Osx.Trojan.AppleJesus-667011-1

[Scasi_1980]

Buonasera a tutti/e,

mi scuso anzi tutto se sono poco presente qui sul forum ma comunque vi continuo a leggere e mi tengo informato sugli argomenti da Voi trattati. Purtroppo oggi mi sono imbarcato in un problema del quale purtroppo non ne vengo a capo, eseguendo la scansione con ClamXav mi viene trovato un trojan nominato Osx.Trojan.AppleJesus-667011-1 e tale trojan risiede in due Applicazioni (NETGEAR Switch Discovery Tool e Skype) il file incriminato di queste due Applicazioni è il seguente e risiede in queste directory.

/Applications/Netgear/NETGEAR Switch Discovery Tool.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libnode.dylib: Osx.Trojan.AppleJeus-6667011-1 FOUND
/Applications/Skype.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Libraries/libnode.dylib: Osx.Trojan.AppleJeus-6667011-1 FOUND

Ho provato a fare anche svariate prove tra le quali la prima provare a disinstallare le due Applicazioni e a togliere ogni singolo file appartenete a queste due App con il programma Easy find ma purtroppo appena reinstallate tale trojan si ripresenta, ma andando ad eliminare il file libnode.dylib il trojan non viene più trovato, gli stessi identici risultati li ho potuti riscontrare su anche altri computer Mac.

Ora i miei dubbi sono questi:

1) Cosa può fare questo trojan sulle mie macchine? E' innocuo o devo preoccuparmi?
2) Con quale strumento posso debellare il trojan senza dover formattare le macchine e senza cancellare il programmi che mi interessano?
3)Cosa mi suggerite di fare in questi casi?

Vi ringrazio per le pronte risposte che mi darete e e mi scuso ancora se sono poco presente nel forum, grazie ancora di tutto e buona serata.

Saluti.
Scasi_1980.

[T_Pol]

Caio Scasi_1980,
per quanto riguarda quel Trojan nello specifico non so dirti nulla per il momento.
pero per avere una buona idea cosa sia un trojan guarda qui:
https://it.wikipedia.org/wiki/Trojan_(informatica)
Appena ho piu tempo cerco di fare delle ricerche piu approfondite.
Anche se di norma sono gli antivirus che danno delle segnalazioni che poi nel ambito dei Sistemi Operativi Mac non fa quasi nulla.
Hai provato EtreCheck a vedere se ti da qualcosa di anomalo nel sistema operativo?
Guardando Google non segnala niente con quel nome che hai segnalato tu.
Forse ripasso piu Tardi.
Ciao.

[fragrua]

Acciderbolina… SCaSI sempre sul pezzo, sei riuscito a farti amico AppleJeus (di Lazarus Group), il trojan delle criptovalute.
Prende i dati del tuo computer e li invia ai server dei pirati. Saranno poi loro a decidere se meriti o meno un attacco.

https://www.intego.com/mac-security-blo ... a-mac-apt/
https://www.kaspersky.com/about/press-r ... 18_lazarus

Buona digestione, buona domenica sera e buona settimana di lavoro, a chi ha già stracciato le ferie.

[Scasi_1980]

Buonasera T''Pol,

Ti ringrazzio della Tua pronta risposta e del tuo interessamento inerente alla mia problematica. A grandi linee sò cosa è un Trojan ma la cosa che mi puzza ancor di più è che sono Applicazioni molto note e s caricate dai siti dei rispettivi sviluppatori ovvero Skype il programma di Microsoft e NETGEAR Switch Discovery Tool che il programma della Netgear.
La scansione io la ho effettuata con ClamXav sempre se questo ti può aiutare, e in più ho eseguito anche una scansione con Malwarebyte che non ha trovato nulla in quanto è un Applicazione che cerca solo Malware.

Dunque con EtreCheck io ho fatto delle scansioni ma non ho notato nulla di anormale, comunque te la posto, almeno dai un occhiata anche a quella se Vuoi, io le scansioni le faccio con la versione 3.4.6 di EtreCheck:


EtreCheck version: 3.4.6 (460)
Report generated 2018-09-02 22:29:13
Download EtreCheck from https://etrecheck.com
Runtime: 2:17
Performance: Excellent

Click the [Lookup] links for more information from Apple Support Communities.
Click the [Details] links for more information about that line.
Click the [Clean up] link to delete unused files.

Problem: Computer is too slow

Hardware Information: ⓘ
Mac Pro (Mid 2010)
[Technical Specifications] - [User Guide] - [Warranty & Service]
Mac Pro - model: MacPro5,1
2 2,66 GHz 6-Core Intel Xeon (Xeon(R)) CPU: 12-core
20 GB RAM Upgradeable - [Instructions]
DIMM 1
4 GB DDR3 ECC 1333 MHz ok
DIMM 2
4 GB DDR3 ECC 1333 MHz ok
DIMM 3
1 GB DDR3 ECC 1333 MHz ok
DIMM 4
1 GB DDR3 ECC 1333 MHz ok
DIMM 5
4 GB DDR3 ECC 1333 MHz ok
DIMM 6
4 GB DDR3 ECC 1333 MHz ok
DIMM 7
1 GB DDR3 ECC 1333 MHz ok
DIMM 8
1 GB DDR3 ECC 1333 MHz ok
Handoff/Airdrop2: not supported
Wireless: en2: 802.11 a/b/g/n
iCloud Quota: 4.23 GB available

Video Information: ⓘ
AMD Radeon HD 7950 - VRAM: 3072 MB
LED Cinema Display 2560 x 1440
LED Cinema Display 2560 x 1440

Disk Information: ⓘ
HL-DT-ST DVD-RW GH61N ()

HL-DT-ST BD-RE BH16NS40 ()

APPLE SSD SM512E disk0: (500,28 GB) (Solid State - TRIM: Yes)
[Show SMART report]
EFI (disk0s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB
Macintosh HD (disk0s2 - Journaled HFS+) / [Startup]: 499.42 GB (420.86 GB free)
Recovery HD (disk0s3 - HFS+) <not mounted> [Recovery]: 650 MB

WDC WD1001FALS-41Y6A0 disk1: (1 TB) (Rotational)
[Show SMART report]
EFI (disk1s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB
BackUp Primario Time Machine [redacted] [redacted] (disk1s2 - Journaled HFS+) /Volumes/BackUp Primario Time Machine Matteo Bonelli : 999.86 GB (789.59 GB free)

WDC WD2003FZEX-00SRLA0 disk2: (2 TB) (Rotational)
[Show SMART report]
EFI (disk2s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB
BackUp iPhoto + iTunes (disk2s2 - Journaled HFS+) /Volumes/BackUp iPhoto + iTunes : 680.03 GB (482.48 GB free)
Lavori Personali D.T.P. [redacted] [redacted] (disk2s3 - Journaled HFS+) /Volumes/Lavori Personali D.T.P. Matteo Bonelli : 520.50 GB (515.87 GB free)
Server Net Install Fam [redacted] - Novasconi (disk2s4 - Journaled HFS+) /Volumes/Server Net Install Fam Bonelli - Novasconi : 778.90 GB (618.89 GB free)
BackUp - iBackUp (disk2s5 - Journaled HFS+) /Volumes/BackUp - iBackUp : 20.22 GB (20.04 GB free)

