possibile malware?

Mac OS X e le sue Applicazioni

Moderatore: ModiMaccanici

ernojoker
Stato: Non connesso
Nuovo Maccanico
Nuovo Maccanico
Iscritto il: gio, 29 ago 2019 02:12
Messaggi: 1

Top

Ciao a tutti, è la prima volta che scrivo su un forum... mi trovo qui per una violazione dei dati (dropbox) e tentato accesso da gmail. Leggendovi ho scaricato Etrecheck e fatto la scansione, c'è qualcuno (ovviamente non io) che ne capisce qualcosa di più e mi può dare una mano?

Ecco il report:

EtreCheck version: 5.3.3 (5036)
Report generated: 2019-08-29 01:54:59
Download EtreCheck from https://etrecheck.com
Runtime: 2:31
Performance: Good
Sandbox: Enabled
Full drive access: Disabled

Problem: No problem - just checking
Description:
Malware

Major Issues:
Anything that appears on this list needs immediate attention.
No Time Machine backup - Time Machine backup not found.
More than one antivirus app - This machine has multiple antivirus apps installed.

Minor Issues:
These issues do not need immediate attention but they may indicate future problems or opportunities for improvement.
Configuration profiles present - This machine has configuration profiles. These are sometimes used by adware and malware.
Clean up - There are orphan files that could be removed.
Unsigned files - There are unsigned software files installed. They appear to be legitimate but should be reviewed.
Limited drive access - More information may be available with Full Drive Access.

Hardware Information:
MacBook Pro (15-inch, 2016)
MacBook Pro Model: MacBookPro13,3
1 2,6 GHz Intel Core i7 (i7-6700HQ) CPU: 4-core
16 RAM - Not upgradeable
BANK 0/DIMM0 - 8 GB LPDDR3 2133  ok
BANK 1/DIMM0 - 8 GB LPDDR3 2133  ok
Battery: Health = Normal - Cycle count = 319

Video Information:
Intel HD Graphics 530 - VRAM: 1536 MB
Color LCD 3360 x 2100
AMD Radeon Pro 450 - VRAM: 2 GB

Drives:
disk0 - APPLE SSD SM0256L 251.00 GB (Solid State - TRIM: Yes)
Internal PCI-Express 8.0 GT/s x4 NVM Express
disk0s1 - EFI [EFI] 315 MB
disk0s2 [APFS Container] 250.69 GB
disk1 [APFS Virtual drive] 250.69 GB (Shared by 4 volumes)
disk1s1 - Macintosh HD (APFS) (Shared - 161.05 GB used)
disk1s2 - Preboot (APFS) [APFS Preboot] (Shared)
disk1s3 - Recovery (APFS) [Recovery] (Shared)
disk1s4 - VM (APFS) [APFS VM] (Shared - 1.07 GB used)

Mounted Volumes:
disk1s1 - Macintosh HD
250.69 GB (Shared - 161.05 GB used - 87.34 GB free)
APFS
Mount point: /

disk1s4 - VM [APFS VM]
250.69 GB (Shared - 1.07 GB used - 87.34 GB free)
APFS
Mount point: /private/var/vm

Network:
Interface en7: iPhone
Interface en0: Wi-Fi
802.11 a/b/g/n/ac
Proxy Auto Discovery
Interface en6: Bluetooth PAN
Interface bridge0: Thunderbolt Bridge

System Software:
macOS Mojave 10.14.5 (18F132)
Time since boot: About 4 hours

Configuration Profiles:
This computer has configuration profiles installed.

Notifications:
Notifications not available without Full Drive Access.

Security:
System Status
Gatekeeper: Enabled
System Integrity Protection: Enabled

Antivirus apps: Bitdefender, CleanMyMac, and MalwareBytes

Unsigned Files:
Launchd: ~/Library/LaunchAgents/com.google.keystone.agent.plist
Executable: ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded
Details: Exact match found in the whitelist - probably OK

Launchd: ~/Library/LaunchAgents/com.google.keystone.xpcservice.plist
Executable: ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost
Details: Exact match found in the whitelist - probably OK

Launchd: ~/Library/LaunchAgents/com.macpaw.CleanMyMac4.HealthMonitor.plist
Executable: ~/Library/Application Support/CleanMyMac X/CleanMyMac X HealthMonitor.app/Contents/MacOS/CleanMyMac X HealthMonitor
Details: Exact match found in the whitelist - probably OK

Launchd: ~/Library/LaunchAgents/com.dropbox.DropboxMacUpdate.agent.plist
Executable: ~/Library/Dropbox/DropboxMacUpdate.app/Contents/MacOS/DropboxMacUpdate -check periodic
Details: Exact match found in the whitelist - probably OK

Kernel Extensions:
/Library/Application Support/Malwarebytes/MBAM/Kext
MB_MBAM_Protection.kext (3.9 - SDK 10.10)

/Library/Extensions
Dropbox.kext (1.10.3 - SDK 10.14)

