Jump to content

Malware/ Adware not detected by MAMW for mac


Recommended Posts

Hi, 

 

 

Hoping that you can help me with this: When I use chrome there's an annoying pop up appearing in most of the websites (Picture 1). I use an adblocker and It just blocks the images that appear in the popup

 

Will split this post in two, first the report of malwarebytes and then the things that I discovered searching for the solution

 

Report:

 

Malwarebytes Anti-Malware 1.1.3.72 system report - January 22, 2016 at 12:38:22 AM CST

Mac OS X version Version 10.11.2 (Build 15C50)

System uptime: 0d 00:41:59

 

Safari extensions

---------------

(

)

 

Chrome extensions

---------------

(

    "Name: WikiTube",

    "Modified: 2016-01-18 20:29:23 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/aneddidibfifdpbeppmpoackniodpekj",

    "Name: 1Password: Password Manager and Secure Wallet",

    "Modified: 2016-01-21 22:27:47 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/aomjjhallfgjeglblehebfpbcfeobpgk",

    "Name: Web Developer",

    "Modified: 2016-01-18 20:29:24 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/bfbameneiokkgbdmiekhjnmfkcnldhhm",

    "Name: Wikipedia Beautifier",

    "Modified: 2016-01-18 20:29:16 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/bpeggllelmdpefcfoeafbliiihbmhfjd",

    "Name: DuckDuckGo for Chrome",

    "Modified: 2016-01-18 20:29:24 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/bpphkkgodbfncbcpgopijlfakfgmclao",

    "Name: OneTab",

    "Modified: 2016-01-18 20:29:25 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/chphlpgkkbolifaimnlloiipkdnihall",

    "Name: BuiltWith Technology Profiler",

    "Modified: 2016-01-18 20:29:13 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/dapjbgnjinbpoindlpdmhochffioedbn",

    "Name: Full Page Screen Capture",

    "Modified: 2016-01-18 20:29:23 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/fdpohaocaechififmbbbbbknoalclacl",

    "Name: News Feed Eradicator for Facebook",

    "Modified: 2016-01-18 20:29:25 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/fjcldmjmjhkklehbacihaiopjklihlgg",

    "Name: AdBlock",

    "Modified: 2016-01-19 21:33:39 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/gighmmpiobklfepjocnamgkkbiglidom",

    "Name: Rapportive",

    "Modified: 2016-01-18 20:29:15 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/hihakjfhbmlmjdnnhegiciffjplmdhin",

    "Name: Bitly | Unleash the power of the link",

    "Modified: 2016-01-18 20:29:17 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/iabeihobmhlgpkcgjiloemdbofjbdcic",

    "Name: Reddit Enhancement Suite",

    "Modified: 2016-01-18 20:29:19 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/kbmfpngjjgdllneeigpgjifpgocmfgmb",

    "Name: Coupons at Checkout",

    "Modified: 2016-01-18 20:29:18 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/kegphgaihkjoophpabchkmpaknehfamb",

    "Name: Hootsuite",

    "Modified: 2016-01-18 20:29:17 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/kneloppijbcidgidihgdjnooihjcdbij",

    "Name: Momentum",

    "Modified: 2016-01-18 20:29:14 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/laookkfknpbbblfpciffpaejjkokdgca",

    "Name: Boomerang for Gmail",

    "Modified: 2016-01-18 20:29:10 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/mdanidgdpmkimeiiojknlnekblgmpdll",

    "Name: Dark Horizon",

    "Modified: 2016-01-18 20:29:28 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/ncjjeokpcnllmmbbipeaagmdpdpiadin",

    "Name: Save to Pocket",

    "Modified: 2016-01-18 20:29:25 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/niloccemoadcdkdjlinkgdfekeahmflj",

    "Name: Buffer",

    "Modified: 2016-01-18 20:29:30 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/noojglkidnpfjbincgijbaiedldjfbhh",

    "Name: Motivation",

    "Modified: 2016-01-18 20:29:28 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/ofdgfpchbidcgncgfpdlpclnpaemakoj",

    "Name: Chrome Apps & Extensions Developer Tool",

    "Modified: 2016-01-18 20:29:09 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/ohmmkhmmmpcnpikjeljgnaoabkaalbgc",

    "Name: Evernote Web Clipper",

    "Modified: 2016-01-18 20:29:27 +0000",

    "/Users/Ignacio/Library/Application Support/Google/Chrome/Default/Extensions/pioclpoplcdbaefihamjohnefbikjilc"

)

 

Firefox extensions

---------------

(

)

 

Login items

---------------

(

    Dropbox,

    Spectacle

)

 

System startup items

---------------

(

)

 

User launch agents

---------------

(

    "/Users/Ignacio/Library/LaunchAgents/com.google.keystone.agent.plist",

    "/Users/Ignacio/Library/LaunchAgents/com.spotify.webhelper.plist"

)

 

