MacBook Pro Virus?

Discussion in 'Mac Basics and Help' started by JDalli, Sep 8, 2015.

  1. JDalli macrumors newbie

    Sep 8, 2015
    There seems to be some type of virus on my Mac and I cant seem to figure out where it is or where its coming from. A few times a day i'll click on something and it'll open a new tab with virus information and popups that take a while to close. It also pops up with a "Mac Help" number that it says to call, but i'm not stupid and I know its a scam. It's pretty annoying and I want to get rid of it asap, any suggestions would be appreciated, thanks.

    Screen Shot 2015-09-08 at 12.52.57 PM.png
  2. T'hain Esh Kelch macrumors 601

    T'hain Esh Kelch

    Aug 5, 2001
    No you do not have a virus. Either you have a browser plugin, or you installed some malware. Run malware medic.
  3. CoastalOR macrumors 68020


    Jan 19, 2015
    Oregon, USA
  4. Bending Pixels, Sep 8, 2015
    Last edited: Sep 8, 2015

    Bending Pixels macrumors 65816

    Jul 22, 2010
    It looks like you installed Chrome - that's pretty much equal to malware. Ditch it.

    One more thing - that pop-up usually appears if you've been to a questionable or naughty site.
  5. 0007776 Suspended


    Jul 11, 2006
    What kinds of sites is it coming up on? It's a common scam to make popups that claim your computer has malware on it when it doesn't and it's just the site you are visiting.

    Or it is possible that you installed one of the trojans out there for macs, did you type your administrator password in for anything that seemed odd lately, or installed any pirated software?
  6. dumastudetto macrumors 68030

    Aug 28, 2013
    I don't think a Mac would be showing a BSOD with a Windows health error message. Also I don't think Microsoft issues actual BSOD error codes. But apart from that it looks very genuine.

    Usually these things are launched by websites running a rogue ad. The easiest solution is to block javascript on that site when you find the culprit.
  7. Weaselboy Moderator


    Staff Member

    Jan 23, 2005
    This is nothing but a Javascript popup and a scam and you have nothing to worry about. Give this article a read.

    Just command-q quit your browser then hold the shift key when you relaunch the browser to stop from being redirected to the popup site. If you really need to use that site, just turn off Javascript in your browser and it will stop the popup.
  8. JDalli thread starter macrumors newbie

    Sep 8, 2015
    Its not a certain site, its a lot of sites, even youtube sometimes. I'll click somewhere like the search bar and that website will open and start going nuts
  9. Weaselboy Moderator


    Staff Member

    Jan 23, 2005
    If that is the case, then yes, you have likely installed some malware on there.

    Use this app mentioned earlier to scan for malware.
  10. JDalli thread starter macrumors newbie

    Sep 8, 2015
    Okay so I tried all the apps and programs mentioned, I have AVG and all the protection up to date on my mac. Ive deleted chrome completely and reinstalled it but the pop ups and spam continues. Do you guys have any other ideas before I wipe my Mac completely (which I'd really rather not) Thanks
  11. Queen6, Sep 15, 2015
    Last edited: Sep 15, 2015

    Queen6 macrumors 604


    Dec 11, 2008
    Land of the Unexpected
    Try this; install KnockKnock, run it, be sure to read the developers associated page.

    Malware installs itself persistently, to ensure it is automatically executed each time a computer is restarted. KnockKnock uncovers persistently installed software in order to generically reveal such malware.

  12. Weaselboy Moderator


    Staff Member

    Jan 23, 2005
    DL and run the app Etrecheck. That will produce an anonymized report that lists all process and launch/startup items on your Mac. Post the report here so we can have a look and hopefully ID the culprit for you.
  13. JDalli thread starter macrumors newbie

    Sep 8, 2015
    so I installed that and it came up with nothing
  14. JDalli thread starter macrumors newbie

    Sep 8, 2015
    EtreCheck version: 2.4.2 (142)

    Report generated 9/16/15, 1:07 PM

    Download EtreCheck from

    Click the [Click for support] links for help with non-Apple products.

    Click the [Click for details] links for more information about that line.

    Hardware Information: (What does this mean?)

