Avanti, senza vergogna, con DetectX/Profile

[Reid]

Ciao a tutti, metto il report di un mac di un mio amico a cui abbiamo appena cambiato Hd in SSD e fatto la copia con Time Machine. Ho ripulito qualcosa con alcuni consigli visti sopra. Metto il report cosi se c'è da migliorare qualcosa meglio ancora

Codice: Seleziona tutto

Timestamp (9): sab mag 16 20:47:33 2020
DetectX Swift v1.093

macOS: Version 10.11.6 (Build 15G22010)
File System: hfs
Temp: The thermal state is within normal limits.

Boot time: Fri May 15 18:06:27 2020
Uptime: 1 day,  2:41

Spotlight status for /:
	Indexing enabled. 
System Integrity Protection status: enabled.
Gatekeeper status: enabled for App Store and identified developers.
FileVault is Off.

Internet:	Reachable


    Hardware Overview:

      Model Name: MacBook
      Model Identifier: MacBook5,1
      Processor Name: Intel Core 2 Duo
      Processor Speed: 2 GHz
      Number of Processors: 1
      Total Number of Cores: 2
      L2 Cache: 3 MB
      Memory: 2 GB
      Bus Speed: 1,07 GHz
      Boot ROM Version: MB51.007D.B03
      SMC Version (system): 1.40f2
      Sudden Motion Sensor:
          State: Enabled



  Sharing Preferences:

	File Sharing:  Off
	Screen Sharing:  Off
	Remote Management:  Off
	Back To My Mac:  Off
	Remote Login:  Off
	Remote Apple Events:  Off


3rd Party Kexts (loaded):



 $PATH:

PATH=/usr/bin:/bin:/usr/sbin:/sbin


/etc/paths:
	/usr/local/bin
	/usr/bin
	/bin
	/usr/sbin
	/sbin

/etc/paths.d/:

~/.bash_profile:
	
~/.bashrc:

~/.bash_login:

~/.profile:

~/.bash_logout:


PID	Status	Label
285	0	/Library/jhXJGntZ/LHkrzZwN/tsEaUSLE
292	0	com.bjango.istatmenus.agent
5318	0	com.sqwarq.DetectX-Swift.22112
-	0	org.openbsd.ssh-agent
-	0	com.sys.system
-	0	OGa4T
301	0	com.bjango.istatmenus.status
-	78	com.smudgedly.os.app
-	0	jFZZe
-	78	5kwwt
272	0	/Library/cordleaf-Kakatoe/QuKXfvgF/ZRDaAmJK/ffATDWVL/osmund-cumular


 System Launchd processes:

185      - 	com.vix.cron
0      - 	com.microsoft.office.licensing.helper
49      - 	com.bjango.istatmenus.daemon
0      - 	com.bjango.istatmenus.installerhelper
0      - 	org.postfix.master
57      - 	fans
0      0 	org.cups.cupsd
0      0 	com.adobe.fpsaud
(dp)     78 	/Library/ZHbjrsdD/ZHbjrsdD.app/Contents/MacOS/ZHbjrsdD
0      0 	org.postfix.newaliases
184      - 	org.ntp.ntpd
0      0 	/Library/avwxlicgzxuk/avwxlicgzxuk
0      0 	/Library/qcmfauwaqndg/qcmfauwaqndg



 User Login Items:
 iTunesHelper
 Easy Mac Care




 /Library/LaunchDaemons:

	com.adobe.fpsaud.plist
		--> Program Arguments: /Library/Application Support/Adobe/Flash Player Install Manager/fpsaud
	
	com.apple.installer.osmessagetracing.plist
		--> Program Arguments: /System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer
	
	com.avwxlicgzxuk.plist
	
	com.bjango.istatmenus.daemon.plist
		-> Program: /Library/Application Support/iStat Menus 6/iStatMenusDaemon
	
	com.bjango.istatmenus.fans.plist
		-> Program: /Library/Application Support/iStat Menus 6/iStatMenusFans
	
	com.bjango.istatmenus.installerhelper.plist
		-> Program: /Library/PrivilegedHelperTools/com.bjango.istatmenus.installerhelper
		--> Program Arguments: /Library/PrivilegedHelperTools/com.bjango.istatmenus.installerhelper
	
	com.microsoft.office.licensing.helper.plist
		--> Program Arguments: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper
	
	com.qcmfauwaqndg.plist
	
	com.ZHbjrsdD.plist
	



 /Library/LaunchAgents:

	com.bjango.istatmenus.agent.plist
		-> Program: /Library/Application Support/iStat Menus 6/iStatMenusAgent.app/Contents/MacOS/iStatMenusAgent
	