System launch agents

---------------

(

    "/Library/LaunchAgents/com.symantec.errorreporter-periodicagent.NFM.plist",

    "/Library/LaunchAgents/com.symantec.uiagent.application.NFM.plist"

)

 

System launch daemons

---------------

(

    "/Library/LaunchDaemons/com.malwarebytes.MBAMHelperTool.plist",

    "/Library/LaunchDaemons/com.microsoft.office.licensingV2.helper.plist",

    "/Library/LaunchDaemons/com.symantec.deepsight-extractor.NFM.plist",

    "/Library/LaunchDaemons/com.symantec.errorreporter-periodic.NFM.plist",

    "/Library/LaunchDaemons/com.symantec.liveupdate.daemon.NFM.plist",

    "/Library/LaunchDaemons/com.symantec.nfm.wps.plist",

    "/Library/LaunchDaemons/com.symantec.sharedsettings.NFM.plist",

    "/Library/LaunchDaemons/com.symantec.symdaemon.NFM.plist",

    "/Library/LaunchDaemons/com.symantec.SymLUHelper.NFM.plist",

    "/Library/LaunchDaemons/com.symantec.UninstallerToolHelper.NFM.plist"

)

 

Kernel extensions

---------------

(

    "/System/Library/Extensions/acfs.kext",

    "/System/Library/Extensions/acfsctl.kext",

    "/System/Library/Extensions/ALF.kext",

    "/System/Library/Extensions/AMD2400Controller.kext",

    "/System/Library/Extensions/AMD2600Controller.kext",

    "/System/Library/Extensions/AMD3800Controller.kext",

    "/System/Library/Extensions/AMD4600Controller.kext",

    "/System/Library/Extensions/AMD4800Controller.kext",

    "/System/Library/Extensions/AMD5000Controller.kext",

    "/System/Library/Extensions/AMD6000Controller.kext",

    "/System/Library/Extensions/AMD7000Controller.kext",

    "/System/Library/Extensions/AMD8000Controller.kext",

    "/System/Library/Extensions/AMD9000Controller.kext",

    "/System/Library/Extensions/AMDFramebuffer.kext",

    "/System/Library/Extensions/AMDRadeonX3000.kext",

    "/System/Library/Extensions/AMDRadeonX4000.kext",

    "/System/Library/Extensions/AMDSupport.kext",

    "/System/Library/Extensions/Apple16X50Serial.kext",

    "/System/Library/Extensions/Apple16X50Serial.kext/Contents/PlugIns/Apple16X50ACPI.kext",

    "/System/Library/Extensions/Apple_iSight.kext",

    "/System/Library/Extensions/AppleACPIPlatform.kext",

    "/System/Library/Extensions/AppleACPIPlatform.kext/Contents/PlugIns/AppleACPIButtons.kext",

    "/System/Library/Extensions/AppleACPIPlatform.kext/Contents/PlugIns/AppleACPIEC.kext",

    "/System/Library/Extensions/AppleAHCIPort.kext",

    "/System/Library/Extensions/AppleAPIC.kext",

    "/System/Library/Extensions/AppleBacklight.kext",

    "/System/Library/Extensions/AppleBacklightExpert.kext",

    "/System/Library/Extensions/AppleBluetoothMultitouch.kext",

    "/System/Library/Extensions/AppleBluetoothRemote.kext",

    "/System/Library/Extensions/AppleBMC.kext",

    "/System/Library/Extensions/AppleCameraInterface.kext",

    "/System/Library/Extensions/AppleCredentialManager.kext",

    "/System/Library/Extensions/AppleEFIRuntime.kext",

    "/System/Library/Extensions/AppleEFIRuntime.kext/Contents/PlugIns/AppleEFINVRAM.kext",

    "/System/Library/Extensions/AppleFDEKeyStore.kext",

    "/System/Library/Extensions/AppleFileSystemDriver.kext",

    "/System/Library/Extensions/AppleFIVRDriver.kext",

    "/System/Library/Extensions/AppleFSCompressionTypeDataless.kext",

    "/System/Library/Extensions/AppleFSCompressionTypeZlib.kext",

    "/System/Library/Extensions/AppleFWAudio.kext",

    "/System/Library/Extensions/AppleGraphicsControl.kext",

    "/System/Library/Extensions/AppleGraphicsControl.kext/Contents/PlugIns/AppleGraphicsDeviceControl.kext",

    "/System/Library/Extensions/AppleGraphicsControl.kext/Contents/PlugIns/AppleGraphicsDevicePolicy.kext",

    "/System/Library/Extensions/AppleGraphicsControl.kext/Contents/PlugIns/AppleMGPUPowerControl.kext",

    "/System/Library/Extensions/AppleGraphicsControl.kext/Contents/PlugIns/AppleMuxControl.kext",

    "/System/Library/Extensions/AppleGraphicsControl.kext/Contents/PlugIns/ApplePolicyControl.kext",

