MacBook Pro Virus?

Discussion in 'Mac Basics and Help' started by JDalli, Sep 8, 2015.

  1. JDalli macrumors newbie

    Joined:
    Sep 8, 2015
    #1
    There seems to be some type of virus on my Mac and I cant seem to figure out where it is or where its coming from. A few times a day i'll click on something and it'll open a new tab with virus information and popups that take a while to close. It also pops up with a "Mac Help" number that it says to call, but i'm not stupid and I know its a scam. It's pretty annoying and I want to get rid of it asap, any suggestions would be appreciated, thanks.

    Screen Shot 2015-09-08 at 12.52.57 PM.png
     
  2. T'hain Esh Kelch macrumors 601

    T'hain Esh Kelch

    Joined:
    Aug 5, 2001
    Location:
    Denmark
    #2
    No you do not have a virus. Either you have a browser plugin, or you installed some malware. Run malware medic.
     
  3. CoastalOR macrumors 68000

    CoastalOR

    Joined:
    Jan 19, 2015
    Location:
    Oregon, USA
  4. Bending Pixels, Sep 8, 2015
    Last edited: Sep 8, 2015

    Bending Pixels macrumors 65816

    Joined:
    Jul 22, 2010
    #4
    It looks like you installed Chrome - that's pretty much equal to malware. Ditch it.

    One more thing - that pop-up usually appears if you've been to a questionable or naughty site.
     
  5. mrkramer macrumors 603

    mrkramer

    Joined:
    Jul 11, 2006
    Location:
    Somewhere
    #5
    What kinds of sites is it coming up on? It's a common scam to make popups that claim your computer has malware on it when it doesn't and it's just the site you are visiting.

    Or it is possible that you installed one of the trojans out there for macs, did you type your administrator password in for anything that seemed odd lately, or installed any pirated software?
     
  6. dumastudetto macrumors 68020

    Joined:
    Aug 28, 2013
    #6
    I don't think a Mac would be showing a BSOD with a Windows health error message. Also I don't think Microsoft issues actual BSOD error codes. But apart from that it looks very genuine.

    Usually these things are launched by websites running a rogue ad. The easiest solution is to block javascript on that site when you find the culprit.
     
  7. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #7
    This is nothing but a Javascript popup and a scam and you have nothing to worry about. Give this article a read.

    Just command-q quit your browser then hold the shift key when you relaunch the browser to stop from being redirected to the popup site. If you really need to use that site, just turn off Javascript in your browser and it will stop the popup.
     
  8. JDalli thread starter macrumors newbie

    Joined:
    Sep 8, 2015
    #8
    Its not a certain site, its a lot of sites, even youtube sometimes. I'll click somewhere like the search bar and that website will open and start going nuts
     
  9. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #9
    If that is the case, then yes, you have likely installed some malware on there.

    Use this app mentioned earlier to scan for malware.
     
  10. JDalli thread starter macrumors newbie

    Joined:
    Sep 8, 2015
    #10
    Okay so I tried all the apps and programs mentioned, I have AVG and all the protection up to date on my mac. Ive deleted chrome completely and reinstalled it but the pop ups and spam continues. Do you guys have any other ideas before I wipe my Mac completely (which I'd really rather not) Thanks
     
  11. Queen6, Sep 15, 2015
    Last edited: Sep 15, 2015

    Queen6 macrumors 603

    Queen6

    Joined:
    Dec 11, 2008
    Location:
    Enjoying Better Things
    #12
    Try this; install KnockKnock, run it, be sure to read the developers associated page.

    Malware installs itself persistently, to ensure it is automatically executed each time a computer is restarted. KnockKnock uncovers persistently installed software in order to generically reveal such malware.

    Q-6
     
  12. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #13
    DL and run the app Etrecheck. That will produce an anonymized report that lists all process and launch/startup items on your Mac. Post the report here so we can have a look and hopefully ID the culprit for you.
     
  13. JDalli thread starter macrumors newbie

    Joined:
    Sep 8, 2015
    #14
    so I installed that and it came up with nothing
     
  14. JDalli thread starter macrumors newbie

    Joined:
    Sep 8, 2015
    #15
    EtreCheck version: 2.4.2 (142)

    Report generated 9/16/15, 1:07 PM

    Download EtreCheck from http://etresoft.com/etrecheck



    Click the [Click for support] links for help with non-Apple products.

    Click the [Click for details] links for more information about that line.



    Hardware Information: (What does this mean?)