System Launch Agents:
[Not Loaded] 15 Apple tasks
[Loaded] 158 Apple tasks
[Running] 128 Apple tasks

System Launch Daemons:
[Not Loaded] 36 Apple tasks
[Loaded] 174 Apple tasks
[Running] 125 Apple tasks

Launch Agents:
[Other] com.bitdefender.antivirusformac.plist (? 17d3b6ae - installed 2016-07-01)
[Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2019-08-12)
[Running] com.ugee.MsgDisplay.plist (? ab70be93 - installed 2019-05-11)
[Running] com.ugee.UgeePenTabletInfo.plist (lin jiang - installed 2018-06-01)
[Running] com.ugee.pentablet.plist (? e4f98d53 - installed 2019-06-22)

Launch Daemons:
[Loaded] com.bitdefender.AuthHelperTool.plist (Bitdefender SRL - installed 2016-07-01)
[Loaded] com.bitdefender.upgrade.plist (Bitdefender SRL - installed 2016-07-01)
[Loaded] com.macpaw.CleanMyMac4.Agent.plist (MacPaw Inc. - installed 2018-10-30)
[Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2019-08-27)
[Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2019-08-12)

User Launch Agents:
[Loaded] com.dropbox.DropboxMacUpdate.agent.plist (? 0 - installed 2019-08-22)
[Loaded] com.google.keystone.agent.plist (? 0 - installed 2019-07-10)
[Loaded] com.google.keystone.xpcservice.plist (? 0 - installed 2019-07-10)
[Running] com.macpaw.CleanMyMac4.HealthMonitor.plist (? 0 - installed 2018-10-30)
[Other] mega.mac.megaupdater.plist (? 0 - installed 2019-08-20)

User Login Items:
CleanMyMac X Menu.app (MacPaw Inc. - installed 2018-10-30)
(Application - /Applications/CleanMyMac X.app/Contents/MacOS/CleanMyMac X Menu.app)

Dropbox.app (Dropbox, Inc. - installed 2019-08-27)
(Application - /Applications/Dropbox.app)

Internet Plug-ins:
AdobeAAMDetect: 3.0.0.0 (Adobe Systems, Inc. - installed 2018-04-26)
FlashPlayer-10.6: 30.0.0.154 (Adobe Systems, Inc. - installed 2018-09-08)
DivX Web Player: 3.8.6.14 (? - installed 2018-01-18)
AdobePDFViewerNPAPI: 17.012.20098 (Adobe Systems, Inc. - installed 2019-05-21)
AdobePDFViewer: 19.010.20099 (Adobe Systems, Inc. - installed 2019-05-21)
Flash Player: 30.0.0.154 (Adobe Systems, Inc. - installed 2018-09-08)
Silverlight: 5.1.50901.0 (? - installed 2018-05-02)

Audio Plug-ins:
AirPlay: 2.0 (Apple - installed 2019-05-23)
BridgeAudioSP: 5.46 (Apple - installed 2019-05-23)
iSightAudio: 7.7.3 (Apple - installed 2019-05-23)
ACE: 9.1.2 (Rogue Amoeba Software, LLC - installed 2018-10-26)
AppleAVBAudio: 740.1 (Apple - installed 2019-05-23)
BluetoothAudioPlugIn: 6.0.12 (Apple - installed 2019-05-23)
AppleTimeSyncAudioClock: 1.0 (Apple - installed 2019-05-23)

3rd Party Preference Panes:
Flash Player (installed 2018-07-28)

Time Machine:
Time Machine Not Configured!

Performance:
System Load: 1.52 (1 min ago) 1.65 (5 min ago) 1.85 (15 min ago)
Nominal I/O speed: 1.28 MB/s
File system: 66.87 seconds
Write speed: 1209 MB/s
Read speed: 2401 MB/s

CPU Usage Snapshot:
Type Overall
System 2 %
User 5 %
Idle 94 %

Top Processes Snapshot by CPU:
Process (count) CPU (Source - Location)
Other processes 41.12 % (?)
EtreCheck 6.23 % (App Store)
CleanMyMac X HealthMonitor 1.34 % (? - ~/Library/Application Support/CleanMyMac X/CleanMyMac X HealthMonitor.app)
accountsd 0.91 % (Apple)
CleanMyMac X Menu 0.54 % (MacPaw Inc.)