    "/System/Library/Extensions/AppleGraphicsPowerManagement.kext",

    "/System/Library/Extensions/AppleHDA.kext",

    "/System/Library/Extensions/AppleHDA.kext/Contents/PlugIns/AppleHDAController.kext",

    "/System/Library/Extensions/AppleHDA.kext/Contents/PlugIns/AppleHDAHardwareConfigDriver.kext",

    "/System/Library/Extensions/AppleHDA.kext/Contents/PlugIns/AppleMikeyDriver.kext",

    "/System/Library/Extensions/AppleHDA.kext/Contents/PlugIns/DspFuncLib.kext",

    "/System/Library/Extensions/AppleHDA.kext/Contents/PlugIns/IOHDAFamily.kext",

    "/System/Library/Extensions/AppleHIDKeyboard.kext",

    "/System/Library/Extensions/AppleHIDKeyboard.kext/Contents/PlugIns/AppleBluetoothHIDKeyboard.kext",

    "/System/Library/Extensions/AppleHIDMouse.kext",

    "/System/Library/Extensions/AppleHIDMouse.kext/Contents/PlugIns/AppleBluetoothHIDMouse.kext",

    "/System/Library/Extensions/AppleHIDMouse.kext/Contents/PlugIns/AppleUSBHIDMouse.kext",