    MacBook Pro (Retina, 13-inch, Late 2013) (Technical Specifications)

    MacBook Pro - model: MacBookPro11,1

    1 2.8 GHz Intel Core i7 CPU: 2-core

    16 GB RAM Not upgradeable

    BANK 0/DIMM0

    8 GB DDR3 1600 MHz ok

    BANK 1/DIMM0

    8 GB DDR3 1600 MHz ok

    Bluetooth: Good - Handoff/Airdrop2 supported

    Wireless: en0: 802.11 a/b/g/n/ac

    Battery: Health = Normal - Cycle count = 410 - SN = D864175T4ADFVN7AM

    Video Information: (What does this mean?)

    Intel Iris

    E32-C1 1920 x 1080

    System Software: (What does this mean?)

    OS X 10.10.5 (14F27) - Time since boot: about 2 days

    Disk Information: (What does this mean?)

    APPLE SSD SM0512F disk0 : (500.28 GB) (Solid State - TRIM: Yes)

    EFI (disk0s1) <not mounted> : 210 MB

    Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

    Untitled (disk0s4) /Volumes/Untitled : 50.00 GB (41.32 GB free)

    Macintosh HD (disk1) / : 449.06 GB (276.93 GB free)

    Encrypted AES-XTS Unlocked

    Core Storage: disk0s2 449.42 GB Online

    USB Information: (What does this mean?)

    Apple Internal Memory Card Reader

    Apple Inc. iPhone

    Logitech USB Receiver

    Apple Inc. BRCM20702 Hub

    Apple Inc. Bluetooth USB Host Controller

    Apple Inc. Apple Internal Keyboard / Trackpad

    Thunderbolt Information: (What does this mean?)

    Apple Inc. thunderbolt_bus

    Configuration files: (What does this mean?)

    /etc/sysctl.conf - File exists but not expected

    /etc/hosts - Count: 15

    Gatekeeper: (What does this mean?)

    Mac App Store

    Kernel Extensions: (What does this mean?)


    [loaded] com.avg.Antivirus.OnAccess.kext (2015.0 - SDK 10.8) [Click for support]

    /Applications/Toast 11 Titanium/Spin

    [not loaded] com.hzsystems.terminus.driver (4) [Click for support]


    [loaded] com.Logitech.Control Center.HID Driver (3.9.1 - SDK 10.8) [Click for support]


    [loaded] com.Logitech.Unifying.HID Driver (1.3.0 - SDK 10.6) [Click for support]


    [not loaded] com.roxio.TDIXController (2.0) [Click for support]

    Launch Agents: (What does this mean?)

    [not loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]

    [loaded] com.adobe.CS5ServiceManager.plist [Click for support]

    [running] com.avg.Antivirus.gui.plist [Click for support]

    [running] com.bjango.istatmenusagent.plist [Click for support]

    [running] com.bjango.istatmenusnotifications.plist [Click for support]

    [running] com.Logitech.Control Center.Daemon.plist [Click for support]

    [loaded] [Click for support]

    [running] com.teamviewer.teamviewer.plist [Click for support]

    [running] com.teamviewer.teamviewer_desktop.plist [Click for support]

    Launch Daemons: (What does this mean?)

    [loaded] com.adobe.fpsaud.plist [Click for support]

    [loaded] com.adobe.SwitchBoard.plist [Click for support]

    [loaded] com.avg.Antivirus.crashpad.plist [Click for support]

    [running] com.avg.Antivirus.infosd.plist [Click for support]

    [running] [Click for support]

    [running] com.bjango.istatmenusdaemon.plist [Click for support]

    [loaded] [Click for support]

    [loaded] [Click for support]

    [loaded] [Click for support]

    [loaded] [Click for support]

    [loaded] [Click for support]

    [loaded] com.teamviewer.Helper.plist [Click for support]

    [running] com.teamviewer.teamviewer_service.plist [Click for support]

    [loaded] net.cloudpath.HelperTool2.plist [Click for support]

    User Launch Agents: (What does this mean?)

    [loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]

    [loaded] [Click for support]

    [loaded] com.valvesoftware.steamclean.plist [Click for support]

    User Login Items: (What does this mean?)

