Troubleshoot Do I have malware?

Infected operating system
Mac OSX
Infected device issues
Might have malware
Browsers affected by infection
  1. Safari
  2. Chrome

Juliasand

New Member
Thread author
Dec 23, 2019
1
I've had different vague signs of remote monitoring. Can you have a look at the EtreCheck and see if something is up?
FYI: I suddenly had TWO different Onedrive applications, so I deleted them both. But Onedrive is still showing up in the EtreCheck report as the only unsigned file not found on the white list.

EtreCheck version: 5.4.8 (5091)


Report generated: 2019-12-23 22:24:44


Download EtreCheck from EtreCheck


Runtime: 2:32


Performance: Excellent


Sandbox: Enabled


Full drive access: Disabled


Problem:
Other problem


Major Issues:

Anything that appears on this list needs immediate attention.


No Time Machine backup - Time Machine backup not found.


Runaway process - A process is using a large percentage of your CPU.


Unsigned files - There are unsigned software files installed that could be adware and should be reviewed.


System Integrity Protection disabled - System Integrity Protection is disabled. This computer is at risk of malware infection.


Apple security disabled - Apple security software is disabled. This computer is at risk of malware infection.


More than one antivirus app - This machine has multiple antivirus apps installed.


Minor Issues:

These issues do not need immediate attention but they may indicate future problems or opportunities for improvement.


System modifications - There are a large number of system modifications running in the background.


32-bit Apps - This machine has 32-bits apps will not work on macOS 10.15 “Catalina”.


Limited drive access - More information may be available with Full Drive Access.


Hardware Information:

MacBook Pro (13-inch, 2018-2019, Four Thunderbolt 3 ports)
MacBook Pro Model: MacBookPro15,2
1 2,3 GHz Quad-Core Intel Core i5 (i5-8259U) CPU: 4-core
8 GB RAM - Not upgradeable
BANK 0/ChannelA-DIMM0 - 4 GB LPDDR3 2133
BANK 2/ChannelB-DIMM0 - 4 GB LPDDR3 2133
Battery: Health = Normal - Cycle count = 187

Video Information:

Intel Iris Plus Graphics 655 - VRAM: 1536 MB
Color LCD (built-in) 2880 x 1800

Drives:

disk0 - APPLE SSD AP0256M 251.00 GB (Solid State - TRIM: Yes)
Internal PCI-Express 8.0 GT/s x4 NVM Express
disk0s1 - EFI [EFI] 315 MB
disk0s2 [APFS Container] 250.69 GB
disk1 [APFS Virtual drive] 250.69 GB (Shared by 5 volumes)
disk1s1 - M*****************a (APFS) [APFS Virtual drive] (Shared - 99.03 GB used)
disk1s2 - Preboot (APFS) [APFS Preboot] (Shared)
disk1s3 - Recovery (APFS) [Recovery] (Shared)
disk1s4 - VM (APFS) [APFS VM] (Shared - 5.37 GB used)
disk1s5 - Macintosh HD (APFS) (Shared - 10.71 GB used)

Mounted Volumes:

disk1s1 - M*****************a [APFS Virtual drive]
250.69 GB (Shared - 99.03 GB used, 144.40 GB available, 134.29 GB free)
APFS
Mount point: /System/Volumes/Data
Encrypted

disk1s4 - VM [APFS VM]
250.69 GB (Shared - 5.37 GB used, 134.29 GB free)
APFS
Mount point: /private/var/vm
Encrypted

disk1s5 - Macintosh HD
250.69 GB (Shared - 10.71 GB used, 144.40 GB available, 134.29 GB free)
APFS
Mount point: /
Encrypted
Read-only: Yes

disk2s1 - S************1
409 MB (405 MB used, 3 MB free)
Mac OS Extended
Disk Image
Mount point: /Volumes/S************1
Owners enabled: No
Read-only: Yes

disk3s1 - A***********s
25 MB (21 MB used, 4 MB free)
Mac OS Extended
Disk Image
Mount point: /Volumes/A***********s
Owners enabled: No
Read-only: Yes

disk4s2 - Flash Player
24 MB (24 MB used)
Mac OS Extended
Disk Image
Mount point: /Volumes/Flash Player
Owners enabled: No
Read-only: Yes

disk5s2 - M*****n
34 MB (21 MB used, 13 MB free)
Mac OS Extended
Disk Image
Mount point: /Volumes/M*****n
Owners enabled: No
Read-only: Yes

disk6s2 - M*********b
100 MB (100 MB used)
Mac OS Extended
Disk Image
Mount point: /Volumes/M*********b
Owners enabled: No
Read-only: Yes