    "/System/Library/Extensions/AppleHIDTransport.kext",

    "/System/Library/Extensions/AppleHPET.kext",

    "/System/Library/Extensions/AppleHPM.kext",

    "/System/Library/Extensions/AppleHSSPIHIDDriver.kext",

    "/System/Library/Extensions/AppleHSSPISupport.kext",

    "/System/Library/Extensions/AppleHV.kext",

    "/System/Library/Extensions/AppleHWSensor.kext",

    "/System/Library/Extensions/AppleInputDeviceSupport.kext",

    "/System/Library/Extensions/AppleIntelBDWGraphics.kext",

    "/System/Library/Extensions/AppleIntelBDWGraphicsFramebuffer.kext",

    "/System/Library/Extensions/AppleIntelCPUPowerManagement.kext",

    "/System/Library/Extensions/AppleIntelCPUPowerManagementClient.kext",

    "/System/Library/Extensions/AppleIntelFramebufferAzul.kext",

    "/System/Library/Extensions/AppleIntelFramebufferCapri.kext",

    "/System/Library/Extensions/AppleIntelHD3000Graphics.kext",

    "/System/Library/Extensions/AppleIntelHD4000Graphics.kext",

    "/System/Library/Extensions/AppleIntelHD5000Graphics.kext",

    "/System/Library/Extensions/AppleIntelHDGraphics.kext",

    "/System/Library/Extensions/AppleIntelHDGraphicsFB.kext",

    "/System/Library/Extensions/AppleIntelLpssDmac.kext",

    "/System/Library/Extensions/AppleIntelLpssGspi.kext",

    "/System/Library/Extensions/AppleIntelLpssI2C.kext",

    "/System/Library/Extensions/AppleIntelLpssI2CController.kext",

    "/System/Library/Extensions/AppleIntelLpssSpiController.kext",

    "/System/Library/Extensions/AppleIntelLpssUART.kext",

    "/System/Library/Extensions/AppleIntelMCEReporter.kext",

    "/System/Library/Extensions/AppleIntelPCHPMC.kext",

    "/System/Library/Extensions/AppleIntelSKLGraphics.kext",

    "/System/Library/Extensions/AppleIntelSKLGraphicsFramebuffer.kext",

    "/System/Library/Extensions/AppleIntelSlowAdaptiveClocking.kext",

    "/System/Library/Extensions/AppleIntelSNBGraphicsFB.kext",

    "/System/Library/Extensions/AppleIRController.kext",

    "/System/Library/Extensions/AppleKextExcludeList.kext",

    "/System/Library/Extensions/AppleKeyStore.kext",

    "/System/Library/Extensions/AppleKeyswitch.kext",

    "/System/Library/Extensions/AppleLPC.kext",

    "/System/Library/Extensions/AppleLSIFusionMPT.kext",

    "/System/Library/Extensions/AppleMatch.kext",

    "/System/Library/Extensions/AppleMCCSControl.kext",

    "/System/Library/Extensions/AppleMCP89RootPortPM.kext",

    "/System/Library/Extensions/AppleMikeyHIDDriver.kext",

    "/System/Library/Extensions/AppleMobileDevice.kext",

    "/System/Library/Extensions/AppleMobileFileIntegrity.kext",

    "/System/Library/Extensions/AppleMultitouchDriver.kext",

    "/System/Library/Extensions/AppleOSXUSBNCM.kext",

    "/System/Library/Extensions/AppleOSXWatchdog.kext",

    "/System/Library/Extensions/ApplePlatformEnabler.kext",

    "/System/Library/Extensions/AppleRAID.kext",

    "/System/Library/Extensions/AppleRAIDCard.kext",

    "/System/Library/Extensions/AppleRTC.kext",

    "/System/Library/Extensions/AppleSDXC.kext",

    "/System/Library/Extensions/AppleSEP.kext",

    "/System/Library/Extensions/AppleSmartBatteryManager.kext",

    "/System/Library/Extensions/AppleSMBIOS.kext",

    "/System/Library/Extensions/AppleSMBusController.kext",

    "/System/Library/Extensions/AppleSMBusPCI.kext",

    "/System/Library/Extensions/AppleSMC.kext",

    "/System/Library/Extensions/AppleSMCLMU.kext",

    "/System/Library/Extensions/AppleSRP.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/AppleATAPIStorage.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/AppleFireWireStorage.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/AppleHollywood.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/AppleMemorexCDROMDriver.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/AppleUSBCardReader.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/AppleUSBODD.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/AppleUSBStorageCoexistentDriver.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/AppleUSBTDM.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/AppleXserveRAID.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/CanonEOS1D.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/FireWireStorageDeviceSpecifics.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/FWPreferredProtocolSpeed.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/initioFWBridge.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/IOFireWireSerialBusProtocolSansPhysicalUnit.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/LSI-FW-500.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/MaxTranserSizeOverrideDriver.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/MKE-LF-D211A.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/MKE-SR-8171.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/OxfordSemiconductor.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/PioneerSuperDrive.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/PlasmonUDO.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/QPSQueFire.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/SanyoIDShot.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/SonyXDCAMDriver.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/StorageLynx.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/UFIWriteProtectedMediaDriver.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/USBStorageDeviceSpecifics.kext",

    "/System/Library/Extensions/AppleStorageDrivers.kext/Contents/PlugIns/WriteProtectedMediaDriver.kext",

    "/System/Library/Extensions/AppleThunderboltDPAdapters.kext",

    "/System/Library/Extensions/AppleThunderboltDPAdapters.kext/Contents/PlugIns/AppleThunderboltDPAdapterFamily.kext",

    "/System/Library/Extensions/AppleThunderboltDPAdapters.kext/Contents/PlugIns/AppleThunderboltDPInAdapter.kext",

    "/System/Library/Extensions/AppleThunderboltDPAdapters.kext/Contents/PlugIns/AppleThunderboltDPOutAdapter.kext",

    "/System/Library/Extensions/AppleThunderboltEDMService.kext",

    "/System/Library/Extensions/AppleThunderboltEDMService.kext/Contents/PlugIns/AppleThunderboltEDMSink.kext",

    "/System/Library/Extensions/AppleThunderboltEDMService.kext/Contents/PlugIns/AppleThunderboltEDMSource.kext",

    "/System/Library/Extensions/AppleThunderboltIP.kext",

    "/System/Library/Extensions/AppleThunderboltNHI.kext",

    "/System/Library/Extensions/AppleThunderboltPCIAdapters.kext",

    "/System/Library/Extensions/AppleThunderboltPCIAdapters.kext/Contents/PlugIns/AppleThunderboltPCIDownAdapter.kext",

    "/System/Library/Extensions/AppleThunderboltPCIAdapters.kext/Contents/PlugIns/AppleThunderboltPCIUpAdapter.kext",

    "/System/Library/Extensions/AppleThunderboltUTDM.kext",

    "/System/Library/Extensions/AppleTopCase.kext",

    "/System/Library/Extensions/AppleTopCase.kext/Contents/PlugIns/AppleHSBluetoothDriver.kext",

    "/System/Library/Extensions/AppleTopCase.kext/Contents/PlugIns/AppleTopCaseActuatorHIDDriver.kext",

    "/System/Library/Extensions/AppleTopCase.kext/Contents/PlugIns/AppleTopCaseHIDEventDriver.kext",

    "/System/Library/Extensions/AppleTopCase.kext/Contents/PlugIns/AppleUSBTopCaseDriver.kext",

    "/System/Library/Extensions/AppleTyMCEDriver.kext",

    "/System/Library/Extensions/AppleUpstreamUserClient.kext",

    "/System/Library/Extensions/AppleUSBACM.kext",

    "/System/Library/Extensions/AppleUSBAudio.kext",

    "/System/Library/Extensions/AppleUSBCDC.kext",

    "/System/Library/Extensions/AppleUSBDisplays.kext",

    "/System/Library/Extensions/AppleUSBDMM.kext",

    "/System/Library/Extensions/AppleUSBECM.kext",

    "/System/Library/Extensions/AppleUSBEEM.kext",

    "/System/Library/Extensions/AppleUSBEthernet.kext",

    "/System/Library/Extensions/AppleUSBEthernetHost.kext",

    "/System/Library/Extensions/AppleUSBFTDI.kext",

    "/System/Library/Extensions/AppleUSBMultitouch.kext",

    "/System/Library/Extensions/AppleUSBNCM.kext",

    "/System/Library/Extensions/AppleUSBNetworking.kext",

    "/System/Library/Extensions/AppleUSBTopCase.kext",

    "/System/Library/Extensions/AppleUSBTopCase.kext/Contents/PlugIns/AppleUSBTCButtons.kext",