Top Processes Snapshot by Memory:
Process (count) RAM usage (Source - Location)
EtreCheck 557 MB (App Store)
CleanMyMac X 412 MB (MacPaw Inc.)
App Store 394 MB (Apple)
Dropbox 352 MB (Dropbox, Inc.)
Safari 289 MB (Apple)

Top Processes Snapshot by Network Use:
Process (count) Input / Output (Source - Location)
Other processes 1009 KB / 501 KB (?)
Dropbox 427 KB / 335 KB (Dropbox, Inc.)
Mail 23 KB / 7 KB (Apple)
firefox 13 KB / 3 KB (Mozilla Corporation)
SystemUIServer 0 B / 648 B (Apple)

Virtual Memory Information:
Physical RAM: 16 GB

Free RAM: 1.99 GB
Used RAM: 8.61 GB
Cached files: 5.41 GB

Available RAM: 7.39 GB
Swap Used: 0 B

Software Installs (past 30 days):
Install Date Name (Version)
2019-08-18 MRTConfigData (1.48)
2019-08-26 Gatekeeper Configuration Data (181)
2019-08-27 Bitdefender Antivirus for Mac
2019-08-27 Malwarebytes for Mac
2019-08-29 EtreCheck (5.3.3)

Clean up:
~/Library/LaunchAgents/mega.mac.megaupdater.plist
/Applications/MEGAsync.app/Contents/MacOS/MEGAupdater
Executable not found
/Library/LaunchAgents/com.bitdefender.antivirusformac.plist
/Library/Bitdefender/AVP/AntivirusforMac.app/Contents/MacOS/AntivirusforMac
Executable not found


Diagnostics Information (past 7 days):
Directory /Library/Logs/DiagnosticReports is not accessible.
Enable Full Drive Access to see more information.

End of report

Avatar utente
Kernel Panic
Stato: Non connesso
Software Expert Gold
Software Expert Gold
Avatar utente
Iscritto il: sab, 08 gen 2011 14:03
Messaggi: 31268
Località: Sicilia

Top

Non vedo tracce di malware nel tuo Mac, in compenso hai tre antivirus (o aspiranti tali) installati sul tuo Mac, rimuovili completamente tutti e tre, fanno più danni che altro.

Dagli Internet Plugin rimuovi DivX Web Player, Silverlight e i due Flash Player (che come minimo andrebbero aggiornati).

Vedi di eliminare almeno in parte i files "orfani".

Aggiorna il tuo sistema alla versione 10.14.6, magari tramite Combo update >>> https://support.apple.com/kb/DL2010?locale=it_IT
Ultima modifica di Kernel Panic il gio, 29 ago 2019 16:25, modificato 1 volta in totale.

Avatar utente
Paolofast
Stato: Non connesso
Expert
Expert
Avatar utente
Iscritto il: dom, 07 gen 2018 20:00
Messaggi: 5564

Top

Kernel Panic ha scritto:
gio, 29 ago 2019 06:17
i due Flash Player (che come minimo andrebbero aggiornati).
Dialogo recente tra me ed un mio "assistito":
Io: "Dovresti disinstallare completamente Flash, ormai non serve più a nulla e non ha senso tenersi tutti i suoi casini se non serve."
Assistito: "Ma se poi vado su un sito che lo richiede?"
Io: "Ormai lo usano solo i siti che installano malware, rubano dati e fanno altri crimini informatici vari."
Assistito: "Sicuro?"
Io: "Sì, anche YouPorn è passato a HTML5."
Assistito: "Ah! Okay, lo tolgo."
*
*
“Non so tutto, so solo quello che conosco” Hanekawa Tsubasa.

Avatar utente
Alberto.G
Stato: Non connesso
Pro-Expert 
Pro-Expert 
Avatar utente
Iscritto il: dom, 22 gen 2017 20:34
Messaggi: 3088
Località: Fvg

Top

ernojoker ha scritto:
gio, 29 ago 2019 02:14
Ciao a tutti, è la prima volta che scrivo su un forum... mi trovo qui per una violazione dei dati (dropbox) e tentato accesso da gmail. Leggendovi ho scaricato Etrecheck e fatto la scansione, c'è qualcuno (ovviamente non io) che ne capisce qualcosa di più e mi può dare una mano?
....
Oltre a quanto ti ha già correttamente scritto Kernel Panic, aggiungo anch'io qualcosa di importante.
Da parecchi mesi su questo Forum viene caldamente consigliato, al posto di EtreCheck, l’utilizzo di DetectX Swift (un software gratuito) che esegue una scansione anti-adware/anti-malware con eliminazione di piccoli problemi e una più approfondita analisi di sistema, da scaricare da qui:
https://sqwarq.com/detectx/

Senz’altro DetectX Swift ti segnalerà ancor meglio gli eventuali adware/malware.
Gli adware/malware potranno essere rimossi proprio con questo software.

iMac (Retina 4K, 21.5-inch, Late 2015) Mod.16,2 - Processore 3,1 GHz Intel Core i5 (i5-5675R) CPU 4-core
Memoria 8 GB 1867 MHz DDR3 - Scheda grafica Intel Iris Pro Graphics 6200 1536 MB
sistema presente: macOS MONTEREY versione 12.7.4 (21H1123) dal 08/03/2024 ore 09:29

antoniotrevi
Stato: Non connesso
Apprendista Maccanico
Apprendista Maccanico
Iscritto il: ven, 16 set 2016 03:56
Messaggi: 53

Top

ciao. Ho scaricato la versione prova di questo programma. Prova perchè la versione anche home è a pagamento.

Rispondi

Torna a “Software”

Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti