adware

mainbrake · Messaggio da **mainbrake** » mer, 08 lug 2020 11:39

Ciao a tutti
ho un MacBook pro 2017 dove si è istallato un adware denominato search marquis aprendo Safari....non riesco ad eliminarlo.Aiutooooo

faxus · Messaggio da **faxus** » mer, 08 lug 2020 11:54

mainbrake ha scritto: ↑
mer, 08 lug 2020 11:39
Ciao a tutti
ho un MacBook pro 2017 dove si è istallato un virus denominato search marquis aprendo Safari....non riesco ad eliminarlo.Aiutooooo :(

Non è un virus, è un adware.
Per favore edita il titolo fuori luogo.

Scarica ed esegui DetectX
https://sqwarq.com/detectx/

Riporta il contenuto della finestra Search, dove dovrebbe comparire.
Spesso se ne associano altri o addirittura del malware (virus non esistono per macOS).

Posta invece il contenuto della finestra Profile, tutto, ad esclusione dell'ultimo resoconto "Running Processes”, per il momento.

Segui passo passo queste istruzioni, per scaricare, installare e postare:
https://www.imaccanici.org/detectx/

mainbrake · Messaggio da **mainbrake** » ven, 10 lug 2020 17:36

Scusate il ritardo ma impegnati urgenti me lo hanno impedito....Timestamp (10): Fri Jul 10 17:30:21 2020
DetectX Swift v1.096

macOS: Version 10.14.6 (Build 18G87)
-- a security update for Mojave may be available in the App Store

File System: apfs
Temp: The thermal state is within normal limits.

Boot time: Wed Jul 8 09:41:25 2020
Uptime: 2 days, 7:49

Spotlight status for /:
Indexing enabled.
System Integrity Protection status: enabled.
Gatekeeper status: enabled for App Store and identified developers.
FileVault is On.

Internet: Reachable

Hardware Overview:

Model Name: MacBook Pro
Model Identifier: MacBookPro14,1
Processor Name: Intel Core i5
Processor Speed: 2,3 GHz
Number of Processors: 1
Total Number of Cores: 2
L2 Cache (per Core): 256 KB
L3 Cache: 4 MB
Hyper-Threading Technology: Enabled
Memory: 8 GB
Boot ROM Version: 198.0.0.0.0
SMC Version (system): 2.43f6

Sharing Preferences:

File Sharing: Off
Screen Sharing: Off
Remote Management: Off
Back To My Mac: Off
Remote Login: On
Remote Apple Events: Off

3rd Party Kexts (loaded):

$PATH:

PATH=/usr/bin:/bin:/usr/sbin:/sbin

/etc/paths:
/usr/local/bin
/usr/bin
/bin
/usr/sbin
/sbin

/etc/paths.d/:

~/.bash_profile:

~/.bashrc:

~/.bash_login:

~/.profile:

~/.bash_logout:

User Launchd processes:

PID Status Label
- 0 com.openssh.ssh-agent
330 0 com.InternetMovilUnefon
- 0 com.MonSisra
- 0 com.spotify.client.startuphelper
2813 0 com.sqwarq.DetectX-Swift.10464
336 0 com.hp.devicemonitor
339 0 Label
- 0 com.Pyre

System Launchd processes:

0 - com.vix.cron
0 - com.microsoft.office.licensing.helper
0 - org.cups.cupsd
0 0 com.adobe.fpsaud
0 - com.openssh.sshd

User Login Items:

/Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpers/HP Device Monitor Manager.app
/Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpers/HP Device Monitor Manager.app/Contents/Library/LoginItems/HP Device Monitor.app
/Applications/Spotify.app
/Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app

/Library/LaunchDaemons:

com.apple.installer.osmessagetracing.plist
--> Program Arguments: /System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer

com.adobe.fpsaud.plist
--> Program Arguments: /Library/Application Support/Adobe/Flash Player Install Manager/fpsaud

com.microsoft.office.licensing.helper.plist
--> Program Arguments: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper

/Library/LaunchAgents:

com.MyMacUpdater.agent.plist
--> Program Arguments: /Users/claudiasenna/Applications/MyMacUpdater/MyMacUpdater
--> Program Arguments: -guid
--> Program Arguments: 9060583239541183
--> Program Arguments: -source
--> Program Arguments: zp-1848
--> Program Arguments: -url
--> Program Arguments: http://request.macmymacupdater.com/macCheckForUpdates/
--> Program Arguments: -brand
--> Program Arguments: MyMacUpdater
--> Program Arguments: -current_version
--> Program Arguments: 1000

~/Library/LaunchAgents:

com.techyutil.Utility.plist
--> Program Arguments: /Users/claudiasenna/Library/Application Support/.utility/Utility.app/Contents/MacOS/Utility

com.InternetMovilUnefon.plist
--> Program Arguments: /Users/claudiasenna/Library/Application Support/.JetSetGo/SolitaireGameHalloweenFree

com.MonSisra.plist
--> Program Arguments: /Users/claudiasenna/Library/Application Support/.TheEmeraldMaidenSymphonyofDreams/Dashlane61011475618460151842

com.gregorian.gettime.plist
--> Program Arguments: /Users/claudiasenna/Library/Application Support/.gettime/GetTime

com.hmcphlpr.hmcphlpr.plist
-> Program: /Users/claudiasenna/Library/Application Support/hmcp/hmcphlpr.app/Contents/MacOS/hmcphlpr

com.hp.devicemonitor.plist
--> Program Arguments: /Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpers/HP Device Monitor Manager.app/Contents/Library/LoginItems/HP Device Monitor.app/Contents/MacOS/HP Device Monitor

com.Pyre.plist
--> Program Arguments: /Users/claudiasenna/Library/Application Support/.AspyrGameAgent/monero-wallet-gui

com.techyutils.spchlpr.plist
-> Program: /Users/claudiasenna/Library/Application Support/spc/spchlpr.app/Contents/MacOS/spchlpr

com.pcvark.nspchlpr.plist
-> Program: /Users/claudiasenna/Library/Application Support/spc/nspchlpr.app/Contents/MacOS/nspchlpr

com.pcv.hlprmcp.plist
-> Program: /Users/claudiasenna/Library/Application Support/mcp/helpermcp.app/Contents/MacOS/helpermcp

User Crontab:

No cron jobs

/etc:

rc.common
bashrc_Apple_Terminal
bashrc
krb5.keytab~orig
zshrc
rc.netboot
localtime~orig
ntp.conf~orig
php.ini.default-previous~orig
aliases
zprofile

/ $Root:

.HFS+ Private Directory Data
/ .. children: 0
installer.failurerequests
.file
.OSInstallerMessages

~/ $Home:

Music / .. children: 2
iCloud Drive (Archivio) - 1 / .. children: 1
.CFUserTextEncoding
iCloud Drive (Archivio) / .. children: 3
Pictures / .. children: 7
.Terminal.plist
Desktop / .. children: 36
Library / .. children: 71
.cups / .. children: 1
Sites / .. children: 1
.bash_sessions / .. children: 4
Public / .. children: 2
.ssh / .. children: 1
Movies / .. children: 4
Applications / .. children: 0
.Trash / .. children: 4
Documents / .. children: 4
Downloads / .. children: 109
.bash_history

~/Library:

hlprhmcp / .. children: 1
hlprspc / .. children: 2
studentd / .. children: 4
HomeKit / .. children: 6
DES / .. children: 2
Mac Cleanup Pro / .. children: 2
Family / .. children: 1
hlprmcp / .. children: 1
Personas / .. children: 3
Mac-Cleanup-Pro / .. children: 3
WebDriver / .. children: 1
Fonts Disabled / .. children: 0
PersonalizationPortrait / .. children: 1
Similar Photo Cleaner / .. children: 1

~/Library/Application Support:

Firefox / .. children: 5
com.apple.sbd / .. children: 1
.MyShopcoupon / .. children: 1
SyncServices / .. children: 1
.MacKeeper21-08-31-945 / .. children: 1
Mozilla / .. children: 1
com.apple.touristd / .. children: 17
spc / .. children: 4
DiskImages / .. children: 1
CoreParsec / .. children: 0
Mac Cleanup Pro / .. children: 2
HP / .. children: 1
.JetSetGo / .. children: 1
MobileSync / .. children: 1
.TheEmeraldMaidenSymphonyofDreams / .. children: 1
.upd181218
Microsoft / .. children: 1
Spotify / .. children: 4
.AspyrGameAgent / .. children: 1
dmd / .. children: 0
mcp / .. children: 5
.ePUBPDFDRMRemoval / .. children: 1
.dir / .. children: 5
Adobe / .. children: 3
Mac-Cleanup-Pro / .. children: 2
org.videolan.vlc / .. children: 1
com.sqwarq.DetectX-Swift / .. children: 4
.gettime / .. children: 1
LibreOffice / .. children: 1
.MMUpdater / .. children: 1
.utility / .. children: 3
hmcp / .. children: 3
Similar Photo Cleaner / .. children: 2
OpenOffice / .. children: 1

~/Library/Safari/Extensions:

*-- Could not read Folder --*

~/Library/Internet Plug-Ins:

/Users/Shared:

adi / .. children: 0
SC Info / .. children: 0
HP / .. children: 1

/Applications:

Hewlett-Packard
Books.app
HP / .. children: 2
Home.app
Microsoft Office 2011 / .. children: 10
News.app
Spotify.app
DetectX Swift.app
HP Easy Scan.app
Stocks.app
__MACOSX / .. children: 1
Applications
Remote Desktop Connection.app
The Unarchiver.app
VoiceMemos.app
Install macOS Catalina.app
Firefox.app
Microsoft Messenger.app

/Library:

Automator / .. children: 94
Fonts Disabled / .. children: 16
Managed Preferences / .. children: 0

/Library/Application Support:

Macromedia / .. children: 1
Microsoft / .. children: 2
Adobe / .. children: 1
com.apple.installer / .. children: 1
.MMUpdater / .. children: 1

/Library/Extensions:

hp_fax_io.kext
hp_Inkjet3_io_enabler.kext

/Library/Internet Plug-Ins:

Disabled Plug-Ins / .. children: 2
SharePointBrowserPlugin.plugin
Flash Player.plugin
flashplayer.xpt
SharePointWebKitPlugin.webplugin

/Library/Managed Preferences:

/Library/PrivilegedHelperTools:

com.microsoft.office.licensing.helper

/Library/ScriptingAdditions:

/Library/StartupItems:

/Library/Updates:

ProductMetadata.plist
061-41417 / .. children: 9
index.plist
061-90107 / .. children: 9
001-15595 / .. children: 2

Top Processes:

%CPU PID COMMAND
19.9 1961 com.apple.WebKit
10.4 167 WindowServer
4.8 0 kernel_task
1.3 96 hidd
1.1 415 Safari
0.9 330 SolitaireGameHal
0.5 2813 DetectX Swift
0.4 77 launchservicesd
0.4 383 Spotify
0.2 1 launchd

mainbrake · Messaggio da **mainbrake** » ven, 10 lug 2020 17:39

Scusami Faxsus,il sys operativo è Mojave che aggiornerò dopo aver eliminato l'adware

faxus · Messaggio da **faxus** » ven, 10 lug 2020 17:39

La finestra Search, per prima, come richiesto, per favore

faxus · Messaggio da **faxus** » ven, 10 lug 2020 17:45

Mamma mia.