OCZ-VERTEX2 3.5 disk3: (180,05 GB) (Solid State - TRIM: No)
[Show SMART report]
EFI (disk3s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB
Server Fam [redacted] - Novasconi (Caches) (disk3s2 - Journaled HFS+) /Volumes/Server Fam Bonelli - Novasconi (Caches) : 89.85 GB (83.04 GB free)
BackUp Server Fam [redacted] - Novasconi (disk3s3 - Journaled HFS+) /Volumes/BackUp Server Fam Bonelli - Novasconi : 89.72 GB (87.19 GB free)

spsata_pm_name ()

USB Information: ⓘ
USB20Bus
hub_device
Apple Inc. Apple LED Cinema Display
Apple Inc. Display iSight
Apple Inc. Display Audio
USB20Bus
Apple, Inc. Keyboard Hub
Mitsumi Electric Apple Optical USB Mouse
Apple, Inc Apple Keyboard
hub_device
Apple Inc. Apple LED Cinema Display
Apple Inc. Display iSight
Apple Inc. Display Audio
USBBus
USBBus
Apple Inc. BRCM2046 Hub
Apple Inc. Bluetooth USB Host Controller
USBBus
USBBus
USBBus
USBBus
USB30Bus
American Power Conversion Smart-UPS 1000 FW:UPS 09.2 / ID=18

Firewire Information: ⓘ
LaCie d2 DVDRW FW/USB 400mbit - 400mbit max

Virtual disks: ⓘ
DeveloperDiskImage (disk10 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-912e4b5f93a8c4e988d904d04d9c1473.tmp : 233 MB (167 MB free)
Physical disk: Disk Image 233 MB (167 MB free)
DeveloperDiskImage (disk11 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-a6abf824526e649bdf7b20024d445fc7.tmp : 233 MB (167 MB free)
Physical disk: Disk Image 233 MB (167 MB free)
DeveloperDiskImage (disk12 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-5b4e2af213dbb614e76d9602bb8e9b06.tmp : 236 MB (169 MB free)
Physical disk: Disk Image 236 MB (169 MB free)
DeveloperDiskImage (disk13 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-efdece63284b2f3728be649cdcdb3ed1.tmp : 240 MB (171 MB free)
Physical disk: Disk Image 240 MB (171 MB free)
DeveloperDiskImage (disk14 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-a426fc4f7715c05a57b359df3be796f4.tmp : 241 MB (172 MB free)
Physical disk: Disk Image 241 MB (172 MB free)
DeveloperDiskImage (disk15 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-01e2f165fe16c6f56d205fed6040ecb2.tmp : 241 MB (172 MB free)
Physical disk: Disk Image 241 MB (172 MB free)
DeveloperDiskImage (disk16 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-c3f57088004b6e1f69b57deac69e9463.tmp : 235 MB (168 MB free)
Physical disk: Disk Image 235 MB (168 MB free)
DeveloperDiskImage (disk17 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-e26b7ff283266370b825c51947ded4e6.tmp : 226 MB (164 MB free)
Physical disk: Disk Image 226 MB (164 MB free)
DeveloperDiskImage (disk18 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-1419bf36dbb9b799d5c4c61447e5164a.tmp : 233 MB (168 MB free)
Physical disk: Disk Image 233 MB (168 MB free)
Lavori Personali [redacted] [redacted] (disk4s2 - Journaled HFS+) /Volumes/Lavori Personali Matteo Bonelli : 1.00 TB (673.86 GB free)
Physical disk: WDC WD20EZRX-00D8PB0 1.00 TB (673.86 GB free)
Lavori Personali Maria Grazia Novasconi (disk4s3 - Journaled HFS+) /Volumes/Lavori Personali Maria Grazia Novasconi : 330.26 GB (134.43 GB free)
Physical disk: WDC WD20EZRX-00D8PB0 330.26 GB (134.43 GB free)
BackUp Time Machine macOS Server Sierra (disk4s4 - Journaled HFS+) /Volumes/BackUp Time Machine macOS Server Sierra : 666.03 GB (290.56 GB free)
Physical disk: WDC WD20EZRX-00D8PB0 666.03 GB (290.56 GB free)
Lavori Personali Mario Giuseppe [redacted] (disk5s2 - Journaled HFS+) /Volumes/Lavori Personali Mario Giuseppe Bonelli : 993.63 GB (992.97 GB free)
Physical disk: WDC WD20EZRX-00D8PB0 993.63 GB (992.97 GB free)
Deposito Spazzatura File Fam. [redacted] - Novasconi (disk5s3 - Journaled HFS+) /Volumes/Deposito Spazzatura File Fam. Bonelli - Novasconi : 37.69 GB (37.02 GB free)
Physical disk: WDC WD20EZRX-00D8PB0 37.69 GB (37.02 GB free)
BackUp Secondario Time Machine [redacted] [redacted] (disk5s4 - Journaled HFS+) /Volumes/BackUp Secondario Time Machine Matteo Bonelli : 968.46 GB (189.70 GB free)
Physical disk: WDC WD20EZRX-00D8PB0 968.46 GB (189.70 GB free)
DeveloperDiskImage (disk6 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-faf41e560d7e5d28c99ae9916924a1c8.tmp : 247 MB (175 MB free)
Physical disk: Disk Image 247 MB (175 MB free)
DeveloperDiskImage (disk7 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-316b4f59eebba72983e89edc166cc1c6.tmp : 247 MB (175 MB free)
Physical disk: Disk Image 247 MB (175 MB free)
DeveloperDiskImage (disk8 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-22124dafa5f6f9dc8e0d66754289742f.tmp : 247 MB (175 MB free)
Physical disk: Disk Image 247 MB (175 MB free)
DeveloperDiskImage (disk9 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-977c77ff2467890be8517f976781a708.tmp : 253 MB (178 MB free)
Physical disk: Disk Image 253 MB (178 MB free)

System Software: ⓘ
macOS Sierra 10.12.6 (16G1510) - Time since boot: about 7 hours

Gatekeeper: ⓘ
Mac App Store and identified developers

Clean up: ⓘ
/Library/LaunchAgents/com.teamviewer.teamviewer.plist
/Applications/TeamViewer.app/Contents/MacOS/TeamViewer -RunAsAgent YES
Executable not found!
/Library/LaunchAgents/com.teamviewer.teamviewer_desktop.plist
/Applications/TeamViewer.app/Contents/Helpers/TeamViewer_Desktop -RunAsAgent YES -Module Full
Executable not found!
/Library/LaunchDaemons/com.teamviewer.teamviewer_service.plist
/Applications/TeamViewer.app/Contents/MacOS/TeamViewer_Service -Module Full
Executable not found!
/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist
/Library/Application Support/Wireshark/ChmodBPF/ChmodBPF
Executable not found!
4 orphan files found. [Clean up]