	com.bjango.istatmenus.status.plist
		-> Program: /Library/Application Support/iStat Menus 6/iStat Menus Status.app/Contents/MacOS/iStat Menus Status
	
	com.osmund-cumular.plist
	
	com.smudgedly.os.plist
		-> Program: /Library/smudgedly.os/smudgedly.os.app/Contents/MacOS/smudgedly.os
	
	com.tsEaUSLE.plist
	



 ~/Library/LaunchAgents:

	com.5kwwt.plist
		-> Program: /Users/[U501]/Library/search.amp/h77Iz
	
	com.digitalprotection.emcupdater.plist
		-> Program: /Users/[U501]/Library/Application Support/emc/emcupdater.app/Contents/MacOS/emcupdater
	
	com.jFZZe.plist
		-> Program: /Users/[U501]/Library/kI3NS/0Rc5l
	
	com.OGa4T.plist
		-> Program: /Users/[U501]/Library/FKU59/ce0AS
	
	com.sys.system.plist
		--> Program Arguments: /Users/[U501]/Library/Application Support/.system/assistant
	

 User Crontab:

	No cron jobs



 /etc:

	aliases
	bashrc
	bashrc_Apple_Terminal
	efax.rc
	php.ini.default-5.2-previous
	php.ini.default-5.2-previous~orig
	rc.common
	rc.netboot
	zprofile
	zshrc

 / $Root:

	.file
	.MobileBackups / .. children: 1
	.OSInstallerMessages
	.Trashes / .. children: 0
	installer.failurerequests
	lost+found / .. children: 1

 ~/ $Home:

	.bash_history
	.bash_sessions / .. children: 48
	.CFUserTextEncoding
	.cups / .. children: 1
	.Trash / .. children: 0
	Desktop / .. children: 2
	Documents / .. children: 4
	Downloads / .. children: 2
	Library / .. children: 62
	Movies / .. children: 1
	Music / .. children: 4
	Pictures / .. children: 4
	Public / .. children: 3



 ~/Library:

	.clappy
	.Dc3r
	.pper
	com.apple.nsurlsessiond / .. children: 10
	FKU59 / .. children: 5
	Fonts Disabled / .. children: 0
	Google / .. children: 1
	instance
	jackbox_unspell / .. children: 1
	kI3NS / .. children: 2
	SavedDataFiles / .. children: 2
	utilityData / .. children: 0



 ~/Library/Application Support:

	.system / .. children: 4
	Adobe / .. children: 0
	Apple / .. children: 1
	com.sqwarq.DetectX-Swift / .. children: 4
	Easy Mac Care / .. children: 3
	Gemini 2 / .. children: 11
	Google / .. children: 1
	HP / .. children: 1
	iStat Menus / .. children: 1
	Microsoft / .. children: 2
	MobileSync / .. children: 1
	Preview / .. children: 0
	SyncServices / .. children: 1
	zoom.us / .. children: 2



 ~/Library/Safari/Extensions:

	Extensions.plist
	FastWeb.safariextz



 ~/Library/Internet Plug-Ins:

	ZoomUsPlugIn.plugin



 /Users/Shared:

	.iStatMenus / .. children: 1
	adi / .. children: 5
	Gemini 2 / .. children: 1
	SC Info / .. children: 0



 /Applications:

	AppCleaner.app
	DetectX Swift.app
	Gemini 2.app
	Hewlett-Packard
	HP / .. children: 2
	iStat Menus.app
	LaserJet-Pro-MFP-M125_M128-series_v12.34.0.dmg
	Microsoft Office 2011 / .. children: 9
	OnyX.app
	zoom.us.app



 /Library:

	ApplicationaContents / .. children: 2
	ApplicationContents / .. children: 2
	Automator / .. children: 95
	avwxlicgzxuk / .. children: 1
	backup.zip
	cordleaf-Kakatoe / .. children: 1
	Fonts Disabled / .. children: 16
	jhXJGntZ / .. children: 1
	MacInstallE
	Managed Preferences / .. children: 0
	molluscous.wh / .. children: 1
	pfutil
	qcmfauwaqndg / .. children: 1
	settings.dat
	smudgedly.os / .. children: 0
	UpdateMac / .. children: 0
	ZHbjrsdD / .. children: 0



 /Library/Application Support:

	.5ksHxltWEO
	Adobe / .. children: 1
	iStat Menus 6 / .. children: 9
	Macromedia / .. children: 1
	Microsoft / .. children: 4



