harsyra

Strange things.. When I downloaded Malwarebytes to my download folder hidden files generated automaticly in the folder named something like .ignmwb and when I downloded firefox i couldn't go to malwarebytes.com. When I wanted to install homebrew it installed and then uninstalled itself and installed a sissy version. I lost sudo privileges and so on. When i tried to reinstall macOS it didn't contact apple but intstalled itself from a local partition hidden Volumes to reset all settings i had too erase everything from recovery terminal with dd command. Okey "mystery drive and it ends in -Data" thanks then i understand that.

I ran an Etrecheck rapport and this is how it turned out, do you find anything suspisious in it? I don't understand why i have so many drives? And what is "disk1s1 - R***********a (APFS) [APFS Virtual drive] (Shared - 112.59 GB used)"??? EtreCheck version: 5.7.2 (5247) Report generated: 2022-02-09 20:39:31 Download EtreCheck from https://etrecheck.com Runtime: 2:40 Performance: Excellent Sandbox: Enabled Full drive access: Enabled Problem: Other problem Description: Strange things is happening!! Major Issues: Anything that appears on this list needs immediate attention. No Time Machine backup - Time Machine backup not found. Runaway process - A process is using a large percentage of your CPU. Minor Issues: These issues do not need immediate attention but they may indicate future problems or opportunities for improvement. Heavy network usage - This computer has recently restarted and has high network usage. Apps with heavy CPU usage - There have been numerous cases of apps with heavy CPU usage. Heavy I/O usage - Your system is under heavy I/O use. This will reduce your performance. Hardware Information: MacBook Pro (13-inch, 2019, Two Thunderbolt 3 ports) MacBook Pro Model: MacBookPro15,4 1,4 GHz Quad-Core Intel Core i5 (i5-8257U) CPU: 4-core 8 GB RAM - Not upgradeable BANK 0/ChannelA-DIMM0 - 4 GB LPDDR3 2133 BANK 2/ChannelB-DIMM0 - 4 GB LPDDR3 2133 Battery: Health = Normal - Cycle count = 53 Video Information: Intel Iris Plus Graphics 645 - VRAM: 1536 MB Color LCD (built-in) 2880 x 1800 Drives: disk0 - APPLE SSD AP0256N 251.00 GB (Solid State - TRIM: Yes) Internal PCI-Express 8.0 GT/s x4 NVM Express disk0s1 - EFI [EFI] 315 MB disk0s2 [APFS Container] 250.69 GB disk1 [APFS Virtual drive] 250.69 GB (Shared by 6 volumes) disk1s1 - R***********a (APFS) [APFS Virtual drive] (Shared - 112.59 GB used) disk1s2 - Preboot (APFS) [APFS Preboot] (Shared - 273 MB used) disk1s3 - Recovery (APFS) [Recovery] (Shared) disk1s4 - VM (APFS) [APFS VM] (Shared - 1.07 GB used) disk1s5 (APFS) [APFS Container] (Shared) disk1s5s1 - R****m (APFS) [APFS Snapshot] (Shared - 15.75 GB used) disk1s6 - Update (APFS) (Shared - 717 KB used) Mounted Volumes: disk1s1 - R***********a [APFS Virtual drive] 250.69 GB (Shared - 112.59 GB used, 146.88 GB available, 119.77 GB free) APFS Mount point: /System/Volumes/Data Encrypted disk1s2 - Preboot [APFS Preboot] 250.69 GB (Shared - 273 MB used, 119.77 GB free) APFS Mount point: /System/Volumes/Preboot disk1s4 - VM [APFS VM] 250.69 GB (Shared - 1.07 GB used, 119.77 GB free) APFS Mount point: /System/Volumes/VM disk1s5s1 - R****m [APFS Snapshot] 250.69 GB (Shared - 15.75 GB used, 146.88 GB available, 119.77 GB free) APFS Mount point: / Read-only: Yes disk1s6 - Update 250.69 GB (Shared - 717 KB