Kernel Extensions: ⓘ
/Applications/TechTool Pro 10.app
[not loaded] com.micromat.driver.spdKernel (1.0 - SDK 10.11) [Lookup]
[not loaded] com.micromat.driver.spdKernel-10-8 (1.0 - SDK 10. [Lookup]

/Applications/Toast 16 Titanium/Toast Audio Assistant.app
[loaded] com.Cycling74.driver.Soundflower (1.6.7 - SDK 10.7) [Lookup]

/Library/Extensions
[not loaded] com.canon.cups.fax.print.kext.usbprintclass (4.8.1 - SDK 10.12) [Lookup]
[not loaded] com.paragon-software.filesystems.apfs (1.0.164 - SDK 10.10) [Lookup]
[loaded] com.paragon-software.filesystems.ntfs (15.2.319 - SDK 10.10) [Lookup]

~/Library/Services/ToastIt.service/Contents/MacOS
[not loaded] com.roxio.TDIXController (2.0) [Lookup]

System Launch Agents: ⓘ
[not loaded] 7 Apple tasks
[loaded] 170 Apple tasks
[running] 109 Apple tasks

System Launch Daemons: ⓘ
[not loaded] 27 Apple tasks
[loaded] 177 Apple tasks
[running] 114 Apple tasks

Launch Agents: ⓘ
[not loaded] com.adobe.AAM.Updater-1.0.plist (Adobe Systems, Inc. - installed 2018-02-09) [Lookup]
[failed] com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2018-06-28) [Lookup]
[not loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-05-31) [Lookup]
[running] com.brother.LOGINserver.plist (? a1772de2 41ad4933 - installed 2018-02-24) [Lookup]
[running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2018-08-06) [Lookup]
[running] com.micromat.TechToolProAgent.plist (Micromat, Inc. - installed 2018-08-23) [Lookup]
[loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2018-08-20) [Lookup]
[loaded] com.oracle.java.Java-Updater.plist (? e10f30fb 5e3b1cee - installed 2018-08-18) [Lookup]
[running] com.paragon-software.ntfs.notification-agent.plist (Paragon Software GmbH - installed 2018-05-16) [Lookup]
[not loaded] com.teamviewer.teamviewer.plist (? bb938493 0 - installed 2018-08-07) [Lookup] - /Applications/TeamViewer.app/Contents/MacOS/TeamViewer: Executable not found!
[not loaded] com.teamviewer.teamviewer_desktop.plist (? 5984e04 0 - installed 2018-08-07) [Lookup] - /Applications/TeamViewer.app/Contents/Helpers/TeamViewer_Desktop: Executable not found!
[loaded] org.macosforge.xquartz.startx.plist (Apple Inc. - XQuartz - installed 2016-10-26) [Lookup]

Launch Daemons: ⓘ
[running] com.adobe.acc.installer.v2.plist (Adobe Systems, Inc. - installed 2018-06-28) [Lookup]
[running] com.adobe.agmservice.plist (Adobe Systems, Inc. - installed 2018-05-31) [Lookup]
[running] com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2018-05-31) [Lookup]
[loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2018-07-28) [Lookup]
[running] com.apple.serverd.plist (? 77315927 a1a871d1 - installed 2018-02-25)
[loaded] com.charlessoft.pacifist.helper.plist (Charles Srstka - installed 2018-04-01) [Lookup]
[running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2018-08-06) [Lookup]
[running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2018-08-06) [Lookup]
[running] com.micromat.TechToolProDaemon.plist (Micromat, Inc. - installed 2018-08-23) [Lookup]
[loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2018-08-25) [Lookup]
[loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2018-01-17) [Lookup]
[loaded] com.oracle.java.Helper-Tool.plist (Shell Script fa56dec8 - installed 2018-06-28) [Lookup]
[running] com.paragon-software.installer.plist (Paragon Software GmbH - installed 2018-05-16) [Lookup]
[loaded] com.paragon-software.ntfs.loader.plist (Apple, Inc. - installed 2018-06-28)
[running] com.paragon-software.ntfsd.plist (Paragon Software GmbH - installed 2018-04-20) [Lookup]
[loaded] com.teamviewer.Helper.plist (TeamViewer GmbH - installed 2018-08-07) [Lookup]
[not loaded] com.teamviewer.teamviewer_service.plist (? e6c7921e 0 - installed 2018-08-07) [Lookup] - /Applications/TeamViewer.app/Contents/MacOS/TeamViewer_Service: Executable not found!
[loaded] org.macosforge.xquartz.privileged_startx.plist (Apple Inc. - XQuartz - installed 2016-10-26) [Lookup]
[loaded] org.wireshark.ChmodBPF.plist (? d4207e05 0 - installed 2018-06-19) [Lookup] - /Library/Application Support/Wireshark/ChmodBPF/ChmodBPF: Executable not found!
[loaded] uk.co.canimaansoftware.ClamXavHelper.plist (Mark Allan - installed 2018-02-04) [Lookup]
[loaded] uk.co.canimaansoftware.ClamXavHelperUpdater.plist (Mark Allan - installed 2018-08-18) [Lookup]

User Launch Agents: ⓘ
[loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-05-31) [Lookup]
[loaded] com.apple.serveralertproxy.plist (? 7ce1e1a0 2c5237ea - installed 2018-09-02)
[loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2018-08-22) [Lookup]
[running] com.erikhinterbichler.HeraldLaunchAgent.plist (Erik Hinterbichler - installed 2018-06-09) [Lookup]
[loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2018-07-18) [Lookup]
[loaded] uk.co.canimaansoftware.clamxav.UninstallWatcher.plist (Mark Allan - installed 2018-09-02) [Lookup]

User Login Items: ⓘ
iTunesHelper Applicazione (Apple, Inc. - installed 2018-07-10)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
HyperDock Applicazione
(/Applications/HyperDock.app)
ClamXav Sentry Applicazione
(/Applications/ClamXav/ClamXAV.app/Contents/Resources/ClamXav Sentry.app)
com.coppertino.voxcloud SMLoginItem - Hidden (Apple, Inc. - installed 2018-09-02)
(/Applications/VOX.app/Contents/Library/LoginItems/Loop.app)

Internet Plug-ins: ⓘ
AdobeExManDetect: AdobeExManDetect 1.1.0.0 (installed 2018-02-09) [Lookup]
FlashPlayer-10.6: 30.0.0.154 (installed 2018-08-20) [Lookup]
QuickTime Plugin: 7.7.3 (installed 2018-07-10)
AdobeAAMDetect: 3.0.0.0 (installed 2018-06-28) [Lookup]
AdobePDFViewer: 10.1.1 (installed 2018-02-05) [Lookup]
Flash Player: 30.0.0.154 (installed 2018-08-20) [Lookup]
jdk: Unknown (installed 2018-08-18)
PepperFlashPlayer: 30.0.0.154 (installed 2018-08-18) [Lookup]
MeetingJoinPlugin: 1.0 (installed 2018-08-25) [Lookup]
JavaAppletPlugin: Java 10.0.2 build 13 (installed 2018-08-18) Check version