 /Library/Extensions:

	hp_io_enabler_compound.kext
	hp_io_printerclassdriver_enabler.kext



 /Library/Internet Plug-Ins:

	Default Browser.plugin
	Disabled Plug-Ins / .. children: 2
	Flash Player.plugin
	flashplayer.xpt
	PepperFlashPlayer / .. children: 2
	Quartz Composer.webplugin
	SharePointBrowserPlugin.plugin
	SharePointWebKitPlugin.webplugin
	Silverlight.plugin



 /Library/Managed Preferences:

	



 /Library/PrivilegedHelperTools:

	com.bjango.istatmenus.installerhelper
	com.microsoft.office.licensing.helper



 /Library/ScriptingAdditions:

	



 /Library/StartupItems:

	



 /Library/Updates:

	index.plist
	PPDVersions.plist



Top Processes: 

%CPU	PID	COMMAND	
6.0		5318		DetectX Swift 
5.3		165		WindowServer 
1.7		0		kernel_task 

[faxus]

... il report di un mac di un mio amico...

A me sembra strapieno di malware...

Il tuo amico si è installato Easy Mac Care.
Pubblicizzato come un tool per migliorare le prestazioni e "velocizzare" il Mac.
Ma è una truffa, una specie di Mackeeper.

Che dice la finestra Search?

[Reid]

... il report di un mac di un mio amico...

A me sembra strapieno di malware...

Il tuo amico si è installato Easy Mac Care.
Pubblicizzato come un tool per migliorare le prestazioni e "velocizzare" il Mac.
Ma è una truffa, una specie di Mackeeper.

Che dice la finestra Search?

ma infatti Easy Mac Care mi diceva qualcosa, ma non mi ricordavo. Lo tolgo vero? meglio....

Nello status mi dice che non ci sono problemi.

Nel Searh mi dice." Find and remove potential problems, adware, malware and key logger".

Nella ricerca non mi trova nulla.

[faxus]

Vabbè, domani ti elencherò cosa fare.
C'è parecchia roba da rimuovere.

A questo punto io, visto che c'è poca roba installata di software...
Ma non gli conviene inizializzare e reinstallare da zero?
Poi si porta solo i dati nudi nella cartella utente.

Tra l'altro ha pochi dati da recuperare da un backup.
E solo 8 applicazioni.
In pratica ha più malware che dati e applicazioni...

Secondo me fa prima.
Fammi sapere

[Reid]

Ci avevamo pensato a far così. Ma ha preferito, e pure io visto l’inesperienza, per sentirci più sicuri, fare da Time machine.

E Poi eventualmente togliere quello che non gli serviva più e ripulirlo.

Se non è troppo sbattimento ti ringrazio. Comunque ho fatto un giro nella libreria e sto capendo piano piano quali sono da togliere

Piano piano pure io imparo.... ma piano eh

[faxus]

Ottimo.

Finisci e riposta.
Poi vediamo se è rimasto qualcosa.

Quello che mi sembra strano è che DetectX Swift non lo abbia trovato.

Eventualmente lo segnaliamo agli sviluppatori.
Ho un canale di chat

[Reid]

Mi sono basato molto sulle indicazioni che avevi dato per il mio mac. So che non è la stessa cosa, ma almeno sul dove guardare mi sono basato sulle indicazioni precedenti.

Non ho fatto molto, ho tolto quello che, secondo me, era evidente ad un inesperto.

Quello che ho fatto:

- Nella root del disco (/) non ho trovato nulla
- Nella home dell’ utente (~/): non ho trovato nulla, ho guardato anche nei file invisibili.
- In ~/Library ho eliminato: FKU59 – Instance – jackbox_unspell – kl3ns.
- In ~/Library/Application Support: non ho eliminaato nulla. Mi sembra tutto ok.
- In ~/Library/LaunchAgents: nulla.
- In /Users/Shared: nulla.
- In /Library/Internet Plug-Ins: Silverlight

Ho rilanciato DetectiveX e nella ricerca non mi ha trovato nulla, mentre nella sezione Serch lo stesso messaggio di ieri.

Questo è il nuovo report:

Codice: Seleziona tutto

Timestamp (13): dom mag 17 13:37:08 2020
DetectX Swift v1.093

macOS: Version 10.11.6 (Build 15G22010)
File System: hfs
Temp: The thermal state is within normal limits.

Boot time: Sun May 17 13:09:27 2020
Uptime: 28 mins, 1 user

Spotlight status for /:
	Indexing enabled. 
System Integrity Protection status: enabled.
Gatekeeper status: enabled for App Store and identified developers.
FileVault is Off.