    "/System/Library/Extensions/AppleUSBTopCase.kext/Contents/PlugIns/AppleUSBTCKeyboard.kext",

    "/System/Library/Extensions/AppleUSBTopCase.kext/Contents/PlugIns/AppleUSBTCKeyEventDriver.kext",

    "/System/Library/Extensions/AppleUSBTopCase.kext/Contents/PlugIns/AppleUSBTrackpad.kext",

    "/System/Library/Extensions/AppleUSBWCM.kext",

    "/System/Library/Extensions/AppleWWANAutoEject.kext",

    "/System/Library/Extensions/AppleXsanScheme.kext",

    "/System/Library/Extensions/ATIRadeonX2000.kext",

    "/System/Library/Extensions/AudioAUUC.kext",

    "/System/Library/Extensions/autofs.kext",

    "/System/Library/Extensions/BootCache.kext",

    "/System/Library/Extensions/cd9660.kext",

    "/System/Library/Extensions/cddafs.kext",

    "/System/Library/Extensions/CellPhoneHelper.kext",

    "/System/Library/Extensions/corecapture.kext",

    "/System/Library/Extensions/CoreCaptureResponder.kext",

    "/System/Library/Extensions/corecrypto.kext",

    "/System/Library/Extensions/CoreStorage.kext",

    "/System/Library/Extensions/CoreStorage.kext/Contents/PlugIns/CoreStorageFsck.kext",

    "/System/Library/Extensions/Dont Steal Mac OS X.kext",

    "/System/Library/Extensions/exfat.kext",

    "/System/Library/Extensions/GeForce.kext",

    "/System/Library/Extensions/GeForceTesla.kext",

    "/System/Library/Extensions/IO80211Family.kext",

    "/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortAtheros40.kext",

    "/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4331.kext",

    "/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortBrcm4360.kext",

    "/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AppleAirPortBrcm43224.kext",

    "/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/IO80211NetBooter.kext",

    "/System/Library/Extensions/IOAcceleratorFamily.kext",

    "/System/Library/Extensions/IOAcceleratorFamily2.kext",

    "/System/Library/Extensions/IOACPIFamily.kext",

    "/System/Library/Extensions/IOAHCIFamily.kext",

    "/System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCIBlockStorage.kext",

    "/System/Library/Extensions/IOAHCIFamily.kext/Contents/PlugIns/IOAHCISerialATAPI.kext",

    "/System/Library/Extensions/IOATAFamily.kext",

    "/System/Library/Extensions/IOATAFamily.kext/Contents/PlugIns/AppleIntelPIIXATA.kext",

    "/System/Library/Extensions/IOATAFamily.kext/Contents/PlugIns/IOATABlockStorage.kext",

    "/System/Library/Extensions/IOATAFamily.kext/Contents/PlugIns/IOATAPIProtocolTransport.kext",

    "/System/Library/Extensions/IOAudioFamily.kext",

    "/System/Library/Extensions/IOAVBFamily.kext",

    "/System/Library/Extensions/IOAVBFamily.kext/Contents/PlugIns/IOAVBDiscoveryPlugin.kext",

    "/System/Library/Extensions/IOAVBFamily.kext/Contents/PlugIns/IOAVBPlugin.kext",

    "/System/Library/Extensions/IOAVBFamily.kext/Contents/PlugIns/IOMRPPlugin.kext",

    "/System/Library/Extensions/IOBDStorageFamily.kext",

    "/System/Library/Extensions/IOBluetoothFamily.kext",

    "/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/BroadcomBluetoothHostControllerUSBTransport.kext",

    "/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/CSRBluetoothHostControllerUSBTransport.kext",

    "/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/CSRHIDTransitionDriver.kext",

    "/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothHostControllerUARTTransport.kext",

    "/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothHostControllerUSBTransport.kext",

    "/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothSerialManager.kext",

    "/System/Library/Extensions/IOBluetoothFamily.kext/Contents/PlugIns/IOBluetoothUSBDFU.kext",

    "/System/Library/Extensions/IOBluetoothHIDDriver.kext",

    "/System/Library/Extensions/IOCDStorageFamily.kext",

    "/System/Library/Extensions/IODVDStorageFamily.kext",

    "/System/Library/Extensions/IOFireWireAVC.kext",

    "/System/Library/Extensions/IOFireWireFamily.kext",

    "/System/Library/Extensions/IOFireWireFamily.kext/Contents/PlugIns/AppleFWOHCI.kext",

    "/System/Library/Extensions/IOFireWireIP.kext",

    "/System/Library/Extensions/IOFireWireIP.kext/Contents/PlugIns/IOFireWireIPPrivate.kext",