MyMacUpdate, MacCleanPro, Mackeeper...
È roba che ti sei installata da sola, poi

mainbrake · Messaggio da **mainbrake** » ven, 10 lug 2020 18:42

SEARCH RESULTS:

DetectX Swift v1.096
Report printed at 2020-07-10 16:39:42 +0000

/Users/claudiasenna/.Terminal.plist

/Users/claudiasenna/Library/Application Support/.dir

/Users/claudiasenna/Library/Application Support/.MMUpdater

/Users/claudiasenna/Library/Application Support/.MyShopcoupon

/Users/claudiasenna/Library/Application Support/.utility

/Users/claudiasenna/Library/Application Support/hmcp

/Users/claudiasenna/Library/Application Support/hmcp/hmcphlpr.app

/Users/claudiasenna/Library/Application Support/hmcp/hmcphlpr.app/Contents/MacOS/hmcphlpr

/Users/claudiasenna/Library/Application Support/Mac Cleanup Pro

/Users/claudiasenna/Library/Application Support/Mac-Cleanup-Pro

/Users/claudiasenna/Library/Application Support/mcp

/Users/claudiasenna/Library/Application Support/mcp/helpermcp.app

/Users/claudiasenna/Library/Application Support/mcp/mcpuninstall.app

/Users/claudiasenna/Library/Application Support/Similar Photo Cleaner

/Users/claudiasenna/Library/Application Support/spc

/Users/claudiasenna/Library/Application Support/spc/nspchlpr.app/Contents/MacOS/nspchlpr

/Users/claudiasenna/Library/Application Support/spc/spchlpr.app

/Users/claudiasenna/Library/Application Support/spc/spchlpr.app/Contents/MacOS/spchlpr

/Users/claudiasenna/Library/hlprhmcp

/Users/claudiasenna/Library/hlprmcp

/Users/claudiasenna/Library/hlprspc

/Users/claudiasenna/Library/hlprspc/spcsetts.plist

/Users/claudiasenna/Library/LaunchAgents/com.hmcphlpr.hmcphlpr.plist

/Users/claudiasenna/Library/LaunchAgents/com.pcv.hlprmcp.plist

/Users/claudiasenna/Library/LaunchAgents/com.pcvark.nspchlpr.plist

/Users/claudiasenna/Library/LaunchAgents/com.techyutil.Utility.plist

/Users/claudiasenna/Library/LaunchAgents/com.techyutils.spchlpr.plist

/Users/claudiasenna/Library/Mac Cleanup Pro

/Users/claudiasenna/Library/Mac-Cleanup-Pro

/Users/claudiasenna/Library/Similar Photo Cleaner

/Applications/__MACOSX

/Library/Application Support/.MMUpdater

/Library/LaunchAgents/com.MyMacUpdater.agent.plist

faxus · Messaggio da **faxus** » ven, 10 lug 2020 19:36

faxus ha scritto: ↑
ven, 10 lug 2020 17:45
Mamma mia.

MyMacUpdate, MacCleanPro, Mackeeper...
È roba che ti sei installata da sola, poi

E anche Maftask, Similar Photo Cleaner, MacDefender, PCWARK…

Vabbè, farò anche senza Search, tanto è abbastanza chiaro.

Ma stai in Francia?
Che ne fai del calendario gregoriano?
Usi Azure?
Scusa, domande per verificare alcuni software in uso, non curiosità invadenti.

Rimuovi tutto questo che segue.
I file invisibili, preceduti da un punto (.file), li vedrai pigiando i tasti ⌘+⇧+. (Punto).

- In ~/Library/LaunchAgents:
com.techyutil.Utility.plist
com.hmcphlpr.hmcphlpr.plist
com.techyutils.spchlpr.plist
com.pcvark.nspchlpr.plist
com.pcv.hlprmcp.plist

- In ~/Library:
hlprhmcp
hlprspc
Mac Cleanup Pro
hlprmcp
Mac-Cleanup-Pro
Similar Photo Cleaner

Cosa c’è in DES? Sono dati criptati? Di che?

- In ~/Library/Application Support:
.MyShopcoupon
.MacKeeper21-08-31-945
spc
Mac Cleanup Pro
.upd181218
dmd
mcp
.ePUBPDFDRMRemoval
Mac-Cleanup-Pro
.MMUpdater
.utility
hmcp
Similar Photo Cleaner

- In /Applications:
__MACOSX

Cosa c’è nella cartella Applications?