Internet:	Reachable


    Hardware Overview:

      Model Name: MacBook
      Model Identifier: MacBook5,1
      Processor Name: Intel Core 2 Duo
      Processor Speed: 2 GHz
      Number of Processors: 1
      Total Number of Cores: 2
      L2 Cache: 3 MB
      Memory: 2 GB
      Bus Speed: 1,07 GHz
      Boot ROM Version: MB51.007D.B03
      SMC Version (system): 1.40f2
      Sudden Motion Sensor:
          State: Enabled



  Sharing Preferences:

	File Sharing:  Off
	Screen Sharing:  Off
	Remote Management:  Off
	Back To My Mac:  Off
	Remote Login:  Off
	Remote Apple Events:  Off


3rd Party Kexts (loaded):



 $PATH:

PATH=/usr/bin:/bin:/usr/sbin:/sbin


/etc/paths:
	/usr/local/bin
	/usr/bin
	/bin
	/usr/sbin
	/sbin

/etc/paths.d/:

~/.bash_profile:
	
~/.bashrc:

~/.bash_login:

~/.profile:

~/.bash_logout:


PID	Status	Label
424	0	/Library/jhXJGntZ/LHkrzZwN/tsEaUSLE
430	0	com.bjango.istatmenus.agent
1009	0	com.sqwarq.DetectX-Swift.22112
-	0	org.openbsd.ssh-agent
-	0	com.sys.system
-	78	OGa4T
437	0	com.bjango.istatmenus.status
-	0	com.smudgedly.os.app
-	0	jFZZe
-	78	5kwwt
411	0	/Library/cordleaf-Kakatoe/QuKXfvgF/ZRDaAmJK/ffATDWVL/osmund-cumular


 System Launchd processes:

187      - 	com.vix.cron
0      - 	com.microsoft.office.licensing.helper
50      - 	com.bjango.istatmenus.daemon
0      - 	com.bjango.istatmenus.installerhelper
0      - 	org.postfix.master
58      - 	fans
0      0 	org.cups.cupsd
0      - 	com.adobe.fpsaud
(dp)     78 	/Library/ZHbjrsdD/ZHbjrsdD.app/Contents/MacOS/ZHbjrsdD
0      0 	org.postfix.newaliases
186      - 	org.ntp.ntpd
0      0 	/Library/avwxlicgzxuk/avwxlicgzxuk
0      0 	/Library/qcmfauwaqndg/qcmfauwaqndg



 User Login Items:
 iTunesHelper
 Easy Mac Care




 /Library/LaunchDaemons:

	com.adobe.fpsaud.plist
		--> Program Arguments: /Library/Application Support/Adobe/Flash Player Install Manager/fpsaud
	
	com.apple.installer.osmessagetracing.plist
		--> Program Arguments: /System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer
	
	com.avwxlicgzxuk.plist
	
	com.bjango.istatmenus.daemon.plist
		-> Program: /Library/Application Support/iStat Menus 6/iStatMenusDaemon
	
	com.bjango.istatmenus.fans.plist
		-> Program: /Library/Application Support/iStat Menus 6/iStatMenusFans
	
	com.bjango.istatmenus.installerhelper.plist
		-> Program: /Library/PrivilegedHelperTools/com.bjango.istatmenus.installerhelper
		--> Program Arguments: /Library/PrivilegedHelperTools/com.bjango.istatmenus.installerhelper
	
	com.microsoft.office.licensing.helper.plist
		--> Program Arguments: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper
	
	com.qcmfauwaqndg.plist
	
	com.ZHbjrsdD.plist
	



 /Library/LaunchAgents:

	com.bjango.istatmenus.agent.plist
		-> Program: /Library/Application Support/iStat Menus 6/iStatMenusAgent.app/Contents/MacOS/iStatMenusAgent
	
	com.bjango.istatmenus.status.plist
		-> Program: /Library/Application Support/iStat Menus 6/iStat Menus Status.app/Contents/MacOS/iStat Menus Status
	
	com.osmund-cumular.plist
	
	com.smudgedly.os.plist
		-> Program: /Library/smudgedly.os/smudgedly.os.app/Contents/MacOS/smudgedly.os
	
	com.tsEaUSLE.plist
	



 ~/Library/LaunchAgents:

	com.5kwwt.plist
		-> Program: /Users/[U501]/Library/search.amp/h77Iz
	
	com.digitalprotection.emcupdater.plist
		-> Program: /Users/[U501]/Library/Application Support/emc/emcupdater.app/Contents/MacOS/emcupdater
	
	com.jFZZe.plist
		-> Program: /Users/[U501]/Library/kI3NS/0Rc5l
	
	com.OGa4T.plist
		-> Program: /Users/[U501]/Library/FKU59/ce0AS
	
	com.sys.system.plist
		--> Program Arguments: /Users/[U501]/Library/Application Support/.system/assistant
	