    MacBook Pro (Retina, 13-inch, Late 2013) (Technical Specifications)

    MacBook Pro - model: MacBookPro11,1

    1 2.8 GHz Intel Core i7 CPU: 2-core

    16 GB RAM Not upgradeable

    BANK 0/DIMM0

    8 GB DDR3 1600 MHz ok

    BANK 1/DIMM0

    8 GB DDR3 1600 MHz ok

    Bluetooth: Good - Handoff/Airdrop2 supported

    Wireless: en0: 802.11 a/b/g/n/ac

    Battery: Health = Normal - Cycle count = 410 - SN = D864175T4ADFVN7AM


    Video Information: (What does this mean?)

    Intel Iris

    E32-C1 1920 x 1080


    System Software: (What does this mean?)

    OS X 10.10.5 (14F27) - Time since boot: about 2 days


    Disk Information: (What does this mean?)

    APPLE SSD SM0512F disk0 : (500.28 GB) (Solid State - TRIM: Yes)

    EFI (disk0s1) <not mounted> : 210 MB

    Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

    Untitled (disk0s4) /Volumes/Untitled : 50.00 GB (41.32 GB free)

    Macintosh HD (disk1) / : 449.06 GB (276.93 GB free)

    Encrypted AES-XTS Unlocked

    Core Storage: disk0s2 449.42 GB Online


    USB Information: (What does this mean?)

    Apple Internal Memory Card Reader

    Apple Inc. iPhone

    Logitech USB Receiver

    Apple Inc. BRCM20702 Hub

    Apple Inc. Bluetooth USB Host Controller

    Apple Inc. Apple Internal Keyboard / Trackpad


    Thunderbolt Information: (What does this mean?)

    Apple Inc. thunderbolt_bus


    Configuration files: (What does this mean?)

    /etc/sysctl.conf - File exists but not expected

    /etc/hosts - Count: 15


    Gatekeeper: (What does this mean?)

    Mac App Store


    Kernel Extensions: (What does this mean?)

    /Applications/AVG AntiVirus.app

    [loaded] com.avg.Antivirus.OnAccess.kext (2015.0 - SDK 10.8) [Click for support]



    /Applications/Toast 11 Titanium/Spin Doctor.app

    [not loaded] com.hzsystems.terminus.driver (4) [Click for support]



    /Library/Extensions

    [loaded] com.Logitech.Control Center.HID Driver (3.9.1 - SDK 10.8) [Click for support]



    /System/Library/Extensions

    [loaded] com.Logitech.Unifying.HID Driver (1.3.0 - SDK 10.6) [Click for support]



    ~/Library/Services/ToastIt.service/Contents/MacOS

    [not loaded] com.roxio.TDIXController (2.0) [Click for support]



    Launch Agents: (What does this mean?)

    [not loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]

    [loaded] com.adobe.CS5ServiceManager.plist [Click for support]

    [running] com.avg.Antivirus.gui.plist [Click for support]

    [running] com.bjango.istatmenusagent.plist [Click for support]

    [running] com.bjango.istatmenusnotifications.plist [Click for support]

    [running] com.Logitech.Control Center.Daemon.plist [Click for support]

    [loaded] com.oracle.java.Java-Updater.plist [Click for support]

    [running] com.teamviewer.teamviewer.plist [Click for support]

    [running] com.teamviewer.teamviewer_desktop.plist [Click for support]


    Launch Daemons: (What does this mean?)

    [loaded] com.adobe.fpsaud.plist [Click for support]

    [loaded] com.adobe.SwitchBoard.plist [Click for support]

    [loaded] com.avg.Antivirus.crashpad.plist [Click for support]

    [running] com.avg.Antivirus.infosd.plist [Click for support]

    [running] com.avg.Antivirus.services.plist [Click for support]

    [running] com.bjango.istatmenusdaemon.plist [Click for support]

    [loaded] com.microsoft.office.licensing.helper.plist [Click for support]

    [loaded] com.microsoft.office.licensingV2.helper.plist [Click for support]

    [loaded] com.oracle.java.Helper-Tool.plist [Click for support]

    [loaded] com.oracle.java.JavaUpdateHelper.plist [Click for support]

    [loaded] com.skype.skypeinstaller.plist [Click for support]

    [loaded] com.teamviewer.Helper.plist [Click for support]

    [running] com.teamviewer.teamviewer_service.plist [Click for support]

    [loaded] net.cloudpath.HelperTool2.plist [Click for support]


    User Launch Agents: (What does this mean?)

    [loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]

    [loaded] com.google.keystone.agent.plist [Click for support]

    [loaded] com.valvesoftware.steamclean.plist [Click for support]


    User Login Items: (What does this mean?)

    Steam Application (/Applications/Steam.app)

    iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

    uTorrent Application (/Applications/uTorrent.app)

    ToneSync Application (/Applications/ToneSync.app)

    Google Chrome Application Hidden (/Applications/Google Chrome.app)


    Internet Plug-ins: (What does this mean?)

    FlashPlayer-10.6: Version: 18.0.0.232 - SDK 10.6 [Click for support]

    QuickTime Plugin: Version: 7.7.3

    Flash Player: Version: 18.0.0.232 - SDK 10.6 [Click for support]

    Default Browser: Version: 600 - SDK 10.10

    SharePointBrowserPlugin: Version: 14.5.4 - SDK 10.6 [Click for support]

    Unity Web Player: Version: UnityPlayer version 4.5.2f1 - SDK 10.6 [Click for support]

    Silverlight: Version: 5.1.40416.0 - SDK 10.6 [Click for support]

    JavaAppletPlugin: Version: Java 8 Update 60 build 27 Check version



    Safari Extensions: (What does this mean?)

    AdBlock

    My eBay Manager

    Reload Button

    YoutubeWide


    3rd Party Preference Panes: (What does this mean?)

    Flash Player [Click for support]

    Growl [Click for support]

    Java [Click for support]

    Logitech Control Center [Click for support]


    Time Machine: (What does this mean?)

    Time Machine not configured!



    Top Processes by CPU: (What does this mean?)

    7% WindowServer

    2% fontd

    2% Google Chrome Helper(14)

    1% avgscand

    1% Dock


    Top Processes by Memory: (What does this mean?)

    4.32 GB Google Chrome Helper(14)

    1.13 GB kernel_task

    459 MB softwareupdated

    328 MB Google Chrome

    311 MB TeamViewer


    Virtual Memory Information: (What does this mean?)

    1.86 GB Free RAM

    14.00 GB Used RAM (3.21 GB Cached)

    0 B Swap Used


    Diagnostics Information: (What does this mean?)

    Sep 14, 2015, 12:45:30 PM Self test - passed
     
  15. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #16
    This is the only one I see there I am not familiar with. Do you know what this is for?

    Otherwise there is nothing running that looks like it would be malware and cause this issue.

    Did you try force quitting Safari then holding the shift key when restarting Safari like I mentioned earlier? Normally that will stop these popups. Unless of course you go back to the same web page that is running the popup.
     
  16. JDalli thread starter macrumors newbie

    Joined:
    Sep 8, 2015
    #17
    Im using chrome, is it the same command for force quit?
     
  17. hallux macrumors 68020

    hallux

    Joined:
    Apr 25, 2012
    #18
    Force quit is an OS-level command, should work on all programs.
     
  18. JDalli thread starter macrumors newbie

    Joined:
    Sep 8, 2015
    #19
    Okay i've done everything suggested, I'll let you guys know if it worked. Thanks
     
  19. Bending Pixels macrumors 65816

    Joined:
    Jul 22, 2010
    #20
    JDalli - uninstall Chrome. Don't reinstall it. Use Safari. Also, when Finder is shown in the upper left, click on Go and hold down the Option key. Library will then be an option. Select that and under Application Support, look for either Google or Chrome, and delete that folder.
     
  20. JDalli thread starter macrumors newbie

    Joined:
    Sep 8, 2015
    #21
    I did that and deleted all the chrome related files, is there any way to safely install chrome or should I just take the loss
     
  21. MacDawg macrumors P6

    MacDawg

    Joined:
    Mar 20, 2004
    Location:
    "Between the Hedges"
    #22
    There is no reason you shouldn't be able to use Chrome safely on your computer, many, many, many Mac users use Chrome every day without issue

    Your issue can be identified and corrected with enough information and patience
     
  22. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #23
    There is no reason you cannot get Chrome and install it as long as you get it direct from Google. Chrome is not the problem here.
     
  23. PhillyGuy72 macrumors 6502a

    PhillyGuy72

    Joined:
    Sep 13, 2014
    Location:
    Philadelphia, PA USA
    #24
    Do you have AdBlock SUPER as an extension anywhere?

    If you do and if you can...get rid of that ASAP!
    That is not a legit extension from the makers of the real AdBlock, this "Super" is filled with Malware and hijacks your browsers. Redirects to force you to down fake Flash Player updaters, pop ups and now I've seen it pulling off Ransomware.

    Evil BS plug in from some scammer in Russia.
     

Share This Page