- In /Library/Application Support:
.MMUpdater

Poi cancella quello che trovi in Search di DetectX.
(Ma postalo qui, prima di cancellare, per controllo)

Guarda nelle Preferenze di Safari se trovi qualcosa di indesiderato in Estensioni e cancellalo.
Guarda nelle Preferenze di Sistema e vedi se c’è un pannello Profile, aprilo e vedi se l’hai messo tu.
Altrimenti cancella.

Apri Terminale ed esegui

Codice: Seleziona tutto

sudo rm -rf /Applications/Mackeeper.app ~/Library/Application\ Support/MacKeeper\ Helper ~/Library/Caches/com.zeobit.MacKeeper ~/Library/Caches/com.zeobit.MacKeeper.Helper ~/Library/Caches/com.mackeeper.MacKeeper ~/Library/Caches/com.mackeeper.MacKeeper.Helper ~/Library/Caches/LaunchAgents/com.zeobit.MacKeeper.Helper.plist ~/Library/LaunchAgents/com.zeobit.MacKeeper.plugin.Backup.agent.plist ~/Library/LaunchAgents/com.mackeeper.MacKeeper.Helper.plist ~/Library/Logs/MacKeeper.log ~/Library/Logs/MacKeeper.log.signed ~/Library/Preferences/com.zeobit.MacKeeper.plist ~/Library/Preferences/com.zeobit.MacKeeper.Helper.plist ~/Library/Preferences/com.mackeeper.MacKeeper.plist ~/Library/Preferences/com.mackeeper.MacKeeper.Helper.plist /Library/Application\ Support/MacKeeper /Library/LaunchDaemons/com.zeobit.MacKeeper.AntiVirus.plist /Library/LaunchDaemon/com.zeobit.MacKeeper.plugin.AntiTheft.daemon.plist /private/tmp/com.mackeeper.MacKeeper.Installer.config /private/var/db/receipts/com.mackeeper.MacKeeper.affid.pkg.plist /private/var/db/receipts/com.mackeeper.MacKeeper.affid.pkg.bom /private/var/db/receipts/com.mackeeper.MacKeeper.pkg.plist /private/var/db/receipts/com.mackeeper.MacKeeper.pkg.bom /Library/Preferences/.3FAD0F65-FC6E-4889-B975-B96CBF807B78

Poi ancora, scarica OnyX
http://www.titanium.free.fr/onyx.html
Ed esegui:
- Tutti gli script di manutenzione
- Ricostruisci il Database LaunchServices
- Ricostruisci la cache delle librerie dinamiche condivise
- Ricostruisci la cache XPC
- Svuota la cache sistema, applicazioni, internet, font
- Cancella le versioni dei documenti salvati automaticamente, gli elementi recenti e il cestino.

Infine riavvia, controlla di nuovo con DetectX e verifica che tutto sia a posto

Un consiglio:
- Hai troppa roba sulla scrivania
- Hai troppissima roba nella cartella Downloads.
Cancella quella che non serve più e sistema il resto dove deve stare stabilmente

Edit: non avevo letto la risposta, ma va bene egualmente, avevo già trovato tutto.
Quindi non troverai quasi più nulla dopo DetectX, controlla solo

mainbrake · Messaggio da **mainbrake** » dom, 12 lug 2020 07:27

È vero ci ho messo un pò,soprattutto a spiegare a mia figlia come usare il Mac,ma alla fine Detectx non trova nulla ed il notebook è tornato velocissimo.Grazie Faxus ed a tutti

adware

Oggetto del messaggio: adware

Oggetto del messaggio: Re: Virus

Oggetto del messaggio: Re: adware

Oggetto del messaggio: Re: adware

Oggetto del messaggio: Re: adware

Oggetto del messaggio: Re: adware

Oggetto del messaggio: Re: adware

Oggetto del messaggio: Re: adware

Oggetto del messaggio: Re: adware

Chi c’è in linea