3rd Party Preference Panes: ⓘ
Flash Player (installed 2018-07-28) [Lookup]
Java (installed 2018-08-18) [Lookup]
NTFS (installed 2018-04-20) [Lookup]
TechTool Protection (installed 2018-08-23) [Lookup]

Time Machine: ⓘ
Skip System Files: NO
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 499.42 GB Disk used: 78.56 GB
Destinations:
BackUp Primario Time Machine [redacted] [redacted] [Local]
Total size: 999.86 GB
Total number of backups: 36
Oldest backup: 17/02/18, 23:01
Last backup: 02/09/18, 21:29
Size of backup disk: Adequate
Backup size 999.86 GB > (Disk used 78.56 GB X 3)

BackUp Server macOS Sierra Fam. [redacted] - Novasconi [Local]
Total size: 999.86 GB
Total number of backups: 6
Oldest backup: 07/03/18, 22:04
Last backup: 05/07/18, 19:29
Size of backup disk: Adequate
Backup size 999.86 GB > (Disk used 78.56 GB X 3)

BackUp Secondario Time Machine [redacted] [redacted] [Local]
Total size: 968.46 GB
Total number of backups: 40
Oldest backup: 23/01/18, 19:12
Last backup: 02/09/18, 22:27
Size of backup disk: Adequate
Backup size 968.46 GB > (Disk used 78.56 GB X 3)

Top Processes by CPU: ⓘ
5% WindowServer
4% launchd
2% Google Chrome
2% Google Chrome Helper
2% kernel_task

Top Processes by Memory: ⓘ
1.47 GB kernel_task
666 MB clamd
381 MB RTProtectionDaemon
333 MB Google Chrome
303 MB mds_stores

Top Processes by Network Use: ⓘ
Input Output Process name
4.40 GB 4.40 GB AssetCache
8 MB 1 MB mDNSResponder
154 KB 2 MB named
692 KB 57 KB CalendarAgent
324 KB 15 KB netbiosd

Top Processes by Energy Use: ⓘ
6.72 WindowServer
3.60 Google Chrome
3.00 Google Chrome Helper
1.54 ClamXav Sentry

Virtual Memory Information: ⓘ
9.12 GB Available RAM
142 MB Free RAM
10.88 GB Used RAM
8.98 GB Cached files
318 MB Swap Used

Software installs (last 30 days): ⓘ
VOX: 3.3.1 (installed 2018-08-18)
OneDrive: 18.131.0701 (installed 2018-08-18)
Adobe Pepper Flash Player: (installed 2018-08-18)
Microsoft PowerPoint for Mac: (installed 2018-08-18)
Java 10.0.2: (installed 2018-08-18)
Microsoft Excel for Mac: (installed 2018-08-18)
Microsoft Word for Mac: (installed 2018-08-18)
Microsoft Outlook for Mac: (installed 2018-08-18)
Microsoft AutoUpdate: (installed 2018-08-20)
Adobe Flash Player: (installed 2018-08-20)
TechTool Pro 10.0.1: (installed 2018-08-23)
Skype for Business: (installed 2018-08-25)
TeamViewer: 13.2.14327 (installed 2018-08-28)

Install information may not be complete.

Diagnostics Events (last 3 days for minor events): ⓘ
2018-09-02 18:31:54 uk.co.canimaansoftware.ClamXavHelper Crash [Open]
2018-09-02 18:16:18 NETGEAR Switch Discovery Tool.app Crash [Open]
Cause: dyld: launch, loading dependent libraries
2018-09-02 17:32:20 backupd High CPU use [Open] [Details]
2018-09-02 15:49:32 ClamXAV.app High CPU use [Open] [Details]
2018-09-02 15:48:22 Google Chrome.app Hang [Open]
2018-09-02 15:26:05 Server.app High CPU use [Open] [Details]
2018-09-02 15:25:03 Creative Cloud.app Crash [Open]
2018-09-02 15:23:00 Last shutdown cause: 0 - Power loss
2018-09-01 23:42:29 JavaAppletPlugin.plugin Hang [Open]

Infine facendo alcune ricerche su internet io sono riuscito a trovare un paio di articoli qui i link:

1) https://www.hdblog.it/2018/08/24/applej ... c-windows/
2) https://cryptodisrupt.com/applejesus-hi ... irst-time/

Ancora grazie del tuo prezioso aiuto e spero che le info che ti ho dato ti possano essere utili a capire qualcosa di più sul mio problema dei miei mac.

Buona serata.
Scasi_1980.

[fragrua]

1) Cosa può fare questo trojan sulle mie macchine? E' innocuo o devo preoccuparmi?

Invia alcune informazioni della tua macchina ai malintenzionati che decideranno se concentrarsi su di te, se di loro interesse

2) Con quale strumento posso debellare il trojan senza dover formattare le macchine e senza cancellare il programmi che mi interessano?

Cestina libnode.dylib e riavvia il Mac.

3) Cosa mi suggerite di fare in questi casi?

Nulla, se non sei un "malato" di criptovalute.


Avevo scritto qualcosa anche qui.
viewtopic.php?f=9&t=43996&p=483975#p483973

[Scasi_1980]

Acciderbolina… SCaSI sempre sul pezzo, sei riuscito a farti amico AppleJeus (di Lazarus Group), il trojan delle criptovalute.
Prende i dati del tuo computer e li invia ai server dei pirati. Saranno poi loro a decidere se meriti o meno un attacco.

https://www.intego.com/mac-security-blo ... a-mac-apt/
https://www.kaspersky.com/about/press-r ... 18_lazarus

Buona digestione, buona domenica sera e buona settimana di lavoro, a chi ha già stracciato le ferie.

Buonasera franz,

è mo che fammo ne ho due Mac infettati con AppleJesus sono due programmi uno Skype e l'altro della Netgear come risolvo?

Grazie ancora di tutto e buona serata.
Scasi_1980.

[faxus]

... 1) Cosa può fare questo trojan sulle mie macchine?...
2) Con quale strumento posso debellare il trojan senza dover formattare le macchine e senza cancellare il programmi che mi interessano?
3)Cosa mi suggerite di fare in questi casi?...

1) Nulla
2) Nessuno
3) Butta l'antivirus e tieni meglio il sistema che non è ben tenuto

[fragrua]

Risposto già.

[Scasi_1980]

... 1) Cosa può fare questo trojan sulle mie macchine?...
2) Con quale strumento posso debellare il trojan senza dover formattare le macchine e senza cancellare il programmi che mi interessano?
3)Cosa mi suggerite di fare in questi casi?...

