malware probleem

Hallo iedereen,

Ik heb een vraag over adware/malware. Sinds een week krijg ik steeds popups in mijn browser (chrome en safari). Na wat onderzoek blijkt het te gaan om ssp.fwrdy.com malware.

Ik heb wat research gedaan en wat anti malware programma’s gedownload en geprobeerd, maar geen enkele kan het probleem oplossen. Als ik de browsers reset naar hun standaardwaarden zijn de popups even weg. Maar naar een half uur ongeveer is het probleem er weer.

Heeft iemand hier nog een andere oplossing voor toevallig?

Mijn dank is groot!

Jimmy

heb je ook Malwarebytes geprobeerd ??

https://nl.malwarebytes.com

misschien heb je hier ook nog iets aan:

https://www.securemacos.com/remove-ssp-fwrdy-com-virus-pop-up-ads-from-apple-mac-os-x/

Hi Fred,

Dankjewel voor je berichtje. Malwarebytes heb ik geprobeerd, die geeft aan niks te kunnen vinden.

Groetjes,

Jimmy

Als je een EtreCheck report plaatst, kunnen we zien wat je verder nog geinstalleerd hebt aan mogelijke malware.

https://etrecheck.com/

https://www.securemacos.com/remove-ssp-fwrdy-com-virus-pop-up-ads-from-apple-mac-os-x/

Thanks. Hieronder het rapport!

EtreCheck version: 3.4.4 (448)
Report generated 2017-09-17 14:13:26
Download EtreCheck from https://etrecheck.com
Runtime: 1:52
Performance: Excellent

Click the [Lookup] links for more information from Apple Support Communities.
Click the [Details] links for more information about that line.
Click the [Remove/Report] links to remove adware or update the whitelist of legitimate software.

Problem: Other problem
Description:
adware

Hardware Information: ⓘ
iMac (21.5-inch, Mid 2011)
[Technical Specifications] - [User Guide] - [Warranty & Service]
iMac - model: iMac12,1
1 2,7 GHz Intel Core i5 (i5-2500S) CPU: 4-core
8 GB RAM Upgradeable - [Instructions]
BANK 0/DIMM0
2 GB DDR3 1333 MHz ok
BANK 1/DIMM0
2 GB DDR3 1333 MHz ok
BANK 0/DIMM1
2 GB DDR3 1333 MHz ok
BANK 1/DIMM1
2 GB DDR3 1333 MHz ok
Handoff/Airdrop2: not supported
Wireless: en1: 802.11 a/b/g/n
iCloud Quota: 1.15 GB available

Video Information: ⓘ
AMD Radeon HD 6770M - VRAM: 512 MB
iMac 1920 x 1080

Disk Information: ⓘ
WDC WD1001FALS-403AA0 disk0: (1 TB) (Rotational)
[Show SMART report]
EFI (disk0s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB
1 TB (disk0s2 - Journaled HFS+) /Volumes/1 TB : 999.35 GB (976.20 GB free)
Recovery HD (disk0s3 - Journaled HFS+) <not mounted> [Recovery]: 650 MB

Samsung SSD 840 EVO 120GB disk1: (120,03 GB) (Solid State - TRIM: No)
[Show SMART report]
    EFI (disk1s1 - MS-DOS FAT32) &lt;not mounted&gt;  [EFI]: 210 MB 
    Macintosh HD (disk1s2 - Journaled HFS+) /  [Startup]: 119.17 GB (49.79 GB free)
    Recovery HD (disk1s3 - Journaled HFS+) &lt;not mounted&gt;  [Recovery]: 650 MB 

USB Information: ⓘ
USB20Bus
Apple Inc. FaceTime HD Camera (Built-in)
hub_device
JMicron USB to ATA/ATAPI bridge
MK5065GSXF disk2: (500,11 GB)
EFI (disk2s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB
TV HD (disk2s2 - ExFAT) /Volumes/TV HD : 499.76 GB (314.91 GB free)
Apple Inc. BRCM2046 Hub
Apple Inc. Bluetooth USB Host Controller
USB20Bus
hub_device
Apple, Inc. Keyboard Hub
Apple, Inc Apple Keyboard
Apple Computer, Inc. IR Receiver
Apple Card Reader

Thunderbolt Information: ⓘ
Apple Inc. thunderbolt_bus

System Software: ⓘ
macOS Sierra 10.12.6 (16G29) - Time since boot: about 9 days

Gatekeeper: ⓘ
Mac App Store and identified developers

Possible adware: ⓘ
Unknown file: ~/Library/LaunchAgents/com.iobit.MacBoosterMini5.plist
/Applications/MacBooster 5.app/Contents/Resources/MacBoosterMini.app/Contents/MacOS/MacboosterMini
One possible adware file found. [Remove/Report]

Kernel Extensions: ⓘ
/Library/Extensions
[loaded] com.malwarebytes.mbam.rtprotection (3.0 - SDK 10.12) [Lookup]
[loaded] de.rme-audio.driver.RMEFirefaceUSB (3.03 - SDK 10.11) [Lookup]

System Launch Agents: ⓘ
[not loaded] 8 Apple tasks
[loaded] 166 Apple tasks
[running] 99 Apple tasks
[killed] 9 Apple tasks
9 processes killed due to insufficient RAM

