221
Do I have Malware?
Sophos is telling me I need to remove this file manually, which is protected. After a reboot I now have two of these txt files detected.
/.Spotlight-V100/Store-V2/442310BF-DE1C-46A8-A5E7-E7B860C7460C/Cache/0000/0000/0 1b8/28848371.txt
Can anyone help to confirm of this could be malware?
Thanks
I think you should remove Sophos first. However to thoroughly check why not download and apply this program which will help us to locate any malware you may have.
Publish the report it produces as a reply.
Hi See report below;
EtreCheck version: 3.4.4 (448)
Report generated 2017-09-10 12:39:01
Download EtreCheck from https://etrecheck.com
Runtime: 3:40
Performance: Good
Click the [Lookup] links for more information from Apple Support Communities.
Click the [Details] links for more information about that line.
Click the [Remove/Report] links to remove adware or update the whitelist of legitimate software.
Click the [Clean up] link to delete unused files.
Problem: Other problem
Description:
Malware in V100
MacBook Pro (Retina, 13-inch, Mid 2014)
[Technical Specifications] - [User Guide] - [Warranty & Service]
MacBook Pro - model: MacBookPro11,1
1 2.6 GHz Intel Core i5 (i5-4278U) CPU: 2-core
8 GB RAM Not upgradeable
BANK 0/DIMM0
4 GB DDR3 1600 MHz ok
BANK 1/DIMM0
4 GB DDR3 1600 MHz ok
Handoff/Airdrop2: supported
Wireless: en0: 802.11 a/b/g/n/ac
Battery: Health = Normal - Cycle count = 363
iCloud Quota: 81.65 GB available
Intel Iris - VRAM: 1536 MB
Color LCD 2560 x 1600
APPLE SSD SM0256F disk0: (251 GB) (Solid State - TRIM: Yes)
EFI (disk0s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB
(disk0s2) <not mounted> [CoreStorage Container]: 250.14 GB
Recovery HD (disk0s3 - Journaled HFS+) <not mounted> [Recovery]: 650 MB
USB30Bus
Apple Inc. Apple Internal Keyboard / Trackpad
MOSART Semi. 2.4G Keyboard Mouse
Apple Inc. thunderbolt_bus
Macintosh HD (disk1 - Journaled HFS+) / [Startup]: 249.82 GB (20.66 GB free)
Physical disk: disk0s2 250.14 GB Online
Malwarebytes (disk2s1 - HFS+) /Volumes/Malwarebytes : 25 MB (10 MB free)
Physical disk: Disk Image 25 MB (10 MB free)
Avast Security (disk3s9 - HFS+) /Volumes/Avast Security : 139 MB (107 MB free)
Physical disk: Disk Image 139 MB (107 MB free)
macOS Sierra 10.12.6 (16G29) - Time since boot: about one hour
Mac App Store and identified developers
Unknown file: ~/Library/LaunchAgents/com.cisco.videoguard8.plist
sh -c $HOME/Library/Cisco/VideoGuardPlayer/VideoGuard8/VideoGuard8.bundle/Contents/Re sources/setupServer.sh
Unknown file: ~/Library/LaunchAgents/com.cisco.videoguard8.uninstall.plist
sh ~/.cisco/VideoGuard/uninstall/cisco_videoguard8/condUninstall.sh
2 possible adware files found. [Remove/Report]
/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist
/Library/Application Support/Wireshark/ChmodBPF/ChmodBPF
Executable not found!
~/Library/LaunchAgents/com.bittorrent.BitTorrent.plist
/usr/bin/open -n /Applications/BitTorrent.app
Executable not found!