1) Nulla
2) Nessuno
3) Butta l'antivirus e tieni meglio il sistema che non è ben tenuto

Buonasera faxus,

quale onore sentirti, puoi specificare meglio i punti che trovi negativi del mio log di EtreCechk almeno cerco di risolvermeli, sempre se puoi?
Spero per il resto vada tutto bene.

Ancora grazie di tutto e buona serata.
Saluti.
Scasi_1980.

[Scasi_1980]

1) Cosa può fare questo trojan sulle mie macchine? E' innocuo o devo preoccuparmi?

Invia alcune informazioni della tua macchina ai malintenzionati che decideranno se concentrarsi su di te, se di loro interesse

2) Con quale strumento posso debellare il trojan senza dover formattare le macchine e senza cancellare il programmi che mi interessano?

Cestina libnode.dylib e riavvia il Mac.

3) Cosa mi suggerite di fare in questi casi?

Nulla, se non sei un "malato" di criptovalute.


Avevo scritto qualcosa anche qui.
viewtopic.php?f=9&t=43996&p=483975#p483973

Buonasera Franz,

ok cestinerò i file inerenti a quei programmi, ovvero lybnode.dylib ma siccome sono due programmi che uso, cancellando quei file i programmi torneranno a funzionare regolarmente?

Ancora grazie delle risposte che riceverò.
Saluti.
Scasi_1980.

[faxus]

... puoi specificare meglio i punti che ...

Benvolentieri.

Ma è una cosa che faccio meglio di mattina.
L'avrei fatto comunque domani.

Buona serata

[Scasi_1980]

Buonasera Faxus,

grazie di tutto e della tua pronta disponibilità, casomai non riuscissi in alcuni punti te ne sarei molto grato se mi aiutassi.

Buonaserata e ancora grazie del aiuto che mi state dando.
Saluti.
Scasi_1980.

[T_Pol]

Buonasera T''Pol,

Ti ringrazzio della Tua pronta risposta e del tuo interessamento inerente alla mia problematica. A grandi linee sò cosa è un Trojan ma la cosa che mi puzza ancor di più è che sono Applicazioni molto note e s caricate dai siti dei rispettivi sviluppatori ovvero Skype il programma di Microsoft e NETGEAR Switch Discovery Tool che il programma della Netgear.
La scansione io la ho effettuata con ClamXav sempre se questo ti può aiutare, e in più ho eseguito anche una scansione con Malwarebyte che non ha trovato nulla in quanto è un Applicazione che cerca solo Malware.

Dunque con EtreCheck io ho fatto delle scansioni ma non ho notato nulla di anormale, comunque te la posto, almeno dai un occhiata anche a quella se Vuoi, io le scansioni le faccio con la versione 3.4.6 di EtreCheck:


EtreCheck version: 3.4.6 (460)
Report generated 2018-09-02 22:29:13
Download EtreCheck from https://etrecheck.com
Runtime: 2:17
Performance: Excellent

Click the [Lookup] links for more information from Apple Support Communities.
Click the [Details] links for more information about that line.
Click the [Clean up] link to delete unused files.

Problem: Computer is too slow

Hardware Information: ⓘ
Mac Pro (Mid 2010)
[Technical Specifications] - [User Guide] - [Warranty & Service]
Mac Pro - model: MacPro5,1
2 2,66 GHz 6-Core Intel Xeon (Xeon(R)) CPU: 12-core
20 GB RAM Upgradeable - [Instructions]
DIMM 1
4 GB DDR3 ECC 1333 MHz ok
DIMM 2
4 GB DDR3 ECC 1333 MHz ok
DIMM 3
1 GB DDR3 ECC 1333 MHz ok
DIMM 4
1 GB DDR3 ECC 1333 MHz ok
DIMM 5
4 GB DDR3 ECC 1333 MHz ok
DIMM 6
4 GB DDR3 ECC 1333 MHz ok
DIMM 7
1 GB DDR3 ECC 1333 MHz ok
DIMM 8
1 GB DDR3 ECC 1333 MHz ok
Handoff/Airdrop2: not supported
Wireless: en2: 802.11 a/b/g/n
iCloud Quota: 4.23 GB available

Video Information: ⓘ
AMD Radeon HD 7950 - VRAM: 3072 MB
LED Cinema Display 2560 x 1440
LED Cinema Display 2560 x 1440

Disk Information: ⓘ
HL-DT-ST DVD-RW GH61N ()

HL-DT-ST BD-RE BH16NS40 ()

APPLE SSD SM512E disk0: (500,28 GB) (Solid State - TRIM: Yes)
[Show SMART report]
EFI (disk0s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB
Macintosh HD (disk0s2 - Journaled HFS+) / [Startup]: 499.42 GB (420.86 GB free)
Recovery HD (disk0s3 - HFS+) <not mounted> [Recovery]: 650 MB

WDC WD1001FALS-41Y6A0 disk1: (1 TB) (Rotational)
[Show SMART report]
EFI (disk1s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB
BackUp Primario Time Machine [redacted] [redacted] (disk1s2 - Journaled HFS+) /Volumes/BackUp Primario Time Machine Matteo Bonelli : 999.86 GB (789.59 GB free)

WDC WD2003FZEX-00SRLA0 disk2: (2 TB) (Rotational)
[Show SMART report]
EFI (disk2s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB
BackUp iPhoto + iTunes (disk2s2 - Journaled HFS+) /Volumes/BackUp iPhoto + iTunes : 680.03 GB (482.48 GB free)
Lavori Personali D.T.P. [redacted] [redacted] (disk2s3 - Journaled HFS+) /Volumes/Lavori Personali D.T.P. Matteo Bonelli : 520.50 GB (515.87 GB free)
Server Net Install Fam [redacted] - Novasconi (disk2s4 - Journaled HFS+) /Volumes/Server Net Install Fam Bonelli - Novasconi : 778.90 GB (618.89 GB free)
BackUp - iBackUp (disk2s5 - Journaled HFS+) /Volumes/BackUp - iBackUp : 20.22 GB (20.04 GB free)

OCZ-VERTEX2 3.5 disk3: (180,05 GB) (Solid State - TRIM: No)
[Show SMART report]
EFI (disk3s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB
Server Fam [redacted] - Novasconi (Caches) (disk3s2 - Journaled HFS+) /Volumes/Server Fam Bonelli - Novasconi (Caches) : 89.85 GB (83.04 GB free)
BackUp Server Fam [redacted] - Novasconi (disk3s3 - Journaled HFS+) /Volumes/BackUp Server Fam Bonelli - Novasconi : 89.72 GB (87.19 GB free)

spsata_pm_name ()