    "/System/Library/Extensions/IOFireWireSBP2.kext",

    "/System/Library/Extensions/IOFireWireSerialBusProtocolTransport.kext",

    "/System/Library/Extensions/IOGraphicsFamily.kext",

    "/System/Library/Extensions/IOHDIXController.kext",

    "/System/Library/Extensions/IOHDIXController.kext/Contents/PlugIns/AppleDiskImagesCryptoEncoding.kext",

    "/System/Library/Extensions/IOHDIXController.kext/Contents/PlugIns/AppleDiskImagesFileBackingStore.kext",

    "/System/Library/Extensions/IOHDIXController.kext/Contents/PlugIns/AppleDiskImagesHTTPBackingStore.kext",

    "/System/Library/Extensions/IOHDIXController.kext/Contents/PlugIns/AppleDiskImagesKernelBacked.kext",

    "/System/Library/Extensions/IOHDIXController.kext/Contents/PlugIns/AppleDiskImagesPartitionBackingStore.kext",

    "/System/Library/Extensions/IOHDIXController.kext/Contents/PlugIns/AppleDiskImagesRAMBackingStore.kext",

    "/System/Library/Extensions/IOHDIXController.kext/Contents/PlugIns/AppleDiskImagesReadWriteDiskImage.kext",

    "/System/Library/Extensions/IOHDIXController.kext/Contents/PlugIns/AppleDiskImagesSparseDiskImage.kext",

    "/System/Library/Extensions/IOHDIXController.kext/Contents/PlugIns/AppleDiskImagesUDIFDiskImage.kext",

    "/System/Library/Extensions/IOHIDFamily.kext",

    "/System/Library/Extensions/IOHIDFamily.kext/Contents/PlugIns/IOHIDEventDriver.kext",

    "/System/Library/Extensions/IOHIDFamily.kext/Contents/PlugIns/IOHIDEventDriverSafeBoot.kext",

    "/System/Library/Extensions/IOHIDFamily.kext/Contents/PlugIns/IOHIDSystem.kext",

    "/System/Library/Extensions/IOHIDFamily.kext/Contents/PlugIns/IOHIDUserClient.kext",

    "/System/Library/Extensions/IONDRVSupport.kext",

    "/System/Library/Extensions/IONetworkingFamily.kext",

    "/System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/AppleBCM5701Ethernet.kext",

    "/System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/AppleIntel8254XEthernet.kext",

    "/System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/AppleIntelI210Ethernet.kext",

    "/System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/AppleVmxnet3Ethernet.kext",

    "/System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/AppleYukon2.kext",

    "/System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/Intel82574L.kext",

    "/System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/IOEthernetAVBController.kext",

    "/System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/mDNSOffloadUserClient.kext",

    "/System/Library/Extensions/IONetworkingFamily.kext/Contents/PlugIns/nvenet.kext",

    "/System/Library/Extensions/IONVMeFamily.kext",

    "/System/Library/Extensions/IOPCIFamily.kext",

    "/System/Library/Extensions/IOPlatformPluginFamily.kext",

    "/System/Library/Extensions/IOPlatformPluginFamily.kext/Contents/PlugIns/ACPI_SMC_PlatformPlugin.kext",

    "/System/Library/Extensions/IOPlatformPluginFamily.kext/Contents/PlugIns/AppleSMCPDRC.kext",

    "/System/Library/Extensions/IOPlatformPluginFamily.kext/Contents/PlugIns/IOPlatformPluginLegacy.kext",

    "/System/Library/Extensions/IOPlatformPluginFamily.kext/Contents/PlugIns/X86PlatformPlugin.kext",

    "/System/Library/Extensions/IOPlatformPluginFamily.kext/Contents/PlugIns/X86PlatformShim.kext",

    "/System/Library/Extensions/IOReportFamily.kext",

    "/System/Library/Extensions/IOSCSIArchitectureModelFamily.kext",

    "/System/Library/Extensions/IOSCSIArchitectureModelFamily.kext/Contents/PlugIns/IOSCSIBlockCommandsDevice.kext",

    "/System/Library/Extensions/IOSCSIArchitectureModelFamily.kext/Contents/PlugIns/IOSCSIMultimediaCommandsDevice.kext",

    "/System/Library/Extensions/IOSCSIArchitectureModelFamily.kext/Contents/PlugIns/IOSCSIReducedBlockCommandsDevice.kext",

    "/System/Library/Extensions/IOSCSIArchitectureModelFamily.kext/Contents/PlugIns/SCSITaskUserClient.kext",

    "/System/Library/Extensions/IOSCSIParallelFamily.kext",

    "/System/Library/Extensions/IOSerialFamily.kext",

    "/System/Library/Extensions/IOSerialFamily.kext/Contents/PlugIns/AppleUSBIrDA.kext",

    "/System/Library/Extensions/IOSerialFamily.kext/Contents/PlugIns/AppleWWANSupport.kext",