used, 119.77 GB free) APFS Mount point: /System/Volumes/Update Network: Interface en0: Wi-Fi 802.11 a/b/g/n/ac Interface bridge0: Thunderbolt Bridge System Software: 12.2 12.2 (21D49) Time since boot: About an hour Notifications: EtreCheck.app one notification Little Snitch Agent.app 5 notifications Security: Gatekeeper: Enabled System Integrity Protection: Enabled Antivirus software: Apple and Malwarebytes System Extensions: [Running] Little Snitch Network Extension - version 5.3.2 (Objective Development Software GmbH - 2021-11-16) Application: /Applications/Little Snitch.app - version 5.3.2 (Objective Development Software GmbH - 2021-11-16) Description: This system extension enables Little Snitch to filter network traffic. [Running] Little Snitch Endpoint Security - version 5.3.2 (Objective Development Software GmbH - 2021-11-16) Application: /Applications/Little Snitch.app - version 5.3.2 (Objective Development Software GmbH - 2021-11-16) Description: Little Snitch Endpoint Security System Launch Agents: [Not Loaded] 15 Apple tasks [Loaded] 206 Apple tasks [Running] 128 Apple tasks [Other] One Apple task System Launch Daemons: [Not Loaded] 37 Apple tasks [Loaded] 190 Apple tasks [Running] 149 Apple tasks [Other] One Apple task Launch Agents: [Running] at.obdev.littlesnitch.agent.plist (Objective Development Software GmbH - installed 2022-02-07) [Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2022-02-07) Launch Daemons: [Running] at.obdev.littlesnitch.daemon.plist (Objective Development Software GmbH - installed 2022-02-07) [Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2022-02-08) [Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2022-02-07) [Running] net.mullvad.daemon.plist (Amagicom AB - installed 2022-02-07) [Loaded] us.zoom.ZoomDaemon.plist (Zoom Video Communications, Inc. - installed 2022-02-08) User Login Items: [Not Loaded] Bitwarden Login Helper (App Store - installed 2022-02-07) Modern Login Item /Applications/Bitwarden.app/Contents/Library/LoginItems/Bitwarden Login Helper.app [Running] Malwarebytes Browser Guard Updater (App Store - installed 2022-02-07) Modern Login Item /Applications/Malwarebytes Browser Guard.app/Contents/Library/LoginItems/Malwarebytes Browser Guard Updater.app [Not Loaded] Micro Snitch Open At Login Helper (App Store - installed 2022-02-07) Modern Login Item /Applications/Micro Snitch.app/Contents/Library/LoginItems/Micro Snitch Open At Login Helper.app [Not Loaded] LaunchAtLoginHelper (App Store - installed 2022-02-07) Modern Login Item /Applications/TextSniper.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app Backup: Time Machine Not Configured! Performance: System Load: 5.72 (1 min ago) 7.91 (5 min ago) 5.90 (15 min ago) Nominal I/O speed: 35.29 MB/s File system: 40.96 seconds Write speed: 1230 MB/s Read speed: 1522 MB/s CPU Usage Snapshot: Type Overall System: 8 % User: 9 % Idle: 83 % Top Processes Snapshot by CPU: Process (count) CPU (Source - Location) Other processes 122.39 % (?) EtreCheck 11.48 % (App Store) trustd 1.98 % (Apple) Malwarebytes Browser Guard 1.33 % (App Store) iconservicesagent 0.26 % (Apple) Top Processes Snapshot by Memory: Process (count) RAM usage (Source - Location) EtreCheck 412 MB (App Store) Malwarebytes Browser Guard 60 MB (App Store) AppleSpell 50 MB (Apple) ControlCenter 38 MB (Apple) NotificationCenter 34 MB (Apple) Top Processes Snapshot