 User Crontab:

	No cron jobs



 /etc:

	aliases
	bashrc
	bashrc_Apple_Terminal
	efax.rc
	php.ini.default-5.2-previous
	php.ini.default-5.2-previous~orig
	rc.common
	rc.netboot
	zprofile
	zshrc

 / $Root:

	.file
	.MobileBackups / .. children: 1
	.OSInstallerMessages
	.Trashes / .. children: 0
	installer.failurerequests
	lost+found / .. children: 1

 ~/ $Home:

	.bash_history
	.bash_sessions / .. children: 48
	.CFUserTextEncoding
	.cups / .. children: 1
	.Trash / .. children: 0
	Desktop / .. children: 2
	Documents / .. children: 4
	Downloads / .. children: 2
	Library / .. children: 58
	Movies / .. children: 1
	Music / .. children: 4
	Pictures / .. children: 4
	Public / .. children: 3



 ~/Library:

	.clappy
	.Dc3r
	.pper
	com.apple.nsurlsessiond / .. children: 10
	Fonts Disabled / .. children: 0
	Google / .. children: 1
	SavedDataFiles / .. children: 2
	utilityData / .. children: 0



 ~/Library/Application Support:

	.system / .. children: 4
	Adobe / .. children: 0
	Apple / .. children: 1
	com.sqwarq.DetectX-Swift / .. children: 5
	Gemini 2 / .. children: 11
	Google / .. children: 1
	HP / .. children: 1
	iStat Menus / .. children: 1
	Microsoft / .. children: 2
	MobileSync / .. children: 1
	Preview / .. children: 0
	SyncServices / .. children: 1
	zoom.us / .. children: 2



 ~/Library/Safari/Extensions:

	Extensions.plist
	FastWeb.safariextz



 ~/Library/Internet Plug-Ins:

	ZoomUsPlugIn.plugin



 /Users/Shared:

	.iStatMenus / .. children: 1
	adi / .. children: 5
	Gemini 2 / .. children: 1
	SC Info / .. children: 0



 /Applications:

	AppCleaner.app
	DetectX Swift.app
	Gemini 2.app
	Hewlett-Packard
	HP / .. children: 2
	iStat Menus.app
	Microsoft Office 2011 / .. children: 9
	OnyX.app
	zoom.us.app



 /Library:

	ApplicationaContents / .. children: 2
	ApplicationContents / .. children: 2
	Automator / .. children: 95
	avwxlicgzxuk / .. children: 1
	backup.zip
	cordleaf-Kakatoe / .. children: 1
	Fonts Disabled / .. children: 16
	jhXJGntZ / .. children: 1
	MacInstallE
	Managed Preferences / .. children: 0
	molluscous.wh / .. children: 1
	pfutil
	qcmfauwaqndg / .. children: 1
	settings.dat
	smudgedly.os / .. children: 0
	UpdateMac / .. children: 0
	ZHbjrsdD / .. children: 0



 /Library/Application Support:

	.5ksHxltWEO
	Adobe / .. children: 1
	iStat Menus 6 / .. children: 9
	Macromedia / .. children: 1
	Microsoft / .. children: 4



 /Library/Extensions:

	hp_io_enabler_compound.kext
	hp_io_printerclassdriver_enabler.kext



 /Library/Internet Plug-Ins:

	Default Browser.plugin
	Disabled Plug-Ins / .. children: 2
	Flash Player.plugin
	flashplayer.xpt
	PepperFlashPlayer / .. children: 2
	Quartz Composer.webplugin
	SharePointBrowserPlugin.plugin
	SharePointWebKitPlugin.webplugin



 /Library/Managed Preferences:

	



 /Library/PrivilegedHelperTools:

	com.bjango.istatmenus.installerhelper
	com.microsoft.office.licensing.helper



 /Library/ScriptingAdditions:

	



 /Library/StartupItems:

	



 /Library/Updates:

	index.plist
	PPDVersions.plist



Top Processes: 

%CPU	PID	COMMAND	
6.0		1009		DetectX Swift 
4.9		174		WindowServer 
1.5		0		kernel_task 
0.5		50		iStatMenusDaemon 
0.3		41		UserEventAgent 
0.2		1		launchd 
0.1		130		cfprefsd 
0.1		40		syslogd 
0.1		183		mtmd 

[faxus]

