Jump to content
Kenhel

How to remove self replicating malware.

Recommended Posts

I have this weird extension for safari which always pop up and disturbs me doing my stuff on my mac, It just pop up as safari. I discover that the malware replicates when I tell safari to show me in folder and I discovered that the malware is in a folder like App_random number and letter - random number and letter - random number and letter - random number and letter So I decided to search App_ in my mac and Discovered something like 14 GB worth of space is taken up which explains why my storage is low even tho I have 200 Gb worth of space but that is a lot of space used. Whenever I moved it to trash it will always have a new fresh set ready to be deleted the next day also whats annoying is that I almost click the allow notification button because I was auto clicking to afk farm in a game, I will assume that if I was unlucky that i pressed it, I will have a lot of pop up ads. It also disturb me afk farming as it will just make me jump to the window, I once was fighting the ender dragon with near perfect enchanted diamond tools, my best tools and That stupid malware popped up and I quickly changed back but the ender dragon already knocked me off the map so I lost my stuff and those took me weeks to make. Also I am running on macOS Mojave the anti virus or anti malware never works.

 

Share this post


Link to post
Share on other sites
Posted (edited)

Just as I was typing 3 of them were created... Also this ZIP creates the malware

 

 

agree.png

agree.png

 

Edited by AdvancedSetup
Removed possible adware

Share this post


Link to post
Share on other sites

Ok so the first to file Im gonna circle them in my next picture is the malware

1868773796_Screenshot2019-08-07at10_47_50PM.thumb.png.9fd21340413524e0afbd323fec4b0a99.png

Share this post


Link to post
Share on other sites

I've asked that the file be removed from this discussion to prevent anybody else from downloading it.

I do detect it as an adware known as Chili Tab and suspect that the staff will want you to submit a system report created with the help of below article  (please don't post the zip file here)

https://support.malwarebytes.com/docs/DOC-3235

Instead,  log a support ticket with help of below link and attach the file with the email

https://support.malwarebytes.com/community/contactsupport/pages/home-support

Share this post


Link to post
Share on other sites
Posted (edited)

[edit - removed zip file, Staff]

Edited by AdvancedSetup
Removed file

Share this post


Link to post
Share on other sites
19 hours ago, Kenhel said:

[edit - removed zip file, Staff]

I had your attachment removed as it probably contains information that should not be made public.

Instead I need you to log a support ticket with help of below link and attach the file with the email

https://support.malwarebytes.com/community/contactsupport/pages/home-support

Share this post


Link to post
Share on other sites
2 hours ago, alvarnell said:

I had your attachment removed as it probably contains information that should not be made public.

Instead I need you to log a support ticket with help of below link and attach the file with the email

https://support.malwarebytes.com/community/contactsupport/pages/home-support

Alternately, if you’d prefer not to go through the support route, feel free to send the MWB_Info.zip file directly to me... I’ll probably end up looking at it either way. 😁

To send me a direct message, click on my name or avatar at left, then click the Message button.

Share this post


Link to post
Share on other sites

I see that you have some adware installed that Malwarebytes for Mac should remove, but you don't actually have Malwarebytes installed. I would recommend installing Malwarebytes, which will scan for and remove the adware for free.

There are also a bunch of system configuration profiles installed that are causing a Chrome extension to continue to be installed. Those profiles will need to be removed manually, as Apple does not provide any way to manage those profiles that we're able to safely use to remove them for you. To do so, open System Preferences, click the Profiles icon, and then remove every item in the Device Profiles list.

Because there are multiple nearly identical profiles, I suspect some of the adware you have installed is installing those profiles. Here's what I recommend doing:

  1. Install Malwarebytes (https://malwarebytes.com/mac-download)
  2. Scan for threats, and confirm that you want to remove them
  3. You will probably be asked to restart the computer, but don't do so yet
  4. Follow the directions above to remove all the configuration profiles
  5. Now restart the computer
  6. After restart, scan again with Malwarebytes and remove anything detected. If anything is detected that requires a reboot, do so.

After you've done all that, run the script again to generate a new MWB_Info.zip file, and send me that new file. I'll take a look and make sure that everything is gone.

Share this post


Link to post
Share on other sites

Ok thank you very much, also can you send me the script again?I cannot really find it its very weird.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.