Network:

Interface en7: USB-C Dock Ethernet
Interface en8: ThinkPad TBT3 LAN
Interface en11: USB 10/100/1000 LAN
Interface en0: Wi-Fi
802.11 a/b/g/n/ac
Interface en10: iPhone
Interface en6: Bluetooth PAN
Interface bridge0: Thunderbolt Bridge
Interface en9: Apple USB Ethernet Adapter
Interface en12: iPhone 2

System Software:

macOS Catalina 10.15.1 (19B88)
Time since boot: About 20 days

Notifications:

Notifications not available without Full Drive Access.

Security:


Gatekeeper: Enabled


System Integrity Protection: Disabled



Antivirus software: AVG, SecureMac, and Malwarebytes


Unsigned Files:

Launchd: /Library/LaunchDaemons/com.avg.uninstall.plist
Executable: /Library/Application Support/AVGAntivirus/autouninstall/autouninstall.sh
Details: Exact match found in the whitelist - probably OK

Launchd: ~/Library/LaunchAgents/com.google.keystone.xpcservice.plist
Executable: ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost
Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.microsoft.OneDriveStandaloneUpdaterDaemon.plist
Executable: /Applications/OneDrive.app/Contents/StandaloneUpdaterDaemon.xpc/Contents/MacOS/StandaloneUpdaterDaemon

Launchd: /Library/LaunchDaemons/com.avg.update.plist
Executable: /Applications/AVGAntivirus.app/Contents/Backend/scripts/update/update.sh
Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.avg.hub.schedule.plist
Executable: /Library/Application Support/AVGHUB/com.avg.hub.app/Contents/scripts/schedule.sh --ttl 14400
Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.microsoft.OneDriveStandaloneUpdater.plist
Executable: /Applications/OneDrive.app/Contents/StandaloneUpdater.app/Contents/MacOS/OneDriveStandaloneUpdater
Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.avg.userinit.plist
Executable: /Applications/AVGAntivirus.app/Contents/Backend/hub/userinit.sh
Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.microsoft.OneDriveUpdaterDaemon.plist
Executable: /Applications/OneDrive.app/Contents/OneDriveUpdaterDaemon.xpc/Contents/MacOS/OneDriveUpdaterDaemon
Details: Exact match found in the whitelist - probably OK

Launchd: /Library/Application Support/AVGHUB/com.avg.hub.app/Contents/scripts/com.avg.hub.schedule.plist
Executable: /Library/Application Support/AVGHUB/com.avg.hub.app/Contents/scripts/schedule.sh --ttl 14400
Details: Exact match found in the whitelist - probably OK

Launchd: ~/Library/LaunchAgents/com.google.keystone.agent.plist
Executable: ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded
Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.avg.init.plist
Executable: /Applications/AVGAntivirus.app/Contents/Backend/hub/init.sh
Details: Exact match found in the whitelist - probably OK

Login Item: /Applications/MacScan.app/Contents/Library/LoginItems/com.securemac.MacScanAgent.app

32-bit Applications:

5 32-bit apps

Kernel Extensions:

/Applications/AVGAntivirus.app
AVGFileShield.kext (AVG Technologies CZ, s.r.o., 4.0.0 - SDK 10.12)
AVGPacketForwarder.kext (AVG Technologies CZ, s.r.o., 2.1 - SDK 10.12)

/Library/Extensions
Dropbox.kext (Dropbox, Inc., 1.10.3 - SDK 10.14)

System Launch Agents:

[Not Loaded] 18 Apple tasks


[Loaded] 147 Apple tasks


[Running] 144 Apple tasks


[Other] One Apple task


System Launch Daemons:

[Not Loaded] 36 Apple tasks


[Loaded] 165 Apple tasks


[Running] 134 Apple tasks


[Other] One Apple task


Launch Agents:

[Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Systems, Inc. - installed 2019-08-22)


[Loaded] com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2019-09-30)


[Running] com.adobe.GC.AGM.plist (Adobe Systems, Inc. - installed 2019-10-25)


[Not Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2019-10-25)


[Not Loaded] com.avg.hub.plist (AVG Technologies CZ, s.r.o. - installed 2019-12-20)


[Loaded] com.avg.userinit.plist (? 3ed33f6f - installed 2019-12-20)


[Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2019-11-18)


[Loaded] com.microsoft.OneDriveStandaloneUpdater.plist (? b97e8726 - installed 2019-07-23)


[Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2019-11-14)


[Not Loaded] com.teamviewer.teamviewer.plist (TeamViewer GmbH - installed 2019-07-25)


[Not Loaded] com.teamviewer.teamviewer_desktop.plist (TeamViewer GmbH - installed 2019-07-25)


Launch Daemons:

[Running] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2019-08-22)


[Running] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2019-08-22)


[Running] com.adobe.acc.installer.v2.plist (Adobe Systems, Inc. - installed 2019-09-30)


[Loaded] com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2019-10-25)


[Loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2019-11-22)


[Not Loaded] com.avg.hub.schedule.plist (? a81c8beb - installed 2019-12-20)


[Not Loaded] com.avg.hub.xpc.plist (AVG Technologies CZ, s.r.o. - installed 2019-12-20)


[Loaded] com.avg.init.plist (? b7d61217 - installed 2019-12-20)


[Loaded] com.avg.uninstall.plist (? 70fb3cd - installed 2019-12-20)


[Loaded] com.avg.update.plist (? 3d634b49 - installed 2019-12-20)


[Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2019-12-19)


[Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2019-11-18)


[Running] com.microsoft.OneDriveStandaloneUpdaterDaemon.plist (? 1a4f628 - installed 2019-07-25)


[Loaded] com.microsoft.OneDriveUpdaterDaemon.plist (? a510a00 - installed 2019-07-23)


[Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2019-11-14)


[Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2019-07-15)


[Not Loaded] com.microsoft.teams.TeamsUpdaterDaemon.plist (? 0 - installed 2019-11-08)


[Loaded] com.securemac.MacScanDaemon.plist (? 2f2f5c03 - installed 2019-12-23)


[Loaded] com.teamviewer.Helper.plist (TeamViewer GmbH - installed 2019-07-03)


[Not Loaded] com.teamviewer.teamviewer_service.plist (TeamViewer GmbH - installed 2019-07-25)


User Launch Agents:

[Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2019-07-26)


[Loaded] com.adobe.ccxprocess.plist (Apple - installed 2019-08-21)


[Loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2019-10-14)


[Loaded] com.google.keystone.agent.plist (? 0 - installed 2019-12-04)


[Loaded] com.google.keystone.xpcservice.plist (? 0 - installed 2019-12-04)


User Login Items:

[Not Loaded] Any.do Login Helper (App Store - installed 2019-10-28)
Modern Login Item
/Applications/Any.do.app/Contents/Library/LoginItems/Any.do Login Helper.app

[Not Loaded] Day One Helper (App Store - installed 2019-12-03)
Modern Login Item
/Applications/Day One.app/Contents/Library/LoginItems/Day One Helper.app

[Not Loaded] LoginHelper (App Store - installed 2019-10-16)
Modern Login Item
/Applications/Go for Instagram.app/Contents/Library/LoginItems/LoginHelper.app

[Running] com.securemac.MacScanAgent (? - installed 2016-01-13)
Modern Login Item
/Applications/MacScan.app/Contents/Library/LoginItems/com.securemac.MacScanAgent.app

[Not Loaded] LaunchHelper (App Store - installed 2019-10-15)
Modern Login Item
/Applications/Mail for Gmail.app/Contents/Library/LoginItems/LaunchHelper.app

[Loaded] StartUpHelper (Spotify - installed 2019-11-28)
Modern Login Item
/Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app

