'Spigot' malware deleted but browsers still not responding?

Discussion in 'OS X El Capitan (10.11)' started by Tsims01, Aug 15, 2016.

  1. Tsims01 macrumors newbie

    Joined:
    Aug 15, 2016
    #1
    Hi I'm new here!
    I somehow managed to infect my poor Mac with the 'spigot' malware (also labelled under searchme.safariextz ???) which came up detected on my AVG Antivirus installed
    I put it in quarantine unsure whether to delete it or not
    Ended up deleting it
    But since then my browsers still haven't been responding??? I'll open the safari application but the browser won't open - the icon will just appear on the dock, if I right click on it it'll just say application not responding...

    My mac in general has been pretty slow as of late with pre installed apps such as Keynote and Pages, I think because of my almost-full disk but my browsers always worked up until the discovery of the satanic creation that is malware

    What I don't get is why, after deleting the virus and reinstalling El Capitan, my chrome and safari browsers still aren't working? I reinstalled chrome after managing to get safari working for A BIT before it started not responding again but no hope for either browser!

    Please help me!!!
     
  2. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #2
    It would be a good starting point to have an overview of your system and some of the software you have installed. You can do this with the application Etrecheck and then paste the full report here between [code][/code] tags.
     
  3. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #3
    Did you follow this removal advice?

    Did you erase and reinstall the OS?
     
  4. Tsims01 thread starter macrumors newbie

    Joined:
    Aug 15, 2016
    #4

    Thank you so much! I removed the spigot and now chrome seems to be working fine, however safari still keeps crashing!
    (I hope I did this right)

    Code:
    EtreCheck version: 3.0.1 (304)
    
    Report generated 2016-08-17 10:41:04
    
    Download EtreCheck from https://etrecheck.com
    
    Runtime 6:17
    
    Performance: Below Average
    
    
    Click the [Support] links for help with non-Apple products.
    
    Click the [Details] links for more information about that line.
    
    Click the [Remove] links to remove adware.
    
    
    Problem: Apps are crashing
    
    Description:
    
    Safari won’t open and Chrome won’t load
    
    
    Hardware Information:ⓘ
    
      MacBook Air (13-inch, Early 2015)
    
      [Technical Specifications] - [User Guide] - [Warranty & Service]
    
      MacBook Air - model: MacBookAir7,2
    
      1 1.6 GHz Intel Core i5 CPU: 2-core
    
      4 GB RAM Not upgradeable
    
      BANK 0/DIMM0
    
      2 GB DDR3 1600 MHz ok
    
      BANK 1/DIMM0
    
      2 GB DDR3 1600 MHz ok
    
      Bluetooth: Good - Handoff/Airdrop2 supported
    
      Wireless:  en0: 802.11 a/b/g/n/ac
    
      Battery: Health = Normal - Cycle count = 347
    
    
    Video Information:ⓘ
    
      Intel HD Graphics 6000
    
      Color LCD 1440 x 900
    
    
    System Software:ⓘ
    
      OS X El Capitan 10.11.6 (15G31) - Time since boot: less than an hour
    
    
    Disk Information:ⓘ
    
      APPLE SSD SM0128G disk0 : (121.33 GB) (Solid State - TRIM: Yes)
    
      EFI (disk0s1) <not mounted> : 210 MB
    
      Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB
    
      Macintosh HD (disk1) / : 120.11 GB (25.43 GB free)
    
      Encrypted AES-XTS Unlocked
    
      Core Storage: disk0s2 120.47 GB Online
    
    
    USB Information:ⓘ
    
      Apple Inc. BRCM20702 Hub
    
      Apple Inc. Bluetooth USB Host Controller
    
      Imation ImationFlashDriv 3.88 GB
    
      T (disk2s1) /Volumes/T : 3.87 GB (58 MB free)
    
    
    Thunderbolt Information:ⓘ
    
      Apple Inc. thunderbolt_bus
    
    
    Configuration files:ⓘ
    
      /etc/sysctl.conf - File exists but not expected
    
    
    Gatekeeper:ⓘ
    
      Mac App Store and identified developers
    
    
    Adware:ⓘ
    
      ~/Library/LaunchAgents/com.spigot.ApplicationManager.plist
    
      One adware file found.[Remove]
    
    
    Kernel Extensions:ⓘ
    
      /Applications/AVG AntiVirus.app
    
      [loaded]  com.avg.Antivirus.OnAccess.kext (4791 - SDK 10.8 - 2016-08-16) [Support]
    
    
      /Applications/Utilities/NoSleep.app
    
      [loaded]  com.protech.NoSleep (1.4.0 - SDK 10.10 - 2016-07-24) [Support]
    
    
    System Launch Agents:ⓘ
    
      [not loaded]  7 Apple tasks
    
      [loaded]  165 Apple tasks
    
      [running]  66 Apple tasks
    
    
    System Launch Daemons:ⓘ
    
      [not loaded]  45 Apple tasks
    
      [loaded]  155 Apple tasks
    
      [running]  90 Apple tasks
    
    
    Launch Agents:ⓘ
    
      [not loaded]  com.adobe.AAM.Updater-1.0.plist (2016-07-17) - /Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility: Executable not found!
    
      [failed]  com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (2016-07-13)
    
      [running]  com.avg.Antivirus.gui.plist (2015-12-04)
    
    
    Launch Daemons:ⓘ
    
      [loaded]  com.adobe.ARMDC.Communicator.plist (2016-07-13) [Support]
    
      [loaded]  com.adobe.ARMDC.SMJobBlessHelper.plist (2016-07-13) [Support]
    
      [failed]  com.adobe.agsservice.plist (2016-03-30) - /Library/Application Support/Adobe/AdobeGCClient/AGSService: Executable not found!
    
      [loaded]  com.apple.installer.osmessagetracing.plist (2016-05-18)
    
      [loaded]  com.avg.Antivirus.crashpad.plist (2015-12-04)
    
      [running]  com.avg.Antivirus.infosd.plist (2015-12-04) [Support]
    
      [running]  com.avg.Antivirus.services.plist (2015-12-04)
    
      [failed]  com.fitbit.galileod.plist (2015-10-30) - /Library/Application Support/Fitbit Connect/galileod: Executable not found!
    
      [loaded]  net.sourceforge.MonolingualHelper.plist (2016-07-24) [Support]
    
    
    User Launch Agents:ⓘ
    
      [loaded]  com.adobe.AAM.Updater-1.0.plist (2015-11-29) - /Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility: Executable not found!
    
      [loaded]  com.google.keystone.agent.plist (2016-08-15)
    
      [failed]  com.spigot.ApplicationManager.plist (2015-08-28) Adware!  [Remove]
    
      [failed]  com.spotify.webhelper.plist (2016-07-28) - ~/Library/Application Support/Spotify/SpotifyWebHelper: Executable not found!
    
    
    User Login Items:ⓘ
    
      Flux  Application  (/Applications/Flux.app)
    
      ShazamHelper  SMLoginItem  (/Applications/Shazam.app/Contents/Library/LoginItems/ShazamHelper.app)
    
    
    Internet Plug-ins:ⓘ
    
      AdobePDFViewerNPAPI: 15.017.20053 - SDK 10.11 (2016-08-03) [Support]
    
      AdobePDFViewer: 15.017.20053 - SDK 10.11 (2016-08-03) [Support]
    
      QuickTime Plugin: 7.7.3 (2016-07-09)
    
      Default Browser: 601 - SDK 10.11 (2016-07-09)
    
    
    3rd Party Preference Panes:ⓘ
    
      NoSleep (2016-07-24) [Support]
    
    
    Time Machine:ⓘ
    
      Auto backup: YES
    
      Volumes being backed up:
    
      Macintosh HD: Disk size: 120.11 GB Disk used: 94.68 GB
    
      Destinations:
    
      Talei [Local]
    
      Total size: 999.86 GB
    
      Total number of backups: 24
    
      Oldest backup: 10/09/2015, 8:37 PM
    
      Last backup: 16/08/2016, 5:08 PM
    
      Size of backup disk: Excellent
    
      Backup size 999.86 GB > (Disk size 120.11 GB X 3)
    
    
    Top Processes by CPU:ⓘ
    
      7%  coreaudiod
    
      4%  kernel_task
    
      3%  bluetoothaudiod
    
      2%  iTunes
    
      0%  Shazam
    
    
    Top Processes by Memory:ⓘ
    
      642 MB  kernel_task
    
      168 MB  mdworker(11)
    
      143 MB  iTunes
    
      98 MB  avgscand
    
      74 MB  ocspd
    
    
    Virtual Memory Information:ⓘ
    
      584 MB  Free RAM
    
      3.43 GB  Used RAM (1.48 GB Cached)
    
      0 B  Swap Used
    
    
    Diagnostics Information:ⓘ
    
      Aug 17, 2016, 10:35:20 AM  ~/Library/Logs/DiagnosticReports/iTunes_2016-08-17-103520_[redacted].crash
    
      com.apple.iTunes - /Applications/iTunes.app/Contents/MacOS/iTunes
    
      Aug 17, 2016, 10:33:31 AM  Self test - passed
    
    --- Post Merged, Aug 16, 2016 ---
    I think I tried to follow through with it but it wasn't making much of a difference in terms of loading safari properly.
    I didn't erase OS, I just reinstalled - that might be part of the problem.
    I'll probably back up my laptop and do so if safari still fails to load. Thank you!
     
  5. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #5
    There is one remaining file of Spigot that you can get rid of (although it is likely ineffective by now). In Finder, click on the ‘Go’ menu at the top, press the option key and click on ‘Library’. There should be a folder there called LaunchAgents. Delete this file within it: ‘com.spigot.ApplicationManager.plist’.

    That Etrecheck took six minutes to complete this report is indeed not normal. This suggests that something is hampering your computer’s performance, which may also be the reason for the Safari crashes. Possible causes: (1) your anti-malware program AVG, (2) Monolingual (which removes files from system applications and Safari), (3) the existence of /etc/sysctl.conf, which can interfere with your networking settings and might affect the browser too, (4) file-system corruptions, (5) hardware problems.

    First, you should perform a first-aid operation on your Apple SSD with Disk Utility, to rule out any problems with your file system or disk. Second, consider moving the sysctl.conf file out of the way, with this command:
    Code:
    sudo mv /etc/sysctl.conf /etc/sysctl.conf~
    Reboot afterwards. See whether anything changes or comes up. Third, consider uninstalling AVG temporarily (you might need to reboot afterwards). Fourth, to replace the files that Monolingual removed and rule out problems because of this, you should reinstall the system (this will just repair your base system, everything will stay in place). To do that, reboot the computer and press command–R immediately after the tone. From there you can select ‘Reinstall OS X’ and select your Macintosh HD drive as the destination. I see that you have a Time Machine backup in place, make sure that you complete one more backup before you attempt the reinstallation (and make sure you have your encryption password!). Finally, if this still doesn’t work, perform an Apple Diagnostic Test according to instructions here.

    That is all that comes to mind right now.
     

Share This Page