    Steam Application (/Applications/

    iTunesHelper Application (/Applications/

    uTorrent Application (/Applications/

    ToneSync Application (/Applications/

    Google Chrome Application Hidden (/Applications/Google

    Internet Plug-ins: (What does this mean?)

    FlashPlayer-10.6: Version: - SDK 10.6 [Click for support]

    QuickTime Plugin: Version: 7.7.3

    Flash Player: Version: - SDK 10.6 [Click for support]

    Default Browser: Version: 600 - SDK 10.10

    SharePointBrowserPlugin: Version: 14.5.4 - SDK 10.6 [Click for support]

    Unity Web Player: Version: UnityPlayer version 4.5.2f1 - SDK 10.6 [Click for support]

    Silverlight: Version: 5.1.40416.0 - SDK 10.6 [Click for support]

    JavaAppletPlugin: Version: Java 8 Update 60 build 27 Check version

    Safari Extensions: (What does this mean?)


    My eBay Manager

    Reload Button


    3rd Party Preference Panes: (What does this mean?)

    Flash Player [Click for support]

    Growl [Click for support]

    Java [Click for support]

    Logitech Control Center [Click for support]

    Time Machine: (What does this mean?)

    Time Machine not configured!

    Top Processes by CPU: (What does this mean?)

    7% WindowServer

    2% fontd

    2% Google Chrome Helper(14)

    1% avgscand

    1% Dock

    Top Processes by Memory: (What does this mean?)

    4.32 GB Google Chrome Helper(14)

    1.13 GB kernel_task

    459 MB softwareupdated

    328 MB Google Chrome

    311 MB TeamViewer

    Virtual Memory Information: (What does this mean?)

    1.86 GB Free RAM

    14.00 GB Used RAM (3.21 GB Cached)

    0 B Swap Used

    Diagnostics Information: (What does this mean?)

    Sep 14, 2015, 12:45:30 PM Self test - passed
  15. Weaselboy Moderator


    Staff Member

    Jan 23, 2005
    This is the only one I see there I am not familiar with. Do you know what this is for?

    Otherwise there is nothing running that looks like it would be malware and cause this issue.

    Did you try force quitting Safari then holding the shift key when restarting Safari like I mentioned earlier? Normally that will stop these popups. Unless of course you go back to the same web page that is running the popup.
  16. JDalli thread starter macrumors newbie

    Sep 8, 2015
    Im using chrome, is it the same command for force quit?
  17. hallux macrumors 68030


    Apr 25, 2012
    Force quit is an OS-level command, should work on all programs.
  18. JDalli thread starter macrumors newbie

    Sep 8, 2015
    Okay i've done everything suggested, I'll let you guys know if it worked. Thanks
  19. Bending Pixels macrumors 65816

    Jul 22, 2010
    JDalli - uninstall Chrome. Don't reinstall it. Use Safari. Also, when Finder is shown in the upper left, click on Go and hold down the Option key. Library will then be an option. Select that and under Application Support, look for either Google or Chrome, and delete that folder.
  20. JDalli thread starter macrumors newbie

    Sep 8, 2015
    I did that and deleted all the chrome related files, is there any way to safely install chrome or should I just take the loss
  21. MacDawg macrumors Core


    Mar 20, 2004
    "Between the Hedges"
    There is no reason you shouldn't be able to use Chrome safely on your computer, many, many, many Mac users use Chrome every day without issue

    Your issue can be identified and corrected with enough information and patience
  22. Weaselboy Moderator


    Staff Member

    Jan 23, 2005
    There is no reason you cannot get Chrome and install it as long as you get it direct from Google. Chrome is not the problem here.
  23. PhillyGuy72 macrumors 65816


    Sep 13, 2014
    Philadelphia, PA USA
    Do you have AdBlock SUPER as an extension anywhere?

    If you do and if you can...get rid of that ASAP!
    That is not a legit extension from the makers of the real AdBlock, this "Super" is filled with Malware and hijacks your browsers. Redirects to force you to down fake Flash Player updaters, pop ups and now I've seen it pulling off Ransomware.

    Evil BS plug in from some scammer in Russia.

Share This Page