2 orphan files found. [Clean up]
/Applications/BlueStacks.app
[not loaded] com.bluestacks.kext.Hypervisor (4.3.26) [Lookup]
/Applications/ExpressVPN.app
[not loaded] com.expressvpn.splittunnel (1.0.2 - SDK 10.12) [Lookup]
/Applications/VMware Fusion.app
[not loaded] com.vmware.kext.vmci (8.5.8) [Lookup]
[not loaded] com.vmware.kext.vmioplug.15.2.1 (8.5.8) [Lookup]
[not loaded] com.vmware.kext.vmnet (8.5.8) [Lookup]
[not loaded] com.vmware.kext.vmx86 (8.5.8) [Lookup]
/Applications/zoom.us.app
[not loaded] zoom.us.ZoomAudioDevice (1.1 - SDK 10.8) [Lookup]
/Library/Application Support/VirtualBox
[loaded] org.virtualbox.kext.VBoxDrv (5.1.22) [Lookup]
[loaded] org.virtualbox.kext.VBoxNetAdp (5.1.22) [Lookup]
[loaded] org.virtualbox.kext.VBoxNetFlt (5.1.22) [Lookup]
[loaded] org.virtualbox.kext.VBoxUSB (5.1.22) [Lookup]
/Library/Extensions
[not loaded] com.asix.driver.ax88179-178a (1.9.0 - SDK 10.10) [Lookup]
[loaded] com.malwarebytes.mbam.rtprotection (3.0 - SDK 10.12) [Lookup]
[loaded] com.sophos.kext.oas (9.6.51 - SDK 10.11) [Lookup]
[loaded] com.sophos.nke.swi (9.6.50 - SDK 10.11) [Lookup]
/Library/Extensions/HuaweiDataCardDriver_10_9.kext/Contents/PlugIns
[not loaded] com.MBB.driver.MBBACMData (5.01.01.00 - SDK 10.8) [Lookup]
[not loaded] com.MBB.driver.MBBActivateDriver (5.01.00 - SDK 10.8) [Lookup]
[not loaded] com.MBB.driver.MBBEthernetData (5.01.01.00 - SDK 10.8) [Lookup]
/System/Library/Extensions
[not loaded] com.madcatz.driver.CyborgRAT (1.0.69 - SDK 10.8) [Lookup]
[not loaded] org.dungeon.driver.SATSMARTDriver (0.10 - SDK 10.6) [Lookup]
HW_CreateNetwork: Path: /Library/StartupItems/HW_CreateNetwork
HWPortDetect_driver: Path: /Library/StartupItems/HWPortDetect_driver
Startup items no longer function in OS X Yosemite or later
[not loaded] 6 Apple tasks
[loaded] 180 Apple tasks
[running] 96 Apple tasks
[failed] com.apple.watchdogd.plist (Apple, Inc. - installed 2017-07-15)
[not loaded] 42 Apple tasks
[loaded] 171 Apple tasks
[running] 103 Apple tasks
[running] com.MadCatz.MadCatzSmartTechnology.plist (Mad Catz, Inc. - installed 2015-11-03) [Lookup]
[not loaded] com.adobe.AAM.Updater-1.0.plist (Adobe Systems, Inc. - installed 2015-02-13) [Lookup]
[failed] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d.plist (Adobe Systems, Inc. - installed 2017-07-10) [Lookup]
[loaded] com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2015-02-13) [Lookup]
[running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2017-09-10) [Lookup]
[loaded] com.oracle.java.Java-Updater.plist (? 8f8ebc76 72ac4dde - installed 2017-08-04) [Lookup]
[running] com.sophos.uiserver.plist (Sophos - installed 2017-02-24) [Lookup]
[not loaded] com.teamviewer.teamviewer.plist (TeamViewer GmbH - installed 2017-09-10) [Lookup]
[not loaded] com.teamviewer.teamviewer_desktop.plist (TeamViewer GmbH - installed 2017-09-10) [Lookup]
[loaded] org.gpgtools.Libmacgpg.xpc.plist (Lukas Pitschl - installed 2016-06-28) [Lookup]
[loaded] org.gpgtools.gpgmail.enable-bundles.plist (Shell Script d032aea - installed 2015-09-21) [Lookup]
[loaded] org.gpgtools.gpgmail.patch-uuid-user.plist (? 84ce07f2 410547e5 - installed 2015-09-21) [Lookup]
[loaded] org.gpgtools.macgpg2.fix.plist (Shell Script d7ac5146 - installed 2016-06-28) [Lookup]
[running] org.gpgtools.macgpg2.shutdown-gpg-agent.plist (Shell Script df7bd0cf - installed 2016-06-28) [Lookup]
[loaded] org.gpgtools.updater.plist (Lukas Pitschl - installed 2016-07-04) [Lookup]