    "/System/Library/Extensions/IOSerialFamily.kext/Contents/PlugIns/AppleWWANSupport1.kext",

    "/System/Library/Extensions/IOSerialFamily.kext/Contents/PlugIns/AppleWWANSupport2.kext",

    "/System/Library/Extensions/IOSlowAdaptiveClockingFamily.kext",

    "/System/Library/Extensions/IOSMBusFamily.kext",

    "/System/Library/Extensions/IOStorageFamily.kext",

    "/System/Library/Extensions/IOStreamFamily.kext",

    "/System/Library/Extensions/IOStreamFamily.kext/Contents/PlugIns/IOStreamUserClient.kext",

    "/System/Library/Extensions/IOSurface.kext",

    "/System/Library/Extensions/IOThunderboltFamily.kext",

    "/System/Library/Extensions/IOTimeSyncFamily.kext",

    "/System/Library/Extensions/IOTimeSyncFamily.kext/Contents/PlugIns/IO8021ASPlugin.kext",

    "/System/Library/Extensions/IOUSBAttachedSCSI.kext",

    "/System/Library/Extensions/IOUSBFamily.kext",

    "/System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/AppleUSBLegacyHub.kext",

    "/System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/AppleUSBMergeNub.kext",

    "/System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/AppleUSBVideoSupport.kext",

    "/System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/IOUSBCompositeDriver.kext",

    "/System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/IOUSBHIDDriver.kext",

    "/System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/IOUSBHIDDriverPM.kext",

    "/System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/IOUSBHIDDriverSafeBoot.kext",

    "/System/Library/Extensions/IOUSBFamily.kext/Contents/PlugIns/IOUSBUserClient.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/AppleUSBEHCI.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/AppleUSBEHCIPCI.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/AppleUSBHostCompositeDevice.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/AppleUSBHostMergeProperties.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/AppleUSBHub.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/AppleUSBOHCI.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/AppleUSBOHCIPCI.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/AppleUSBOpticalMouse.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/AppleUSBUHCI.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/AppleUSBUHCIPCI.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/AppleUSBXHCI.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/AppleUSBXHCIPCI.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/IOUSBHostHIDDevice.kext",

    "/System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/IOUSBHostHIDDeviceSafeBoot.kext",

    "/System/Library/Extensions/IOUSBMassStorageClass.kext",

    "/System/Library/Extensions/IOUSBMassStorageDriver.kext",

    "/System/Library/Extensions/IOUserEthernet.kext",

    "/System/Library/Extensions/IOVideoFamily.kext",

    "/System/Library/Extensions/IOVideoFamily.kext/Contents/PlugIns/IOVideoDeviceUserClient.kext",

    "/System/Library/Extensions/iPodDriver.kext",

    "/System/Library/Extensions/iPodDriver.kext/Contents/PlugIns/iPodSBCDriver.kext",