System Launch Daemons: ⓘ
[not loaded] 42 Apple tasks
[loaded] 166 Apple tasks
[running] 96 Apple tasks
[killed] 12 Apple tasks
12 processes killed due to insufficient RAM

Launch Agents: ⓘ
[running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2017-09-17) [Lookup]
[running] de.rme-audio.RMEfirefaceUSBAgent.plist (? 2aa8da5a 72c638ae - installed 2017-06-30) [Lookup]

Launch Daemons: ⓘ
[running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2017-09-17) [Lookup]
[running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2017-09-17) [Lookup]

User Launch Agents: ⓘ
[loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2017-09-04) [Lookup]
[loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2017-09-04) [Lookup]
[not loaded] com.iobit.MacBoosterMini5.plist (? 243249e e94b514c - installed 2017-09-16) [Lookup]
[running] com.spotify.webhelper.plist (Spotify - installed 2017-09-13) [Lookup]

User Login Items: ⓘ
Dropbox Programma
(/Applications/Dropbox.app)
Back-up en synchronisatie van Google Programma
(/Applications/Backup and Sync.app)
Spotify Programma - Hidden
(/Applications/Spotify.app)

Internet Plug-ins: ⓘ
FlashPlayer-10.6: 27.0.0.130 (installed 2017-09-13) [Lookup]
Flash Player: 27.0.0.130 (installed 2017-09-13) [Lookup]
QuickTime Plugin: 7.7.3 (installed 2017-09-03)

3rd Party Preference Panes: ⓘ
Flash Player (installed 2017-08-29) [Lookup]

Time Machine: ⓘ
Time Machine not configured!

Top Processes by CPU: ⓘ
12% osascript
11% launchservicesd
10% WindowServer
7% coreaudiod
3% loginwindow

Top Processes by Memory: ⓘ
915 MB kernel_task
434 MB com.apple.WebKit.WebContent
382 MB com.apple.WebKit.WebContent
382 MB Spotify Helper
164 MB launchservicesd

Top Processes by Network Use: ⓘ
Input Output Process name
4 MB 3 MB Dropbox
4 MB 2 MB mDNSResponder
151 KB 53 KB Spotify
38 KB 37 KB apsd

Top Processes by Energy Use: ⓘ
26.90 coreaudiod
25.22 SGDawNodeService
12.68 Logic Pro X
11.66 launchservicesd
8.70 WindowServer

Virtual Memory Information: ⓘ
2.22 GB Available RAM
82 MB Free RAM
5.78 GB Used RAM
2.14 GB Cached files
502 MB Swap Used

Software installs: ⓘ
The Unarchiver: 3.11.1 (installed 2017-09-04)
Fireface USB Driver: (installed 2017-09-04)
MacKeeper: (installed 2017-09-04)
MacKeeper: (installed 2017-09-04)
Malwarebytes for Mac: (installed 2017-09-08)
“Malwarebytes for Mac Uninstaller”: (installed 2017-09-08)
Malwarebytes for Mac: (installed 2017-09-13)
“Malwarebytes for Mac Uninstaller”: (installed 2017-09-13)
Adobe Flash Player: (installed 2017-09-13)
MacBooster 5: (installed 2017-09-16)
Malwarebytes for Mac: (installed 2017-09-17)

Install information may not be complete.

Diagnostics Information: ⓘ
2017-09-15 23:56:31 launchservicesd Crash [Open]
Cause: BUG IN LIBPTHREAD: Invalid thread port
2017-09-15 23:56:28 cloudphotosd.app Crash [Open]
Cause: abort() called
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
rdar://problem/28724618 Couldn’t create connection object
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECT
_RegisterApplication(), unable to get application ASN from launchservicesd, and this application requires an ASN, so aborting. error=#-1.
2017-09-15 23:56:25 TMHelperAgent.app Crash [Open]
Cause: abort() called
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECTION_INTERRUPTED).
rdar://problem/28724618 Couldn’t create connection object
<rdar://problem/28724618> Application unable to connect to launchservicesd for an unknown reason (received XPC_ERROR_CONNECT
_RegisterApplication(), unable to get application ASN from launchservicesd, and this application requires an ASN, so aborting. error=#-1.
2017-09-15 13:20:59 CCLibrary.app Crash [Open]
2017-09-08 15:03:55 Last shutdown cause: 0 - Power loss

Begin eens met het verplaatsen van:
• /Library/LaunchDaemons/com.iobit.AMCDaemon.plist
• ~/Library/LaunchAgents/com.iobit.MacBoosterMini.plist
(of bestanden die hier verdacht veel op lijken) naar de prullenbak, zonder deze te legen. Herstart daarna je Mac.

Daarnaast:
https://www.securemacos.com/remove-ssp-fwrdy-com-virus-pop-up-ads-from-apple-mac-os-x/

ennuh… Echt waar? MacKeeper? Veel succes!
https://www.macworld.com/article/2861435/software-utilities/how-to-uninstall-mackeeper-from-your-mac.html

Ow! Ouch!
Mackeeper heb ik niet bewust geïnstalleerd, die zie ik nu pas in het lijstje.
Ik ga het even allemaal proberen, dankjewel.

Mocht het niet lukken denk ik dat ik voor een clean install ga. Dan ben ik er sowieso wel vanaf :slight_smile:

(y) succes

Het zal wel zijn meegekomen met die MacBooster.
Wat is dat toch, dat vertrouwen hebben in troep gemaakt door onbekenden.