[loaded] org.macosforge.xquartz.startx.plist (Apple Inc. - XQuartz - installed 2015-10-16) [Lookup]
[loaded] com.BlueStacks.AppPlayer.bstservice_helper.plist (BlueStack Systems, Inc. - installed 2015-08-16) [Lookup]
[loaded] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2017-07-10) [Lookup]
[loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2017-07-10) [Lookup]
[loaded] com.adobe.fpsaud.plist (? 2afb3af7 e92009a9 - installed 2017-07-25) [Lookup]
[running] com.easeus.dataprotectbackup.plist (? ? ? - installed 2017-09-10) [Lookup]
[running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2017-09-10) [Lookup]
[running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2017-09-10) [Lookup]
[loaded] com.oracle.java.Helper-Tool.plist (Shell Script e3fefdd2 - installed 2017-07-22) [Lookup]
[running] com.sophos.common.servicemanager.plist (Sophos - installed 2017-02-24) [Lookup]
[loaded] com.teamviewer.Helper.plist (TeamViewer GmbH - installed 2017-07-27) [Lookup]
[not loaded] com.teamviewer.teamviewer_service.plist (TeamViewer GmbH - installed 2017-09-10) [Lookup]
[running] com.tenablesecurity.nessusd.plist (Tenable Network Security, Inc. - installed 2015-05-04) [Lookup]
[loaded] org.gpgtools.gpgmail.patch-uuid.plist (? 42fc83f8 410547e5 - installed 2015-09-21) [Lookup]
[loaded] org.macosforge.xquartz.privileged_startx.plist (Apple Inc. - XQuartz - installed 2015-10-16) [Lookup]
[not loaded] org.virtualbox.startup.plist (Shell Script 700b9385 - installed 2017-07-11) [Lookup]
[loaded] org.wireshark.ChmodBPF.plist (? d4207e05 0 - installed 2015-06-05) [Lookup] - /Library/Application Support/Wireshark/ChmodBPF/ChmodBPF: Executable not found!
[loaded] com.BlueStacks.AppPlayer.Service.plist (BlueStack Systems, Inc. - installed 2015-08-16) [Lookup]
[loaded] com.BlueStacks.AppPlayer.UninstallWatcher.plist (Shell Script 3fbd4d67 - installed 2017-04-29)
[failed] com.BlueStacks.AppPlayer.Updater.plist (BlueStack Systems, Inc. - installed 2015-08-16) [Lookup]
[loaded] com.adobe.AAM.Updater-1.0.plist (Adobe Systems, Inc. - installed 2015-03-11) [Lookup]
[loaded] com.cisco.videoguard8.plist (Shell Script e4704a32 - installed 2017-08-29)
[loaded] com.cisco.videoguard8.uninstall.plist (Shell Script 421c6031 - installed 2017-08-29)
[running] com.cisco.videoguardmonitor.plist (Shell Script 8744f150 - installed 2017-08-29)
[loaded] com.citrixonline.GoToMeeting.G2MUpdate.plist (Citrix Online LLC - installed 2016-09-05) [Lookup]
[loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2017-08-10) [Lookup]
[loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2017-07-10) [Lookup]
[loaded] com.skype.skype.shareagent.plist (Skype Communications S.a.r.l - installed 2017-05-19) [Lookup]
[running] com.srib.pssddaemon.plist (Samsung Electronics - installed 2017-07-29) [Lookup]
[not loaded] org.virtualbox.vboxwebsrv.plist (Oracle America, Inc. - installed 2017-07-11) [Lookup]
iTunesHelper Application (Apple, Inc. - installed 2017-07-21)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Knowhow Cloud Application
(/Applications/Knowhow Cloud.app/Contents/Resources/Knowhow Cloud.app)
Dropbox Application
(/Applications/Dropbox.app)
VMware Fusion Start Menu Application
(/Applications/VMware Fusion.app/Contents/Library/VMware Fusion Start Menu.app)
AdobeResourceSynchronizer Application - Hidden
(/Applications/Adobe Acrobat Reader DC.app/Contents/Helpers/AdobeResourceSynchronizer.app)
ExpressVPN Application
(/Applications/ExpressVPN.app)
DRWTray Application (? 0 - installed 2017-09-10)