USB Information: ⓘ
USB20Bus
hub_device
Apple Inc. Apple LED Cinema Display
Apple Inc. Display iSight
Apple Inc. Display Audio
USB20Bus
Apple, Inc. Keyboard Hub
Mitsumi Electric Apple Optical USB Mouse
Apple, Inc Apple Keyboard
hub_device
Apple Inc. Apple LED Cinema Display
Apple Inc. Display iSight
Apple Inc. Display Audio
USBBus
USBBus
Apple Inc. BRCM2046 Hub
Apple Inc. Bluetooth USB Host Controller
USBBus
USBBus
USBBus
USBBus
USB30Bus
American Power Conversion Smart-UPS 1000 FW:UPS 09.2 / ID=18

Firewire Information: ⓘ
LaCie d2 DVDRW FW/USB 400mbit - 400mbit max

Virtual disks: ⓘ
DeveloperDiskImage (disk10 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-912e4b5f93a8c4e988d904d04d9c1473.tmp : 233 MB (167 MB free)
Physical disk: Disk Image 233 MB (167 MB free)
DeveloperDiskImage (disk11 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-a6abf824526e649bdf7b20024d445fc7.tmp : 233 MB (167 MB free)
Physical disk: Disk Image 233 MB (167 MB free)
DeveloperDiskImage (disk12 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-5b4e2af213dbb614e76d9602bb8e9b06.tmp : 236 MB (169 MB free)
Physical disk: Disk Image 236 MB (169 MB free)
DeveloperDiskImage (disk13 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-efdece63284b2f3728be649cdcdb3ed1.tmp : 240 MB (171 MB free)
Physical disk: Disk Image 240 MB (171 MB free)
DeveloperDiskImage (disk14 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-a426fc4f7715c05a57b359df3be796f4.tmp : 241 MB (172 MB free)
Physical disk: Disk Image 241 MB (172 MB free)
DeveloperDiskImage (disk15 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-01e2f165fe16c6f56d205fed6040ecb2.tmp : 241 MB (172 MB free)
Physical disk: Disk Image 241 MB (172 MB free)
DeveloperDiskImage (disk16 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-c3f57088004b6e1f69b57deac69e9463.tmp : 235 MB (168 MB free)
Physical disk: Disk Image 235 MB (168 MB free)
DeveloperDiskImage (disk17 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-e26b7ff283266370b825c51947ded4e6.tmp : 226 MB (164 MB free)
Physical disk: Disk Image 226 MB (164 MB free)
DeveloperDiskImage (disk18 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-1419bf36dbb9b799d5c4c61447e5164a.tmp : 233 MB (168 MB free)
Physical disk: Disk Image 233 MB (168 MB free)
Lavori Personali [redacted] [redacted] (disk4s2 - Journaled HFS+) /Volumes/Lavori Personali Matteo Bonelli : 1.00 TB (673.86 GB free)
Physical disk: WDC WD20EZRX-00D8PB0 1.00 TB (673.86 GB free)
Lavori Personali Maria Grazia Novasconi (disk4s3 - Journaled HFS+) /Volumes/Lavori Personali Maria Grazia Novasconi : 330.26 GB (134.43 GB free)
Physical disk: WDC WD20EZRX-00D8PB0 330.26 GB (134.43 GB free)
BackUp Time Machine macOS Server Sierra (disk4s4 - Journaled HFS+) /Volumes/BackUp Time Machine macOS Server Sierra : 666.03 GB (290.56 GB free)
Physical disk: WDC WD20EZRX-00D8PB0 666.03 GB (290.56 GB free)
Lavori Personali Mario Giuseppe [redacted] (disk5s2 - Journaled HFS+) /Volumes/Lavori Personali Mario Giuseppe Bonelli : 993.63 GB (992.97 GB free)
Physical disk: WDC WD20EZRX-00D8PB0 993.63 GB (992.97 GB free)
Deposito Spazzatura File Fam. [redacted] - Novasconi (disk5s3 - Journaled HFS+) /Volumes/Deposito Spazzatura File Fam. Bonelli - Novasconi : 37.69 GB (37.02 GB free)
Physical disk: WDC WD20EZRX-00D8PB0 37.69 GB (37.02 GB free)
BackUp Secondario Time Machine [redacted] [redacted] (disk5s4 - Journaled HFS+) /Volumes/BackUp Secondario Time Machine Matteo Bonelli : 968.46 GB (189.70 GB free)
Physical disk: WDC WD20EZRX-00D8PB0 968.46 GB (189.70 GB free)
DeveloperDiskImage (disk6 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-faf41e560d7e5d28c99ae9916924a1c8.tmp : 247 MB (175 MB free)
Physical disk: Disk Image 247 MB (175 MB free)
DeveloperDiskImage (disk7 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-316b4f59eebba72983e89edc166cc1c6.tmp : 247 MB (175 MB free)
Physical disk: Disk Image 247 MB (175 MB free)
DeveloperDiskImage (disk8 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-22124dafa5f6f9dc8e0d66754289742f.tmp : 247 MB (175 MB free)
Physical disk: Disk Image 247 MB (175 MB free)
DeveloperDiskImage (disk9 - HFS+) /private/var/folders/c2/148s1_ln0gd6w6x8w02v7d6m0000gn/T/clamav-977c77ff2467890be8517f976781a708.tmp : 253 MB (178 MB free)
Physical disk: Disk Image 253 MB (178 MB free)

System Software: ⓘ
macOS Sierra 10.12.6 (16G1510) - Time since boot: about 7 hours

Gatekeeper: ⓘ
Mac App Store and identified developers

Clean up: ⓘ
/Library/LaunchAgents/com.teamviewer.teamviewer.plist
/Applications/TeamViewer.app/Contents/MacOS/TeamViewer -RunAsAgent YES
Executable not found!
/Library/LaunchAgents/com.teamviewer.teamviewer_desktop.plist
/Applications/TeamViewer.app/Contents/Helpers/TeamViewer_Desktop -RunAsAgent YES -Module Full
Executable not found!
/Library/LaunchDaemons/com.teamviewer.teamviewer_service.plist
/Applications/TeamViewer.app/Contents/MacOS/TeamViewer_Service -Module Full
Executable not found!
/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist
/Library/Application Support/Wireshark/ChmodBPF/ChmodBPF
Executable not found!
4 orphan files found. [Clean up]

Kernel Extensions: ⓘ
/Applications/TechTool Pro 10.app
[not loaded] com.micromat.driver.spdKernel (1.0 - SDK 10.11) [Lookup]
[not loaded] com.micromat.driver.spdKernel-10-8 (1.0 - SDK 10. [Lookup]

/Applications/Toast 16 Titanium/Toast Audio Assistant.app
[loaded] com.Cycling74.driver.Soundflower (1.6.7 - SDK 10.7) [Lookup]

/Library/Extensions
[not loaded] com.canon.cups.fax.print.kext.usbprintclass (4.8.1 - SDK 10.12) [Lookup]
[not loaded] com.paragon-software.filesystems.apfs (1.0.164 - SDK 10.10) [Lookup]
[loaded] com.paragon-software.filesystems.ntfs (15.2.319 - SDK 10.10) [Lookup]