    "/System/Library/Extensions/L2TP.ppp/Contents/PlugIns/L2TP.kext",

    "/System/Library/Extensions/Libm.kext",

    "/System/Library/Extensions/mcxalr.kext",

    "/System/Library/Extensions/msdosfs.kext",

    "/System/Library/Extensions/NortonForMac.kext",

    "/System/Library/Extensions/ntfs.kext",

    "/System/Library/Extensions/NVDAGF100Hal.kext",

    "/System/Library/Extensions/NVDAGK100Hal.kext",

    "/System/Library/Extensions/NVDANV50HalTesla.kext",

    "/System/Library/Extensions/NVDAResman.kext",

    "/System/Library/Extensions/NVDAResmanTesla.kext",

    "/System/Library/Extensions/NVDAStartup.kext",

    "/System/Library/Extensions/NVSMU.kext",

    "/System/Library/Extensions/OSvKernDSPLib.kext",

    "/System/Library/Extensions/pmtelemetry.kext",

    "/System/Library/Extensions/PPP.kext",

    "/System/Library/Extensions/PPPoE.ppp/Contents/PlugIns/PPPoE.kext",

    "/System/Library/Extensions/PPTP.ppp/Contents/PlugIns/PPTP.kext",

    "/System/Library/Extensions/pthread.kext",

    "/System/Library/Extensions/Quarantine.kext",

    "/System/Library/Extensions/RemoteVirtualInterface.kext",

    "/System/Library/Extensions/Sandbox.kext",

    "/System/Library/Extensions/smbfs.kext",

    "/System/Library/Extensions/SMCMotionSensor.kext",

    "/System/Library/Extensions/SymInternetSecurity.kext",

    "/System/Library/Extensions/SymIPS.kext",

    "/System/Library/Extensions/System.kext",

    "/System/Library/Extensions/System.kext/PlugIns/AppleNMI.kext",

    "/System/Library/Extensions/System.kext/PlugIns/ApplePlatformFamily.kext",

    "/System/Library/Extensions/System.kext/PlugIns/BSDKernel.kext",

    "/System/Library/Extensions/System.kext/PlugIns/IOKit.kext",

    "/System/Library/Extensions/System.kext/PlugIns/IONVRAMFamily.kext",

    "/System/Library/Extensions/System.kext/PlugIns/IOSystemManagement.kext",

    "/System/Library/Extensions/System.kext/PlugIns/Libkern.kext",

    "/System/Library/Extensions/System.kext/PlugIns/MACFramework.kext",

    "/System/Library/Extensions/System.kext/PlugIns/Mach.kext",

    "/System/Library/Extensions/System.kext/PlugIns/Private.kext",

    "/System/Library/Extensions/System.kext/PlugIns/Unsupported.kext",

    "/System/Library/Extensions/TMSafetyNet.kext",

    "/System/Library/Extensions/triggers.kext",

    "/System/Library/Extensions/udf.kext",

    "/System/Library/Extensions/vecLib.kext",

    "/System/Library/Extensions/webcontentfilter.kext",

    "/System/Library/Extensions/webdav_fs.kext",

    "/Library/Extensions/ACS6x.kext",

    "/Library/Extensions/ArcMSR.kext",

    "/Library/Extensions/ATTOCelerityFC8.kext",

    "/Library/Extensions/ATTOExpressSASHBA2.kext",

    "/Library/Extensions/ATTOExpressSASRAID2.kext",

    "/Library/Extensions/CalDigitHDProDrv.kext",

    "/Library/Extensions/HighPointIOP.kext",

    "/Library/Extensions/HighPointRR.kext",

    "/Library/Extensions/NortonForMac.kext",

    "/Library/Extensions/PromiseSTEX.kext",

    "/Library/Extensions/SoftRAID.kext",

    "/Library/Extensions/SymInternetSecurity.kext",

    "/Library/Extensions/SymIPS.kext"

)

 

launchd.conf contents

---------------

 

 

Hosts file

---------------

##

# Host Database

#

# localhost is used to configure the loopback interface

# when the system is booting.  Do not change this entry.

##

127.0.0.1 localhost

255.255.255.255 broadcasthost

::1             localhost 

 

 

Scan log

---------------

2016-01-20 13:35:20 :  

2016-01-20 13:35:20 : ----- Scan Started -----

2016-01-20 13:35:20 : Scanning with signatures version 45 (2016-1-19)

2016-01-20 13:35:52 : *** scan time: 0d 00:00:31 ***

2016-01-20 13:35:52 : ------ Scan Ended ------

2016-01-22 00:37:55 :  

2016-01-22 00:37:55 : ----- Scan Started -----

2016-01-22 00:37:55 : Scanning with signatures version 45 (2016-1-19)

2016-01-22 00:38:12 : *** scan time: 0d 00:00:16 ***

2016-01-22 00:38:12 : ------ Scan Ended ------

 

 

 

 

Heres what I did: 

1.Already executed your mac app to try to remove this pop up but it wasn't cleaned.

 

2.Tried rebooting my computer (completely erased the HDD) and when I redownloaded google chrome and tested (without updating my user and syncing my data) it was still there when I visited many websites like: huffingtonpost, npr.org, my own blog, etc.  (picture 2) 

 

3.Ran Avira antivirus, ClamXamp, Norton Security, but it didn't detect anything.

 

4. I found two websites (in spanish, using google translate to help with context) where there are other people having the same problem but in windows so I can't use their solutions:

https://translate.google.com/translate?sl=es&tl=en&js=y&prev=_t&hl=es-419&ie=UTF-8&u=http%3A%2F%2Fwww.forospyware.com%2Ft514889.html&edit-text=&act=url

 

5. Kept searching and noticed that my DNS was altered so I googled it and found many forums with windows users back in 2012 indicating that the ip's are malicious, here's a list at the bottom of the website with some of the ip's I get: http://www.dcwg.org/detect/checking-osx-for-infections/

 

6. Tried changing the DNS to google (8.8.8.8, 8.8.4.4) and OpenDNS but it still shows the ads (just in chrome) with norton popping up with a "malware blocked" indicator, the ads almost always redirect me to mackeeper  malware

 

 

 

 

 

post-198243-0-71215600-1453444601_thumb.

post-198243-0-02701900-1453444611_thumb.

Link to post
Share on other sites

  • Staff

Is this problem only happening in Chrome, and not in Safari? If so, it's probably being caused by one of your Chrome extensions. Be aware that deleting and reinstalling Chrome doesn't affect the Chrome extensions that are installed.

 

I can't identify any of your Chrome extensions as known troublemakers, but it seems like there are always new adware extensions in the Chrome web store. I'd recommend disabling your Chrome extensions systematically to try to identify which one is the cause. See:

 

https://support.malwarebytes.org/customer/portal/articles/2045724-?b_id=9511

 

Once you've figured out which one is causing the problem, can you let us know?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.