(/Applications/EaseUS Data Recovery Wizard.app/Contents/MacOS/DRWTray.app)
AdobeAAMDetect: AdobeAAMDetect 2.0.0.0 (installed 2015-02-13) [Lookup]
FlashPlayer-10.6: 26.0.0.151 (installed 2017-08-08) [Lookup]
QuickTime Plugin: 7.7.3 (installed 2017-07-21)
AdobePDFViewerNPAPI: 17.012.20095 (installed 2017-08-13) [Lookup]
AdobePDFViewer: 17.012.20095 (installed 2017-08-13) [Lookup]
Flash Player: 26.0.0.151 (installed 2017-08-08) [Lookup]
SiteAdvisor: 2.0 (installed 2014-12-05) [Lookup]
PepperFlashPlayer: 26.0.0.151 (installed 2017-08-08) [Lookup]
Silverlight: 5.1.50901.0 (installed 2017-02-26) [Lookup]
JavaAppletPlugin: Java 8 Update 144 build 01 (installed 2017-08-04) Check version
CitrixOnlineWebDeploymentPlugin: 1.0.105 (installed 2013-04-26) [Lookup]
ZoomUsPlugIn: 4.0.38982.0714 (installed 2017-08-14) [Lookup]
[not loaded] SiteAdvisor - McAfee - https://www.siteadvisor.com (installed 2015-09-29)
[enabled] ExpressVPN - ExpressVPN - https://www.expressvpn.com (installed 2017-09-02)
Flash Player (installed 2017-07-25) [Lookup]
GPGPreferences (installed 2016-07-04) [Lookup]
Java (installed 2017-08-04) [Lookup]
Nessus.Preferences (installed 2015-05-04) [Lookup]
RAT (installed 2014-03-13) [Lookup]
Time Machine not configured!
9% Google Chrome
8% mdworker
7% Google Chrome Helper
6% WindowServer
6% kernel_task
833 MB kernel_task
421 MB Google Chrome Helper
348 MB com.apple.WebKit.WebContent
326 MB firefox
315 MB Google Chrome Helper
Top Processes by Network Use: ⓘ
Input Output Process name
86 MB 13 MB openvpn
52 KB 59 KB Dropbox
38 KB 17 KB mDNSResponder
11 KB 11 KB SophosScanD
7 KB 6 KB SophosSXLD
Top Processes by Energy Use: ⓘ
13.94 Google Chrome
11.74 WindowServer
9.00 Google Chrome Helper
4.18 Google Chrome Helper
1.82 GB Available RAM
93 MB Free RAM
6.18 GB Used RAM
1.73 GB Cached files
0 B Swap Used
Adobe Acrobat Reader DC (17.012.20095): (installed 2017-08-13)
Microsoft OneNote: 15.37 (installed 2017-08-17)
ExpressVPN: (installed 2017-09-02)
Evernote: 6.12 (installed 2017-09-04)
Media Player: 2.1.0 (installed 2017-09-06)
Malwarebytes for Mac: (installed 2017-09-10)
Install information may not be complete.
最後更新:2017-09-10 22:32:20 上一篇:
Deleting messages from the Apple Watch? 下一篇:
How do I reconfigure my MacBook Pro?相關內容
Permanently set my start up disk/default OS? How to change phone number for verification code? Help me to rescue from this problem HDDs for Mac Pro 2010 Server How do I download all songs at once on itunes m... green distorting filter on my Mac screen iTunes is duplicating songs and TV shows purcha... question about backups A new @me.com email address See deleted messages熱門內容
"com.apple.installer.pagecontroller error any idea what error 3503 is? Underallocation Detected on Main device The operation couldn’t be completed. (BKA... is ctoid.exe a virus on my ipad safari browser? iTunes Error: Declined to authorize this image ... Keep High Efficiency Original if Available Chec... iTunes 12.7 cannot edit playlist High Sierra Stuck & Decryption paused Need to unlock iphone 5 to reactivate the phone...最新內容
Christian Music Removed From Itunes I'm being billed twice every month for Apple Mu... iMac running slow Fix disappearing album art after moving iTunes Activation Locked iWatch Can I change the iwatch to miles instead of kil... I keep seeing the "You don't have permission to... can't read any menus macbook air iPad 2, iOs9.3, taking days to restore charges made under itune memeberships