[Running] WunderlistHelper (App Store - installed 2019-11-01)
Modern Login Item
/Applications/Wunderlist.app/Contents/Library/LoginItems/WunderlistHelper.app

[Not Loaded] HP Device Monitor (HP Inc. - installed 2019-04-30)
Modern Login Item
/Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpers/HP Device Monitor Manager.app/Contents/Library/LoginItems/HP Device Monitor.app

[Not Loaded] HP Product Research (HP Inc. - installed 2019-04-30)
Modern Login Item
/Library/Printers/hp/Utilities/HPPU Plugins/ProductImprovementStudy.hptask/Contents/Helpers/HP Product Research Manager.app/Contents/Library/LoginItems/HP Product Research.app

Internet Plug-ins:

AdobePDFViewerNPAPI: 17.012.20098 (Adobe Systems, Inc. - installed 2019-12-19)
AdobePDFViewer: 19.021.20061 (Adobe Systems, Inc. - installed 2019-12-19)
PepperFlashPlayer: 32.0.0.303 (Adobe Systems, Inc. - installed 2019-12-21)
AdobeAAMDetect: 3.0.0.0 (Adobe Systems, Inc. - installed 2019-09-30)

3rd Party Preference Panes:

Flash Player (installed 2019-11-22)

Time Machine:

Time Machine Not Configured!

Performance:


System Load: 9.89 (1 min ago) 4.81 (5 min ago) 3.82 (15 min ago)
Nominal I/O speed: 1.16 MB/s
File system: 26.43 seconds
Write speed: 1077 MB/s
Read speed: 2922 MB/s

CPU Usage Snapshot:

Type Overall


System 11 %


User 21 %


Idle 68 %


Top Processes Snapshot by CPU:

Process (count) CPU (Source - Location)


Other processes 149.21 % (?)


Console 38.54 % (Apple)


Google Chrome 18.56 % (Google, Inc.)


Google Chrome Helper (GPU).app 17.86 % (Google, Inc.)


Activity Monitor 7.17 % (Apple)


Top Processes Snapshot by Memory:

Process (count) RAM usage (Source - Location)


EtreCheck 534 MB (App Store)


Console 284 MB (Apple)


Google Chrome 275 MB (Google, Inc.)


Activity Monitor 175 MB (Apple)


Google Chrome Helper (GPU).app 137 MB (Google, Inc.)


Top Processes Snapshot by Network Use:

Process Input / Output (Source - Location)


Other processes 161 MB / 20 MB (?)


rapportd 10 KB / 17 KB (Apple)


SystemUIServer 0 B / 7 KB (Apple)


PowerChime 634 B / 2 KB (Apple)


homed 0 B / 0 B (Apple)


Virtual Memory Information:

Physical RAM: 8 GB


Free RAM: 20 MB


Used RAM: 6.63 GB


Cached files: 1.35 GB


Available RAM: 1.37 GB


Swap Used: 2.75 GB


Software Installs (past 30 days):

Install Date Name (Version)


2019-12-03 Day One (4.3.1)


2019-12-08 OneDrive (19.192.0926)


2019-12-11 Microsoft Excel


2019-12-11 Microsoft OneNote


2019-12-11 Microsoft Outlook


2019-12-12 Adobe Acrobat DC (19.021.20058)


2019-12-13 XProtectPlistConfigData (2110)


2019-12-13 MRTConfigData (1.51)


2019-12-15 Microsoft Word


2019-12-15 Microsoft PowerPoint


2019-12-19 Adobe Acrobat DC (19.021.20061)


2019-12-19 Malwarebytes for Mac


2019-12-20 AVG AntiVirus (19.4)


2019-12-20 AVGHUB


2019-12-20 Bitdefender Virus Scanner (3.15)


2019-12-21 Adobe Pepper Flash Player


2019-12-23 EtreCheck (5.4.8)


Diagnostics Information (past 7-30 days):

Directory /Library/Logs/DiagnosticReports is not accessible.
Enable Full Drive Access to see more information.

End of report
 

Attachments

  • Skjermbilde 2019-12-23 kl. 22.29.34.png
    Skjermbilde 2019-12-23 kl. 22.29.34.png
    91.3 KB · Views: 443

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top