[loaded] com.avg.Antivirus.OnAccess.kext (2015.0 - SDK 10.8) [Click for support]
/Applications/Toast 11 Titanium/Spin Doctor.app
[not loaded] com.hzsystems.terminus.driver (4) [Click for support]
/Library/Extensions
[loaded] com.Logitech.Control Center.HID Driver (3.9.1 - SDK 10.8) [Click for support]
/System/Library/Extensions
[loaded] com.Logitech.Unifying.HID Driver (1.3.0 - SDK 10.6) [Click for support]
~/Library/Services/ToastIt.service/Contents/MacOS
[not loaded] com.roxio.TDIXController (2.0) [Click for support]
Launch Agents: (What does this mean?)
[not loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]
[loaded] com.adobe.CS5ServiceManager.plist [Click for support]
[running] com.avg.Antivirus.gui.plist [Click for support]
[running] com.bjango.istatmenusagent.plist [Click for support]
[running] com.bjango.istatmenusnotifications.plist [Click for support]
[running] com.Logitech.Control Center.Daemon.plist [Click for support]
[loaded] com.oracle.java.Java-Updater.plist [Click for support]
[running] com.teamviewer.teamviewer.plist [Click for support]
[running] com.teamviewer.teamviewer_desktop.plist [Click for support]
Launch Daemons: (What does this mean?)
[loaded] com.adobe.fpsaud.plist [Click for support]
[loaded] com.adobe.SwitchBoard.plist [Click for support]
[loaded] com.avg.Antivirus.crashpad.plist [Click for support]
[running] com.avg.Antivirus.infosd.plist [Click for support]
[running] com.avg.Antivirus.services.plist [Click for support]
[running] com.bjango.istatmenusdaemon.plist [Click for support]
[loaded] com.microsoft.office.licensing.helper.plist [Click for support]
[loaded] com.microsoft.office.licensingV2.helper.plist [Click for support]
[loaded] com.oracle.java.Helper-Tool.plist [Click for support]
[loaded] com.oracle.java.JavaUpdateHelper.plist [Click for support]
[loaded] com.skype.skypeinstaller.plist [Click for support]
[loaded] com.teamviewer.Helper.plist [Click for support]
[running] com.teamviewer.teamviewer_service.plist [Click for support]
[loaded] net.cloudpath.HelperTool2.plist [Click for support]
User Launch Agents: (What does this mean?)
[loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]
[loaded] com.google.keystone.agent.plist [Click for support]
[loaded] com.valvesoftware.steamclean.plist [Click for support]
User Login Items: (What does this mean?)
Steam Application (/Applications/Steam.app)
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
uTorrent Application (/Applications/uTorrent.app)
ToneSync Application (/Applications/ToneSync.app)
Google Chrome Application Hidden (/Applications/Google Chrome.app)
Internet Plug-ins: (What does this mean?)
FlashPlayer-10.6: Version: 18.0.0.232 - SDK 10.6 [Click for support]
QuickTime Plugin: Version: 7.7.3
Flash Player: Version: 18.0.0.232 - SDK 10.6 [Click for support]
Default Browser: Version: 600 - SDK 10.10
SharePointBrowserPlugin: Version: 14.5.4 - SDK 10.6 [Click for support]
Unity Web Player: Version: UnityPlayer version 4.5.2f1 - SDK 10.6 [Click for support]
Silverlight: Version: 5.1.40416.0 - SDK 10.6 [Click for support]
JavaAppletPlugin: Version: Java 8 Update 60 build 27 Check version
Safari Extensions: (What does this mean?)
AdBlock
My eBay Manager
Reload Button
YoutubeWide
3rd Party Preference Panes: (What does this mean?)
Flash Player [Click for support]
Growl [Click for support]
Java [Click for support]
Logitech Control Center [Click for support]
Time Machine: (What does this mean?)
Time Machine not configured!
Top Processes by CPU: (What does this mean?)
7% WindowServer
2% fontd
2% Google Chrome Helper(14)
1% avgscand
1% Dock
Top Processes by Memory: (What does this mean?)
4.32 GB Google Chrome Helper(14)
1.13 GB kernel_task
459 MB softwareupdated
328 MB Google Chrome
311 MB TeamViewer
Virtual Memory Information: (What does this mean?)
1.86 GB Free RAM
14.00 GB Used RAM (3.21 GB Cached)
0 B Swap Used
Diagnostics Information: (What does this mean?)
Sep 14, 2015, 12:45:30 PM Self test - passed
Report generated 9/16/15, 1:07 PM
Download EtreCheck from http://etresoft.com/etrecheck
Click the [Click for support] links for help with non-Apple products.
Click the [Click for details] links for more information about that line.
Hardware Information: (What does this mean?)
MacBook Pro (Retina, 13-inch, Late 2013) (Technical Specifications)
MacBook Pro - model: MacBookPro11,1
1 2.8 GHz Intel Core i7 CPU: 2-core
16 GB RAM Not upgradeable
BANK 0/DIMM0
8 GB DDR3 1600 MHz ok
BANK 1/DIMM0
8 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en0: 802.11 a/b/g/n/ac
Battery: Health = Normal - Cycle count = 410 - SN = D864175T4ADFVN7AM
Video Information: (What does this mean?)
Intel Iris
E32-C1 1920 x 1080
System Software: (What does this mean?)
OS X 10.10.5 (14F27) - Time since boot: about 2 days
Disk Information: (What does this mean?)
APPLE SSD SM0512F disk0 : (500.28 GB) (Solid State - TRIM: Yes)
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Untitled (disk0s4) /Volumes/Untitled : 50.00 GB (41.32 GB free)
Macintosh HD (disk1) / : 449.06 GB (276.93 GB free)
Encrypted AES-XTS Unlocked
Core Storage: disk0s2 449.42 GB Online
USB Information: (What does this mean?)
Apple Internal Memory Card Reader
Apple Inc. iPhone
Logitech USB Receiver
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Inc. Apple Internal Keyboard / Trackpad
Thunderbolt Information: (What does this mean?)
Apple Inc. thunderbolt_bus
Configuration files: (What does this mean?)
/etc/sysctl.conf - File exists but not expected
/etc/hosts - Count: 15
Gatekeeper: (What does this mean?)
Mac App Store
Kernel Extensions: (What does this mean?)
/Applications/AVG AntiVirus.app
[loaded] com.avg.Antivirus.OnAccess.kext (2015.0 - SDK 10.8) [Click for support]
/Applications/Toast 11 Titanium/Spin Doctor.app
[not loaded] com.hzsystems.terminus.driver (4) [Click for support]
/Library/Extensions
[loaded] com.Logitech.Control Center.HID Driver (3.9.1 - SDK 10.8) [Click for support]
/System/Library/Extensions
[loaded] com.Logitech.Unifying.HID Driver (1.3.0 - SDK 10.6) [Click for support]
~/Library/Services/ToastIt.service/Contents/MacOS
[not loaded] com.roxio.TDIXController (2.0) [Click for support]
Launch Agents: (What does this mean?)
[not loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]
[loaded] com.adobe.CS5ServiceManager.plist [Click for support]
[running] com.avg.Antivirus.gui.plist [Click for support]
[running] com.bjango.istatmenusagent.plist [Click for support]
[running] com.bjango.istatmenusnotifications.plist [Click for support]
[running] com.Logitech.Control Center.Daemon.plist [Click for support]
[loaded] com.oracle.java.Java-Updater.plist [Click for support]
[running] com.teamviewer.teamviewer.plist [Click for support]
[running] com.teamviewer.teamviewer_desktop.plist [Click for support]
Launch Daemons: (What does this mean?)
[loaded] com.adobe.fpsaud.plist [Click for support]
[loaded] com.adobe.SwitchBoard.plist [Click for support]
[loaded] com.avg.Antivirus.crashpad.plist [Click for support]
[running] com.avg.Antivirus.infosd.plist [Click for support]
[running] com.avg.Antivirus.services.plist [Click for support]
[running] com.bjango.istatmenusdaemon.plist [Click for support]
[loaded] com.microsoft.office.licensing.helper.plist [Click for support]
[loaded] com.microsoft.office.licensingV2.helper.plist [Click for support]
[loaded] com.oracle.java.Helper-Tool.plist [Click for support]
[loaded] com.oracle.java.JavaUpdateHelper.plist [Click for support]
[loaded] com.skype.skypeinstaller.plist [Click for support]
[loaded] com.teamviewer.Helper.plist [Click for support]
[running] com.teamviewer.teamviewer_service.plist [Click for support]
[loaded] net.cloudpath.HelperTool2.plist [Click for support]
User Launch Agents: (What does this mean?)
[loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]
[loaded] com.google.keystone.agent.plist [Click for support]
[loaded] com.valvesoftware.steamclean.plist [Click for support]
User Login Items: (What does this mean?)
Steam Application (/Applications/Steam.app)
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
uTorrent Application (/Applications/uTorrent.app)
ToneSync Application (/Applications/ToneSync.app)
Google Chrome Application Hidden (/Applications/Google Chrome.app)
Internet Plug-ins: (What does this mean?)
FlashPlayer-10.6: Version: 18.0.0.232 - SDK 10.6 [Click for support]
QuickTime Plugin: Version: 7.7.3
Flash Player: Version: 18.0.0.232 - SDK 10.6 [Click for support]
Default Browser: Version: 600 - SDK 10.10
SharePointBrowserPlugin: Version: 14.5.4 - SDK 10.6 [Click for support]
Unity Web Player: Version: UnityPlayer version 4.5.2f1 - SDK 10.6 [Click for support]
Silverlight: Version: 5.1.40416.0 - SDK 10.6 [Click for support]
JavaAppletPlugin: Version: Java 8 Update 60 build 27 Check version
Safari Extensions: (What does this mean?)
AdBlock
My eBay Manager
Reload Button
YoutubeWide
3rd Party Preference Panes: (What does this mean?)
Flash Player [Click for support]
Growl [Click for support]
Java [Click for support]
Logitech Control Center [Click for support]
Time Machine: (What does this mean?)
Time Machine not configured!
Top Processes by CPU: (What does this mean?)
7% WindowServer
2% fontd
2% Google Chrome Helper(14)
1% avgscand
1% Dock
Top Processes by Memory: (What does this mean?)
4.32 GB Google Chrome Helper(14)
1.13 GB kernel_task
459 MB softwareupdated
328 MB Google Chrome
311 MB TeamViewer
Virtual Memory Information: (What does this mean?)
1.86 GB Free RAM
14.00 GB Used RAM (3.21 GB Cached)
0 B Swap Used
Diagnostics Information: (What does this mean?)
Sep 14, 2015, 12:45:30 PM Self test - passed
This is the only one I see there I am not familiar with. Do you know what this is for?
Otherwise there is nothing running that looks like it would be malware and cause this issue.
Did you try force quitting Safari then holding the shift key when restarting Safari like I mentioned earlier? Normally that will stop these popups. Unless of course you go back to the same web page that is running the popup.
JDalli - uninstall Chrome. Don't reinstall it. Use Safari. Also, when Finder is shown in the upper left, click on Go and hold down the Option key. Library will then be an option. Select that and under Application Support, look for either Google or Chrome, and delete that folder.
There is no reason you cannot get Chrome and install it as long as you get it direct from Google. Chrome is not the problem here.
Do you have AdBlock SUPER as an extension anywhere?
If you do and if you can...get rid of that ASAP!
That is not a legit extension from the makers of the real AdBlock, this "Super" is filled with Malware and hijacks your browsers. Redirects to force you to down fake Flash Player updaters, pop ups and now I've seen it pulling off Ransomware.
Evil BS plug in from some scammer in Russia.
If you do and if you can...get rid of that ASAP!
That is not a legit extension from the makers of the real AdBlock, this "Super" is filled with Malware and hijacks your browsers. Redirects to force you to down fake Flash Player updaters, pop ups and now I've seen it pulling off Ransomware.
Evil BS plug in from some scammer in Russia.