Questi processi attivi indicano la presenza di elementi di malware:
PID Status Label
424 0 /Library/jhXJGntZ/LHkrzZwN/tsEaUSLE
- 78 OGa4T
- 0 com.smudgedly.os.app
- 0 jFZZe
- 78 5kwwt
411 0 /Library/cordleaf-Kakatoe/QuKXfvgF/ZRDaAmJK/ffATDWVL/osmund-cumular

Vanno disattivati perché sono nei attivi all’avvio del sistema:
(dp) 78 /Library/ZHbjrsdD/ZHbjrsdD.app/Contents/MacOS/ZHbjrsdD
0 0 /Library/avwxlicgzxuk/avwxlicgzxuk
0 0 /Library/qcmfauwaqndg/qcmfauwaqndg

Dopo averli disattivati vanno eliminati:

Preferenze di Sistema > Utenti e gruppi > Elementi del login:
Easy Mac Care

Inoltre c’è tutta questa roba ancora da eliminare:

/Library/LaunchDaemons:
com.avwxlicgzxuk.plist
com.ZHbjrsdD.plist

~/Library/LaunchAgents:
com.5kwwt.plist
com.digitalprotection.emcupdater.plist
com.jFZZe.plist
com.OGa4T.plist
com.sys.system.plist

~/Library:
search.amp/h77Iz
kI3NS/0Rc5l
~/Library:
.clappy
.Dc3r
.pper


~/Library/Application Support:
emc
.system

Nel disco principale (root):
Cosa c’è nella cartella lost+found?

/Library:
avwxlicgzxuk
cordleaf-KakatoejhXJGntZ
MacInstallE
molluscous.wh
pfutil
qcmfauwaqndg
settings.dat
smudgedly.os
UpdateMac
ZHbjrsdD

/Library/Application Support:
.5ksHxltWEO

Continua a sembrarmi strano che DetectX Swift non li abbia trovati.
Per favore confermami che è così, perché lo segnalo

[Reid]

Ok, stasera mi adopero per cancellare tutta questa roba.

Ieri l'ho lanciato, quando ho scritto il post e il search era pulito.

Ora l'ho appena lanciato e mi segnala questi 3.

Grazie per tutte le info.

[Pingus]

Ciao a tutti, metto il report di un mac di un mio amico a cui abbiamo appena cambiato Hd in SSD e fatto la copia con Time Machine. Ho ripulito qualcosa con alcuni consigli visti sopra. Metto il report cosi se c'è da migliorare qualcosa meglio ancora

cioè non basta il tuo... pure quello degli amici ??!!!

[Reid]

Ciao a tutti, metto il report di un mac di un mio amico a cui abbiamo appena cambiato Hd in SSD e fatto la copia con Time Machine. Ho ripulito qualcosa con alcuni consigli visti sopra. Metto il report cosi se c'è da migliorare qualcosa meglio ancora

cioè non basta il tuo... pure quello degli amici ??!!!

HAhahahhaha cosi vi tengo in forma nel risolvere i problemi. Lo faccio per voi

[faxus]

Ieri l'ho lanciato, quando ho scritto il post e il search era pulito.

Ora l'ho appena lanciato e mi segnala questi 3...

Ma che fa il tuo amico, o tu?

Li raccattate per strada?
Finché non eliminate il malware quello continua a fare danni e attirare altro malware.

Adesso elimina tutto e poi rifallo.
Perché ci sarà altra monnezza.
NON USATE QUEL SISTEMA

[Reid]

Faxus, mi astengo da questo mac usato per anni in modo inconsapevole

Un po come me fino a prima di essere entrato in questo Forum

Ok, faccio tutto e rifaccio DirectX.

Grz.

[Reid]

Ieri l'ho lanciato, quando ho scritto il post e il search era pulito.

Ora l'ho appena lanciato e mi segnala questi 3...

Ma che fa il tuo amico, o tu?

Li raccattate per strada?
Finché non eliminate il malware quello continua a fare danni e attirare altro malware.

Adesso elimina tutto e poi rifallo.
Perché ci sarà altra monnezza.
NON USATE QUEL SISTEMA

Ho fatto tutto.

Rilanciando DirectX mi trova ogni volta solo questo

/Users/macbookpro/Library/Application Support/.dir

quando lo vado ad eliminare, e rifaccio la ricerca, lo ritrova.

Nel disco principale (root):
Cosa c’è nella cartella lost+found?

Questa è una cartella invisibile e all'interno c'è un file txt (di 6GB) che si chiama INode 1548527.



