Search the Community
Showing results for tags 'safari'.
Hi everyone this is my first post! Happy to have found this forum. I'm just starting to learn about malware removal. My main question is should I join AlienVault Open Threat Exchange? I'd like to be able to more easily identify threats that are found on my devices and network. The website is https://otx.alienvault.com . I'd also like to learn how to identify who an IP address belongs to and if it is safe. Below are details related to the malware on my iMac (Mojave 10.14.6. If anyone cares to delve in and comment on any of it, that would be fantastic. Thank you in advance. My Safari (v13.1) cache has 50+ websites in it that I have not navigated to, and if I delete each cache individually, some automatically come back. I've looked into a few of these cached sites, but am extremely hesitant to continue to go to these websites or even to google them to investigate because it may raise my risk of getting infected. I've run EasyFind (Devon Technologies app) searches on some of the websites in the cache, and it is not finding them despite searching all files and volumes. 1st run of the Premium trial of Malwarebytes found Crossrider, mitmproxy, a browser extension in Chrome (adware), several files and directories related to TopicLookup, and a couple other files and directories. Screenshot attached of quarantined items. Nothing else found since then and my trial has run out; should I upgrade to Premium? Flash Player was installed and updated multiple times from a 3rd party. This was over a year ago; I don't remember doing it but it updated monthly for some time. Adobe cannot find it on my iMac to uninstall it; I'm assuming that is because Flash Player was not installed from Adobe to begin with. I've started to manually find and delete the Flash files. Deleting Flash Player from the system preferences pane requires me to put in my admin password, which I haven't done yet (again, hesitant). EtreCheck report below. I am new to EtreCheck and am still deciphering the report. I have a runaway process and kernel panics that could be related to 3rd party software. Also, I downloaded Norton from my Internet provider (xfinity) on 4-9-2020, and EtreCheck shows Norton for Mac and Norton Security were both installed. The app is Norton Security; I can't find Norton For Mac anywhere on my iMac. At any rate, Norton Security has been useless in finding threats. EtreCheck version: 5.5.4 (5106) Report generated: 2020-04-28 03:34:46 Download EtreCheck from https://etrecheck.com Runtime: 2:04 Performance: Excellent Sandbox: Enabled Full drive access: Enabled Problem: Other problem Description: Remove Flash Player, adware, malware Major Issues: Anything that appears on this list needs immediate attention. Runaway process - A process is using a large percentage of your CPU. Kernel panics - This system has experienced kernel panics that could be related to 3rd party software. Minor Issues: These issues do not need immediate attention but they may indicate future problems or opportunities for improvement. Heavy network usage - This machine has recently restarted and has high network usage. Apps crashing - There have been numerous app crashes. Unsigned files - There are unsigned software files installed. Apple has said that unsigned software will not run by default in a future version of the operating system. 