by Network Use: Process Input / Output (Source - Location) Other processes 3.65 GB / 745 MB (?) backgroundtaskmanagementagent 0 B / 0 B (Apple) UsageTrackingAgent 0 B / 0 B (Apple) mediaremoteagent 0 B / 0 B (Apple) cfprefsd 0 B / 0 B (Apple) Virtual Memory Information: Physical RAM: 8 GB Free RAM: 62 MB Used RAM: 5.76 GB Cached files: 2.18 GB Available RAM: 2.24 GB Swap Used: 18 MB Software Installs (past 30 days): Install Date Name (Version) 2022-02-07 macOS 12.2 (12.2) 2022-02-07 XProtectPlistConfigData (2155) 2022-02-07 MRTConfigData (1.88) 2022-02-07 Micro Snitch (1.5) 2022-02-07 StopTheMadness (26.1) 2022-02-07 TextSniper (1.7.0) 2022-02-07 DaisyDisk (4.21.4) 2022-02-07 Things (3.15.12) 2022-02-07 EtreCheck (5.7.2) 2022-02-07 DuckDuckGo Privacy Essentials (1.4.6) 2022-02-07 Bitwarden (1.30.0) 2022-02-07 Mullvad VPN (2021.6.0) 2022-02-07 Malwarebytes Browser Guard (1.0.8) 2022-02-07 Internet Access Policy Viewer (1.0) 2022-02-07 PocketTube (11.0.9) 2022-02-07 Numbers (11.2) 2022-02-07 Pages (11.2) 2022-02-07 Keynote (11.2) 2022-02-08 Zoom (5.9.3.4239) 2022-02-08 YubiKey Manager (1.2.4) 2022-02-08 Malwarebytes for Mac (1.0) Diagnostics Information (past 7-30 days): 2022-02-09 16:20:47 photolibraryd - High CPU Use Executable: /System/Library/PrivateFrameworks/PhotoLibraryServices.framework/Versions/A/Support/photolibraryd 2022-02-09 15:58:03 bird - High CPU Use (2 times) Executable: /System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Support/bird 2022-02-09 15:14:01 OtherUsersStorageExtension - High CPU Use Executable: /System/Library/PrivateFrameworks/StorageManagement.framework/PlugIns/OtherUsersStorageExtension.appex/Contents/MacOS/OtherUsersStorageExtension 2022-02-09 14:18:39 WindowServer - High CPU Use Executable: /System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/WindowServer 2022-02-09 13:03:19 OBS.app - High CPU Use (3 times) Executable: /Applications/OBS.app 2022-02-08 19:08:07 RTProtectionDaemon.app - High CPU Use (3 times) Executable: /Library/Application Support/Malwarebytes/*/Engine.bundle/Contents/PlugIns/RTProtectionDaemon.app 2022-02-08 14:43:49 Safari.app - High CPU Use Executable: /Applications/Safari.app 2022-02-08 04:08:10 cloudd - High CPU Use Executable: /System/Library/PrivateFrameworks/CloudKitDaemon.framework/Support/cloudd 2022-02-07 21:05:52 photoanalysisd - High CPU Use Executable: /System/Library/PrivateFrameworks/PhotoAnalysis.framework/Versions/A/Support/photoanalysisd End of report

And now something strange happend again... or maybe its normal? Why do i have Malwarebytes Protection.app and Malwarebytes.app located in MBAM/Engine.bundle???

Hi, I erased everything from terminal in recovery mode, and a couple of times and I think it solved it but not the first time. The only thing left that I am suspicious about is the disk utility setup with snapshots looking like this. I don't now why there are three Redrum Volumes, but I believe its because I have a Macbook with T2 Intel setup. I would appreciate if you could verify that its correct or if it is something wrong? Best regards Mattias

Hi, I think my Macbook Pro is infected and that Malware bytes don't detect the infection. How can i verify that my computer is uninfected? Please help me, maybe I am just paranoid? But strange things happen and according to Little Snitch my computer contacts many weird web locations. /Mattias