Ho rifatto

Codice: Seleziona tutto

Timestamp (37): lun mag 18 12:53:30 2020
DetectX Swift v1.093

macOS: Version 10.11.6 (Build 15G22010)
File System: hfs
Temp: The thermal state is within normal limits.

Boot time: Mon May 18 12:42:24 2020
Uptime: 11 mins, 1 user

Spotlight status for /:
	Indexing enabled. 
System Integrity Protection status: enabled.
Gatekeeper status: enabled for App Store and identified developers.
FileVault is Off.

Internet:	Reachable


    Hardware Overview:

      Model Name: MacBook
      Model Identifier: MacBook5,1
      Processor Name: Intel Core 2 Duo
      Processor Speed: 2 GHz
      Number of Processors: 1
      Total Number of Cores: 2
      L2 Cache: 3 MB
      Memory: 2 GB
      Bus Speed: 1,07 GHz
      Boot ROM Version: MB51.007D.B03
      SMC Version (system): 1.40f2
      Sudden Motion Sensor:
          State: Enabled



  Sharing Preferences:

	File Sharing:  Off
	Screen Sharing:  Off
	Remote Management:  Off
	Back To My Mac:  Off
	Remote Login:  Off
	Remote Apple Events:  Off


3rd Party Kexts (loaded):



 $PATH:

PATH=/usr/bin:/bin:/usr/sbin:/sbin


/etc/paths:
	/usr/local/bin
	/usr/bin
	/bin
	/usr/sbin
	/sbin

/etc/paths.d/:

~/.bash_profile:
	
~/.bashrc:

~/.bash_login:

~/.profile:

~/.bash_logout:


PID	Status	Label
-	78	/Library/jhXJGntZ/LHkrzZwN/tsEaUSLE
276	0	com.bjango.istatmenus.agent
1871	0	com.sqwarq.DetectX-Swift.22112
-	0	org.openbsd.ssh-agent
-	0	com.PonyDash
285	0	com.bjango.istatmenus.status
-	78	com.smudgedly.os.app
2142	0	com.AncientJewels2Trial
-	78	/Library/cordleaf-Kakatoe/QuKXfvgF/ZRDaAmJK/ffATDWVL/osmund-cumular


 System Launchd processes:

183      - 	com.vix.cron
0      - 	com.microsoft.office.licensing.helper
50      - 	com.bjango.istatmenus.daemon
0      - 	com.bjango.istatmenus.installerhelper
0      - 	org.postfix.master
58      - 	fans
0      0 	org.cups.cupsd
0      - 	com.adobe.fpsaud
0      0 	org.postfix.newaliases
182      - 	org.ntp.ntpd



 User Login Items:
 iTunesHelper




 /Library/LaunchDaemons:

	com.adobe.fpsaud.plist
		--> Program Arguments: /Library/Application Support/Adobe/Flash Player Install Manager/fpsaud
	
	com.apple.installer.osmessagetracing.plist
		--> Program Arguments: /System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer
	
	com.bjango.istatmenus.daemon.plist
		-> Program: /Library/Application Support/iStat Menus 6/iStatMenusDaemon
	
	com.bjango.istatmenus.fans.plist
		-> Program: /Library/Application Support/iStat Menus 6/iStatMenusFans
	
	com.bjango.istatmenus.installerhelper.plist
		-> Program: /Library/PrivilegedHelperTools/com.bjango.istatmenus.installerhelper
		--> Program Arguments: /Library/PrivilegedHelperTools/com.bjango.istatmenus.installerhelper
	
	com.microsoft.office.licensing.helper.plist
		--> Program Arguments: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper
	



 /Library/LaunchAgents:

	com.bjango.istatmenus.agent.plist
		-> Program: /Library/Application Support/iStat Menus 6/iStatMenusAgent.app/Contents/MacOS/iStatMenusAgent
	
	com.bjango.istatmenus.status.plist
		-> Program: /Library/Application Support/iStat Menus 6/iStat Menus Status.app/Contents/MacOS/iStat Menus Status
	
	com.osmund-cumular.plist
	
	com.smudgedly.os.plist
		-> Program: /Library/smudgedly.os/smudgedly.os.app/Contents/MacOS/smudgedly.os
	
	com.tsEaUSLE.plist
	



 ~/Library/LaunchAgents:

	com.AncientJewels2Trial.plist
		--> Program Arguments: /Users/[U501]/Library/Application Support/.SplashID/Zombified
	
	com.PonyDash.plist
		--> Program Arguments: /Users/[U501]/Library/Application Support/.Charts/NeontoStudioPro
	

 User Crontab:

	No cron jobs



 /etc:

	aliases
	bashrc
	bashrc_Apple_Terminal
	efax.rc
	php.ini.default-5.2-previous
	php.ini.default-5.2-previous~orig
	rc.common
	rc.netboot
	zprofile
	zshrc

 / $Root:

	.file
	.MobileBackups / .. children: 1
	.OSInstallerMessages
	.Trashes / .. children: 0
	installer.failurerequests
	lost+found / .. children: 1

 ~/ $Home:

	.bash_history
	.bash_sessions / .. children: 63
	.CFUserTextEncoding
	.cups / .. children: 1
	.Trash / .. children: 0
	Desktop / .. children: 3
	Documents / .. children: 4
	Downloads / .. children: 2
	Library / .. children: 55
	Movies / .. children: 1
	Music / .. children: 4
	Pictures / .. children: 4
	Public / .. children: 3



 ~/Library:

	com.apple.nsurlsessiond / .. children: 11
	Fonts Disabled / .. children: 0
	Google / .. children: 1
	SavedDataFiles / .. children: 2
	utilityData / .. children: 0



 ~/Library/Application Support:

	.ArtRage6 / .. children: 1
	.Charts / .. children: 2
	.dir / .. children: 1
	.SplashID / .. children: 1
	Adobe / .. children: 0
	Apple / .. children: 1
	com.sqwarq.DetectX-Swift / .. children: 5
	Gemini 2 / .. children: 11
	Google / .. children: 1
	HP / .. children: 1
	iStat Menus / .. children: 1
	Microsoft / .. children: 2
	MobileSync / .. children: 1
	Preview / .. children: 0
	SyncServices / .. children: 1
	zoom.us / .. children: 2



 ~/Library/Safari/Extensions:

	Extensions.plist
	FastWeb.safariextz



 ~/Library/Internet Plug-Ins:

	ZoomUsPlugIn.plugin



 /Users/Shared:

	.iStatMenus / .. children: 1
	adi / .. children: 5
	Gemini 2 / .. children: 1
	SC Info / .. children: 0



 /Applications:

	AppCleaner.app
	DetectX Swift.app
	Gemini 2.app
	Hewlett-Packard
	HP / .. children: 2
	iStat Menus.app
	Microsoft Office 2011 / .. children: 9
	OnyX.app
	zoom.us.app



 /Library:

	ApplicationaContents / .. children: 2
	ApplicationContents / .. children: 2
	Automator / .. children: 95
	backup.zip
	Fonts Disabled / .. children: 16
	Managed Preferences / .. children: 0



 /Library/Application Support:

	Adobe / .. children: 1
	iStat Menus 6 / .. children: 9
	Macromedia / .. children: 1
	Microsoft / .. children: 4



 /Library/Extensions:

	hp_io_enabler_compound.kext
	hp_io_printerclassdriver_enabler.kext



 /Library/Internet Plug-Ins:

	Default Browser.plugin
	Disabled Plug-Ins / .. children: 2
	Flash Player.plugin
	flashplayer.xpt
	PepperFlashPlayer / .. children: 2
	Quartz Composer.webplugin
	SharePointBrowserPlugin.plugin
	SharePointWebKitPlugin.webplugin



 /Library/Managed Preferences:

	



 /Library/PrivilegedHelperTools:

	com.bjango.istatmenus.installerhelper
	com.microsoft.office.licensing.helper



 /Library/ScriptingAdditions:

	



 /Library/StartupItems:

	



 /Library/Updates:

	index.plist
	PPDVersions.plist



Top Processes: 

%CPU	PID	COMMAND	
17.9 	166		WindowServer 
14.6 	1871 	DetectX Swift 
3.6		891		com.apple.WebKit 
3.3		0		kernel_task 
2.4		96		hidd 
0.3		285		iStat Menus Stat 

[faxus]

Reid, se NON SEGUI LE INDICAZIONI DATE è inutile continuare...

Questi processi attivi indicano la presenza di elementi di malware:
PID Status Label
424 0 /Library/jhXJGntZ/LHkrzZwN/tsEaUSLE
- 78 OGa4T
- 0 com.smudgedly.os.app
- 0 jFZZe
- 78 5kwwt
411 0 /Library/cordleaf-Kakatoe/QuKXfvgF/ZRDaAmJK/ffATDWVL/osmund-cumular

Vanno disattivati perché sono attivi all’avvio del sistema...

Se non lo fai PRIMA di procedere all'eliminazione del resto e poi riavviare, continueranno a riprodursi.
Non so se è chiaro.

Devi PRIMA aprire Monitoraggio Attività e uccidere quei processi.
POI eliminare il resto.
INFINE riavviare per risolvere il problema