32-bit Apps - This machine has 32-bits apps will not work on macOS 10.15 "Catalina". Kernel extensions present - This machine has kernel extensions that may not work in the future. Hardware Information: iMac (Retina 5K, 27-inch, 2017) iMac Model: iMac18,3 4.2 GHz Intel Core i7 (i7-7700K) CPU: 4-core 8 GB RAM - Upgradeable BANK 0/DIMM0 - 4 GB DDR4 2400 BANK 0/DIMM1 - Empty BANK 1/DIMM0 - 4 GB DDR4 2400 BANK 1/DIMM1 - Empty Video Information: Radeon Pro 580 - VRAM: 8 GB iMac (built-in) 5120 x 2880 Drives: disk0 - APPLE SSD SM2048L 2.00 TB (Solid State - TRIM: Yes) Internal PCI-Express 8.0 GT/s x4 NVM Express disk0s1 - EFI [EFI] 315 MB disk0s2 [APFS Container] 2.00 TB disk1 [APFS Virtual drive] 2.00 TB (Shared by 4 volumes) disk1s1 - Macintosh HD (APFS) (Shared - 653.85 GB used) disk1s2 - Preboot (APFS) [APFS Preboot] (Shared) disk1s3 - Recovery (APFS) [Recovery] (Shared) disk1s4 - VM (APFS) [APFS VM] (Shared - 5.37 GB used) Mounted Volumes: disk1s1 - Macintosh HD 2.00 TB (Shared - 653.85 GB used, 1.35 TB available, 1.34 TB free) APFS Mount point: / disk1s4 - VM [APFS VM] 2.00 TB (Shared - 5.37 GB used, 1.34 TB free) APFS Mount point: /private/var/vm Network: Interface en0: Ethernet Interface en5: iPhone Interface en1: Wi-Fi 802.11 a/b/g/n/ac Interface en4: Bluetooth PAN Interface bridge0: Thunderbolt Bridge System Software: macOS Mojave 10.14.6 (18G4032) Time since boot: About 4 hours Notifications: EtreCheck.app 5 notifications Safari.app 4 notifications Security: Gatekeeper: Enabled System Integrity Protection: Enabled Antivirus software: Apple and Malwarebytes Unsigned Files: Launchd: /Library/LaunchDaemons/jp.co.canon.MasterInstaller.plist Executable: /Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller Details: Exact match found in the whitelist - probably OK Launchd: /Library/LaunchDaemons/com.symantec.sharedsettings.MES.plist Executable: /Library/Application Support/Symantec/Silo/MES/DomainSettings/SymSharedSettingsd Details: Executable file is not accessible without Full Drive Access 32-bit Applications: 5 32-bit apps Kernel Extensions: /Library/Application Support/Malwarebytes/MBAM/Kext MB_MBAM_Protection.kext (Malwarebytes Corporation, 4.4 - SDK 10.11) /Library/Extensions SymXIPS.kext (Symantec, 9.0.1 - SDK 10.10) SymInternetSecurity.kext (Symantec, 9.0.3 - SDK 10.10) SymIPS.kext (Symantec, 9.0.2 - SDK 10.10) NortonForMac.kext (Symantec, 9.0.1 - SDK 10.10) System Launch Agents: [Not Loaded] 15 Apple tasks [Loaded] 187 Apple tasks [Running] 97 Apple tasks [Other] One Apple task System Launch Daemons: [Not Loaded] 38 Apple tasks [Loaded] 199 Apple tasks [Running] 97 Apple tasks Launch Agents: [Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2020-04-21) [Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2020-04-21) [Running] com.symantec.uiagent.application.MES.plist (Symantec - installed 2020-03-26) Launch Daemons: [Loaded] com.apple.installer.osmessagetracing.plist (Apple - installed 2020-03-18) [Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2020-04-27) [Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2020-04-21) [Loaded] com.microsoft.OneDriveUpdaterDaemon.plist (Microsoft Corporation - installed 2019-01-23) [Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2020-04-21) [Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2019-01-15) [Loaded] com.symantec.SymLUHelper.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.UninstallerToolHelper.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.deepsightdownload.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.dsp.nortonaggregatord.MES.plist (Symantec - installed 2020-03-26) [Running] com.symantec.kexthelper.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.liveupdate.daemon.MES.plist (Symantec - installed 2020-03-26) [Running] com.symantec.sharedsettings.MES.plist (? 