~/Library/Services/ToastIt.service/Contents/MacOS
[not loaded] com.roxio.TDIXController (2.0) [Lookup]

System Launch Agents: ⓘ
[not loaded] 7 Apple tasks
[loaded] 170 Apple tasks
[running] 109 Apple tasks

System Launch Daemons: ⓘ
[not loaded] 27 Apple tasks
[loaded] 177 Apple tasks
[running] 114 Apple tasks

Launch Agents: ⓘ
[not loaded] com.adobe.AAM.Updater-1.0.plist (Adobe Systems, Inc. - installed 2018-02-09) [Lookup]
[failed] com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2018-06-28) [Lookup]
[not loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-05-31) [Lookup]
[running] com.brother.LOGINserver.plist (? a1772de2 41ad4933 - installed 2018-02-24) [Lookup]
[running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2018-08-06) [Lookup]
[running] com.micromat.TechToolProAgent.plist (Micromat, Inc. - installed 2018-08-23) [Lookup]
[loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2018-08-20) [Lookup]
[loaded] com.oracle.java.Java-Updater.plist (? e10f30fb 5e3b1cee - installed 2018-08-18) [Lookup]
[running] com.paragon-software.ntfs.notification-agent.plist (Paragon Software GmbH - installed 2018-05-16) [Lookup]
[not loaded] com.teamviewer.teamviewer.plist (? bb938493 0 - installed 2018-08-07) [Lookup] - /Applications/TeamViewer.app/Contents/MacOS/TeamViewer: Executable not found!
[not loaded] com.teamviewer.teamviewer_desktop.plist (? 5984e04 0 - installed 2018-08-07) [Lookup] - /Applications/TeamViewer.app/Contents/Helpers/TeamViewer_Desktop: Executable not found!
[loaded] org.macosforge.xquartz.startx.plist (Apple Inc. - XQuartz - installed 2016-10-26) [Lookup]

Launch Daemons: ⓘ
[running] com.adobe.acc.installer.v2.plist (Adobe Systems, Inc. - installed 2018-06-28) [Lookup]
[running] com.adobe.agmservice.plist (Adobe Systems, Inc. - installed 2018-05-31) [Lookup]
[running] com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2018-05-31) [Lookup]
[loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2018-07-28) [Lookup]
[running] com.apple.serverd.plist (? 77315927 a1a871d1 - installed 2018-02-25)
[loaded] com.charlessoft.pacifist.helper.plist (Charles Srstka - installed 2018-04-01) [Lookup]
[running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2018-08-06) [Lookup]
[running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2018-08-06) [Lookup]
[running] com.micromat.TechToolProDaemon.plist (Micromat, Inc. - installed 2018-08-23) [Lookup]
[loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2018-08-25) [Lookup]
[loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2018-01-17) [Lookup]
[loaded] com.oracle.java.Helper-Tool.plist (Shell Script fa56dec8 - installed 2018-06-28) [Lookup]
[running] com.paragon-software.installer.plist (Paragon Software GmbH - installed 2018-05-16) [Lookup]
[loaded] com.paragon-software.ntfs.loader.plist (Apple, Inc. - installed 2018-06-28)
[running] com.paragon-software.ntfsd.plist (Paragon Software GmbH - installed 2018-04-20) [Lookup]
[loaded] com.teamviewer.Helper.plist (TeamViewer GmbH - installed 2018-08-07) [Lookup]
[not loaded] com.teamviewer.teamviewer_service.plist (? e6c7921e 0 - installed 2018-08-07) [Lookup] - /Applications/TeamViewer.app/Contents/MacOS/TeamViewer_Service: Executable not found!
[loaded] org.macosforge.xquartz.privileged_startx.plist (Apple Inc. - XQuartz - installed 2016-10-26) [Lookup]
[loaded] org.wireshark.ChmodBPF.plist (? d4207e05 0 - installed 2018-06-19) [Lookup] - /Library/Application Support/Wireshark/ChmodBPF/ChmodBPF: Executable not found!
[loaded] uk.co.canimaansoftware.ClamXavHelper.plist (Mark Allan - installed 2018-02-04) [Lookup]
[loaded] uk.co.canimaansoftware.ClamXavHelperUpdater.plist (Mark Allan - installed 2018-08-18) [Lookup]

User Launch Agents: ⓘ
[loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-05-31) [Lookup]
[loaded] com.apple.serveralertproxy.plist (? 7ce1e1a0 2c5237ea - installed 2018-09-02)
[loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2018-08-22) [Lookup]
[running] com.erikhinterbichler.HeraldLaunchAgent.plist (Erik Hinterbichler - installed 2018-06-09) [Lookup]
[loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2018-07-18) [Lookup]
[loaded] uk.co.canimaansoftware.clamxav.UninstallWatcher.plist (Mark Allan - installed 2018-09-02) [Lookup]

User Login Items: ⓘ
iTunesHelper Applicazione (Apple, Inc. - installed 2018-07-10)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
HyperDock Applicazione
(/Applications/HyperDock.app)
ClamXav Sentry Applicazione
(/Applications/ClamXav/ClamXAV.app/Contents/Resources/ClamXav Sentry.app)
com.coppertino.voxcloud SMLoginItem - Hidden (Apple, Inc. - installed 2018-09-02)
(/Applications/VOX.app/Contents/Library/LoginItems/Loop.app)

Internet Plug-ins: ⓘ
AdobeExManDetect: AdobeExManDetect 1.1.0.0 (installed 2018-02-09) [Lookup]
FlashPlayer-10.6: 30.0.0.154 (installed 2018-08-20) [Lookup]
QuickTime Plugin: 7.7.3 (installed 2018-07-10)
AdobeAAMDetect: 3.0.0.0 (installed 2018-06-28) [Lookup]
AdobePDFViewer: 10.1.1 (installed 2018-02-05) [Lookup]
Flash Player: 30.0.0.154 (installed 2018-08-20) [Lookup]
jdk: Unknown (installed 2018-08-18)
PepperFlashPlayer: 30.0.0.154 (installed 2018-08-18) [Lookup]
MeetingJoinPlugin: 1.0 (installed 2018-08-25) [Lookup]
JavaAppletPlugin: Java 10.0.2 build 13 (installed 2018-08-18) Check version

3rd Party Preference Panes: ⓘ
Flash Player (installed 2018-07-28) [Lookup]
Java (installed 2018-08-18) [Lookup]
NTFS (installed 2018-04-20) [Lookup]
TechTool Protection (installed 2018-08-23) [Lookup]

Time Machine: ⓘ
Skip System Files: NO
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 499.42 GB Disk used: 78.56 GB
Destinations:
BackUp Primario Time Machine [redacted] [redacted] [Local]
Total size: 999.86 GB
Total number of backups: 36
Oldest backup: 17/02/18, 23:01
Last backup: 02/09/18, 21:29
Size of backup disk: Adequate
Backup size 999.86 GB > (Disk used 78.56 GB X 3)