84ffa067 - installed 2020-03-26) [Running] com.symantec.symdaemon.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.symqual.detail.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.symqual.panicreporter.MES.plist (Symantec - installed 2020-03-26) [Loaded] com.symantec.symqual.submit.MES.plist (Symantec - installed 2020-03-26) [Loaded] jp.co.canon.MasterInstaller.plist (? d0637166 - installed 2019-03-24) User Launch Agents: [Other] com.google.keystone.agent.plist (Google, Inc. - installed 2020-04-27) [Loaded] com.google.keystone.xpcservice.plist (Google, Inc. - installed 2020-04-27) User Login Items: [Running] CIJSULAgent (Canon Inc. - installed 2019-03-24) Modern Login Item /Applications/Canon Utilities/IJ Scan Utility/Canon IJ Scan Utility Lite.app/Contents/Library/LoginItems/CIJSULAgent.app [Not Loaded] Launcher Disabler (Microsoft Corporation - installed 2019-01-23) Modern Login Item /Applications/OneDrive.app/Contents/Library/LoginItems/Launcher Disabler.app [Not Loaded] OneDrive Launcher (Microsoft Corporation - installed 2019-01-23) Modern Login Item /Applications/OneDrive.app/Contents/Library/LoginItems/OneDrive Launcher.app [Not Loaded] StartUpHelper (Spotify - installed 2019-05-16) Modern Login Item /Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app [Not Loaded] HP Device Monitor (HP Inc. - installed 2019-01-08) Modern Login Item /Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpers/HP Device Monitor Manager.app/Contents/Library/LoginItems/HP Device Monitor.app [Not Loaded] HP Product Research (HP Inc. - installed 2019-01-08) Modern Login Item /Library/Printers/hp/Utilities/HPPU Plugins/ProductImprovementStudy.hptask/Contents/Helpers/HP Product Research Manager.app/Contents/Library/LoginItems/HP Product Research.app [Not Loaded] HP Data Uploader (HP Inc. - installed 2019-01-08) Modern Login Item /Library/Printers/hp/Utilities/HPPU Plugins/ProductImprovementStudy.hptask/Contents/Helpers/HP Product Research Manager.app/Contents/Library/LoginItems/HP Product Research.app/Contents/Resources/HP Data Uploader.app Audio Plug-ins: AppleTimeSyncAudioClock: 1.0 (Apple - installed 2019-09-20) BluetoothAudioPlugIn: 6.0.14 (Apple - installed 2020-04-15) AirPlay: 2.0 (Apple - installed 2020-04-15) AppleAVBAudio: 760.6 (Apple - installed 2019-09-20) BridgeAudioSP: 5.52 (Apple - installed 2020-04-15) iSightAudio: 7.7.3 (Apple - installed 2019-09-20) 3rd Party Preference Panes: Flash Player (Adobe Systems, Inc. - installed 2020-02-25) Time Machine: Auto backup: Yes Volumes being backed up: Macintosh HD: Disk size: 2.00 TB - Disk used: 660.08 GB Destinations: Data [Network] (Last used) Total size: 2.85 TB Total number of backups: 20 Oldest backup: 2020-03-15 10:45:32 Last backup: 2020-04-28 03:13:43 16 local snapshots Oldest local snapshot: 2020-04-27 03:11:25 Last local snapshot: 2020-04-28 03:08:02 Performance: System Load: 3.20 (1 min ago) 2.51 (5 min ago) 2.26 (15 min ago) Nominal I/O speed: 7.97 MB/s File system: 30.11 seconds Write speed: 2267 MB/s Read speed: 2832 MB/s CPU Usage Snapshot: Type Overall System: 3 % User: 18 % Idle: 78 % Top Processes Snapshot by CPU: Process (count) CPU (Source - Location) Other processes 127.13 % (?) Console 25.05 % (Apple) EasyFind 7.43 % (App Store) Safari 4.80 % (Apple) EtreCheck 2.89 % (App Store) Top Processes Snapshot by Memory: Process (count) RAM usage (Source - Location) EtreCheck 443 MB (App Store) Console 246 MB (Apple) Safari 183 MB (Apple) Finder 177 MB (Apple) EasyFind 122 MB (App Store) Top Processes Snapshot by Network Use: Process Input / Output (Source - Location) Other processes 638 MB / 1.13 GB (?) com.apple.WebKit.Networking 2 MB / 408 KB (Apple) SystemUIServer 873 B / 36 B (Apple) Terminal 0 B / 0 B (Apple) diagnostics_agent 0 B / 0 B (Apple) Virtual Memory Information: Physical RAM: 8 GB Free RAM: 23 MB Used RAM: 7.02 GB Cached files: 982 MB Available RAM: 1006 MB Swap Used: 1.76 GB Software Installs (past 30 days): Install Date Name (Version) 2020-04-01 Numbers (10.0) 2020-04-01 Pages (10.0) 2020-04-01 Keynote (10.0) 2020-04-02 Safari (13.1) 2020-04-02 MRTConfigData (1.58) 2020-04-09 Norton For Mac (126.96.36.1997.277) 2020-04-09 Norton Security SKU (188.8.131.527.277) 2020-04-15 Security Update 2020-002 (10.14.6) 2020-04-15 Mobile Device (184.108.40.206) 2020-04-15 Microsoft Excel (16.36.20041300) 2020-04-15 Microsoft OneNote (16.36.20041300) 2020-04-15 Microsoft Outlook (16.36.20041300) 2020-04-15 Microsoft PowerPoint (16.36.20041300) 2020-04-16 XProtectPlistConfigData (2119) 2020-04-21 Microsoft AutoUpdate (4.22.20042003) 2020-04-27 EasyFind (4.9.3) 2020-04-27 EtreCheck (5.5.4) 2020-04-27 Microsoft Word (16.36.20041300) 2020-04-27 Malwarebytes for Mac (1.0) Diagnostics Information (past 7-30 days): 2020-04-28 03:19:47 Safari.app - Crash (15 times) Executable: /Applications/Safari.app Details: dyld: launch, loading dependent libraries 2020-04-27 23:43:59 coreservicesd - High CPU Use (2 times) Executable: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/Support/coreservicesd 2020-04-26 06:07:30 com.apple.WebKit.WebContent - High CPU Use Executable: /System/Library/StagedFrameworks/Safari/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent 2020-04-25 22:53:44 backupd - High CPU Use Executable: /System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd 2020-04-22 13:44:47 Kernel Panic (2 times) Details: panic(cpu 0 caller 0xffffff8013205446): "a freed zone element has been modified in zone kalloc.128: expected 0xdeadbeefdeadbeef but found 0x ffffff803a83c250, bits changed 0x2152416fe42e7cbf, at offset 88 of 128 in element 0xffffff803a83b800, cookies 0x3f00119a67238ab8 0x53521dd0d 22eb3d"@/BuildRoot/Library/Caches/com.apple.xbs/Sources/xnu/xnu-4903.2 78.28/osfmk/kern/zalloc.c:1206 3rd party kernel extensions: com.malwarebytes.mbam.rtprotection com.symantec.SymXIPS com.symantec.internetSecurity.kext com.symantec.ips.kext com.symantec.nfm.kext End of report If you got this far, I am indebted to your kindness. Thank you!
Hello - I have been “infected” by some sort of browser redirect, where ALL Google searches on both Chrome AND Safari are automatically redirected to Yahoo. On Chrome, the tab w/ results says “Wajam Yahoo Search” and on Safari, a URL that includes “searchpage.com” appears briefly before the Yahoo results page. I’ve tried multiple things on various forums and YouTube video, but nothing addresses this specific problem. Malwarebytes found 7 threats that were cleared, but none of them solved for the browser redirect problem. Please help, I’m getting desperate and don’t want to resort to a time machine backup restore.
I had installed trial versions of Malwarebytes products and used the free tools as well. For some reason I had a problem with Safari browser in Windows. I had archived documents which needed to be open using Safari browser. Safari crashed and the only way to recover Windows health was using the Reason Core Security tool Remediation. Several other incidents have happened and even though my intention was to purchase Malwarebytes, it seems to me I was somehow driven to purchase some other products instead. I still use the very helpful free tools provided by Malwarebytes. Just out of curiosity.