BackUp Server macOS Sierra Fam. [redacted] - Novasconi [Local]
Total size: 999.86 GB
Total number of backups: 6
Oldest backup: 07/03/18, 22:04
Last backup: 05/07/18, 19:29
Size of backup disk: Adequate
Backup size 999.86 GB > (Disk used 78.56 GB X 3)

BackUp Secondario Time Machine [redacted] [redacted] [Local]
Total size: 968.46 GB
Total number of backups: 40
Oldest backup: 23/01/18, 19:12
Last backup: 02/09/18, 22:27
Size of backup disk: Adequate
Backup size 968.46 GB > (Disk used 78.56 GB X 3)

Top Processes by CPU: ⓘ
5% WindowServer
4% launchd
2% Google Chrome
2% Google Chrome Helper
2% kernel_task

Top Processes by Memory: ⓘ
1.47 GB kernel_task
666 MB clamd
381 MB RTProtectionDaemon
333 MB Google Chrome
303 MB mds_stores

Top Processes by Network Use: ⓘ
Input Output Process name
4.40 GB 4.40 GB AssetCache
8 MB 1 MB mDNSResponder
154 KB 2 MB named
692 KB 57 KB CalendarAgent
324 KB 15 KB netbiosd

Top Processes by Energy Use: ⓘ
6.72 WindowServer
3.60 Google Chrome
3.00 Google Chrome Helper
1.54 ClamXav Sentry

Virtual Memory Information: ⓘ
9.12 GB Available RAM
142 MB Free RAM
10.88 GB Used RAM
8.98 GB Cached files
318 MB Swap Used

Software installs (last 30 days): ⓘ
VOX: 3.3.1 (installed 2018-08-18)
OneDrive: 18.131.0701 (installed 2018-08-18)
Adobe Pepper Flash Player: (installed 2018-08-18)
Microsoft PowerPoint for Mac: (installed 2018-08-18)
Java 10.0.2: (installed 2018-08-18)
Microsoft Excel for Mac: (installed 2018-08-18)
Microsoft Word for Mac: (installed 2018-08-18)
Microsoft Outlook for Mac: (installed 2018-08-18)
Microsoft AutoUpdate: (installed 2018-08-20)
Adobe Flash Player: (installed 2018-08-20)
TechTool Pro 10.0.1: (installed 2018-08-23)
Skype for Business: (installed 2018-08-25)
TeamViewer: 13.2.14327 (installed 2018-08-28)

Install information may not be complete.

Diagnostics Events (last 3 days for minor events): ⓘ
2018-09-02 18:31:54 uk.co.canimaansoftware.ClamXavHelper Crash [Open]
2018-09-02 18:16:18 NETGEAR Switch Discovery Tool.app Crash [Open]
Cause: dyld: launch, loading dependent libraries
2018-09-02 17:32:20 backupd High CPU use [Open] [Details]
2018-09-02 15:49:32 ClamXAV.app High CPU use [Open] [Details]
2018-09-02 15:48:22 Google Chrome.app Hang [Open]
2018-09-02 15:26:05 Server.app High CPU use [Open] [Details]
2018-09-02 15:25:03 Creative Cloud.app Crash [Open]
2018-09-02 15:23:00 Last shutdown cause: 0 - Power loss
2018-09-01 23:42:29 JavaAppletPlugin.plugin Hang [Open]

Infine facendo alcune ricerche su internet io sono riuscito a trovare un paio di articoli qui i link:

1) https://www.hdblog.it/2018/08/24/applej ... c-windows/
2) https://cryptodisrupt.com/applejesus-hi ... irst-time/

Ancora grazie del tuo prezioso aiuto e spero che le info che ti ho dato ti possano essere utili a capire qualcosa di più sul mio problema dei miei mac.

Buona serata.
Scasi_1980.

Ciao Scasi_1980,
scusa ma non sono più intervenuta in questa tua problematica perché vedo che ti seguono (Fragrua e Faxus) che sono più competenti di me sicuramente.
Good Day.
And

[faxus]

Sotto la voce Clean up sono elencati dei file orfani di applicazione o superstiti di precedenti installazioni poi ripetute.
Devi eliminarli

Codice: Seleziona tutto

sudo rm -rf /Library/LaunchAgents/com.teamviewer.teamviewer.plist /Library/LaunchAgents/com.teamviewer.teamviewer_desktop.plist /Library/LaunchDaemons/com.teamviewer.teamviewer_service.plist /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist

Ti consiglierei anche di eseguire una ricerca con EasyFind su quei nomi Teamviewer e Wireshark in cerca di altri residui.
Anche sulle FAQ dei rispettivi siti.

La versione di Soundflower è obsoleta, disinstalla ed aggiorna.

Disinstalla Malwarebytes, non è più un antimalware ma uno stupido e dannoso antivirus.

Abbiamo già detto dell’opportunità di disinstallare e non usare ClamXav.

Hai dei residui non disinstallati di precedenti versioni Java.
Dovresti provvedere a disinstallarli, parti da qui
https://www.java.com/it/download/faq/java_mac.xml

A mio parere non abiliterei la protezione TechTool, troppo impegno per tanto poco, ma è opinabile…

Quanto sopra e tante applicazioni che si intravedono.
Con abilitazione automatica degli aggiornamenti o dei plugin attivi.
Affaticano il sistema in cambio di molto poco.

Che non facciano bene è dimostrato dall’uso fuori norma della memoria di scambio.
E dai continui crolli di applicazioni che normalmente funzionano senza intoppi.
Quegli elementi, presi uno per uno non sono significativi, tutti insieme lo sono.

Quindi ti consiglio una revisione severa di tanti strumenti attivi nel sistema.
Ci scommetterei che tanti si duplicano nelle funzioni.
A volte anche in funzioni inutili.

Quindi esegui OnyX
http://www.titanium.free.fr/onyx.html
Ed esegui solo quanto vedi spuntato nell’immagine


Fatto tutto questo esegui
DetectX
viewtopic.php?f=5&t=32846&start=570#p482447
E posta il risultato

[Scasi_1980]

Buongiorno a tutti\e,

Vi ringrazio per il supporto che mi state dando in merito a questa mia problematica. Andando ad eliminare il file lybnode.dylib dalle due Applicazioni ovvero Skype e NETGEAR Switch Discovery Tool, sembra che il Trojan non esiste più. La conseguenza negativa, è che eliminando tale file ovvero lybnode.dylib le Applicazioni non si avviano più.
Purtroppo però essendo Applicazioni scaricate dal sito dei relativi sviluppatori io mi chiedo come ho fatto a prendermi sto cavolo di Trojan

Vi chiedo pertanto di fare una prova se potete, se avete scaricato Skype dal sito dello sviluppatore potete fare una scansione con ClamXav e vedere se Vi risulta anche a Voi questo Trojan?

Ancora grazie delle risposte che riceverò e buona giornata a tutti/e.
Saluti.
Scasi_1980.