Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Having similar avledn.in malware problems on chrome

chrome osx malware avledn mac

  • Please log in to reply

#1
quickasfoxes

quickasfoxes

    New Member

  • Member
  • Pip
  • 8 posts

Hi there,

For the past 3-4 weeks, I've been having malware problems with chrome on my Mac running OS X. Neither AdwareMedic nor Sophos has been able to identify it. I hadn't been able to find anything on a general google search until this post showed up a couple days ago! It appears nearly identically to this user's experience, especially in that it starts a new tab and then reroutes through the avledn.in site before sending me to any number of different websites. I cannot predict which sites will cause the new, popup tab and rerouting.

 

I would have replied to his thread but am told I do not have permission.

 

What can I run on my computer to give you all adequate information to help diagnose and fix the problem?

 

Thank you in advance!


  • 0

Advertisements


#2
quickasfoxes

quickasfoxes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

help?


  • 0

#3
aido

aido

    Member

  • Member
  • PipPip
  • 49 posts

Hello @quickasfoxes,

 

 

Step 1 - Google Chrome

 

1. If you have store Favorites in Chrome that you will retain it, export them to your favorite location.

2.  Search in Google Chrome for unknown PlugIns and Extensions and delete it. If you use the Google Sync-Server don't deactivate it until you have delete all unknown entries.

3.  Click on the Finder and hit the keys Command-Shift-G.  Insert the following LIne with Copy and Paste on it.

~/Library/Application Support/Google/Chrome/

4. Search for the Default - Folder and rename it or move it to your Desktop. This will Clean Up all your settings!

5. Futher solution if the above step not help, how to reset google chrome

 

 

Step 2 - Take a Snapshot

 

1. Please Start AdwareMedic again and choose from the Menu Scanner the Command Take System Snapshot.

2. Copy the results to Clipboard and Paste it here in Code - Tags.

 

Step 3 - Terminal

 

1. Open the Terminal Guide: How to Use the Terminal

2. Open Text Edit as follows: Hit Command - Space to Open Spotlight. Type TextEdit to Open it and hit Command - N for a new Document if TextEdit don't open it automatically.

3. The following Terminal Commands (A - E) in the Code-Box should executed Line by Line. Triple Click on it and Copy every Line, Paste it in the Terminal and hit Enter. Copy and Paste every result from Terminal in the new created TextEdit-Document below the other Lines. For some executed Lines you need your Password.

    A.  

kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

   B.

sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'

   C.

launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

   D.

ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null

   E.

osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

4. If all done, Copy the whole content of TextEdit and Paste it here the thread.

 

 


  • 0

#4
quickasfoxes

quickasfoxes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
AdwareMedic 2.2.2 system report - Monday, May 11, 2015 @ 10:38:07 AM
Mac OS X version 10.10.3
10:38  up 18 days, 20:37, 1 user, load averages: 3.01 3.76 3.47

Safari extensions
---------------
/Users/brianchristie/Library/Safari/Extensions/Adblock Plus.safariextz
     Name: Adblock Plus
     Modified: Monday, April 13, 2015 @ 3:32:48 PM
/Users/brianchristie/Library/Safari/Extensions/DivXHTML5.safariextz
     Name: DivX Plus Web Player HTML5 <video>
     Modified: Monday, September 10, 2012 @ 7:58:47 AM
/Users/brianchristie/Library/Safari/Extensions/InvisibleHand-2.safariextz
     Name: InvisibleHand
     Modified: Friday, October 31, 2014 @ 6:24:47 PM
/Users/brianchristie/Library/Safari/Extensions/LastPass-2.safariextz
     Name: LastPass
     Modified: Monday, April 13, 2015 @ 3:32:49 PM

Chrome extensions
---------------
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/aciahcmjmecflokailenpkdchphgkefd
     Name: Entanglement Web App
     Modified: Sunday, September 8, 2013 @ 10:57:05 AM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/adpkifcfcacgmnggcbpbjbkdijciiigm
     Name: Bejeweled
     Modified: Thursday, November 8, 2012 @ 7:05:40 AM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/ajiijeebjcmkhdplmollbjpljcnelfhn
     Name: Aviary Audio Editor
     Modified: Thursday, May 31, 2012 @ 1:32:45 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/akfnkdbpccapkganipclkhgppknhjlee
     Name: Mojito - Mint with a kick...
     Modified: Thursday, May 7, 2015 @ 7:28:37 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/aknpkdffaafgjchaibgeefbgmgeghloj
     Name: Angry Birds
     Modified: Sunday, December 14, 2014 @ 3:24:36 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/anelkojiepicmcldgnmkplocifmegpfj
     Name: From Dust
     Modified: Thursday, November 8, 2012 @ 7:05:41 AM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/bmnlcjabgnpnenekpadlanbbkooimhnj
     Name: Honey
     Modified: Thursday, May 7, 2015 @ 7:28:37 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/boadgeojelhgndaghljhdicfkmllpafd
     Name: Google Cast
     Modified: Thursday, May 7, 2015 @ 7:28:37 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/cbbcjdgnojllekdcnkodfikfnejfjlio
     Name: Yoko Platform Game
     Modified: Tuesday, June 4, 2013 @ 9:19:26 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/cfhdojbkjhnklbpkdaibdccddilifddb
     Name: Adblock Plus
     Modified: Wednesday, March 11, 2015 @ 5:30:05 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/cnkjkdjlofllcpbemipjbcpfnglbgieh
     Name: Spotify - Music for every moment
     Modified: Wednesday, May 8, 2013 @ 8:29:32 AM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/coklmhenlflodohnnhmebjjoadimjmlm
     Name: Aviary Vector Editor
     Modified: Thursday, May 31, 2012 @ 1:32:44 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/dafkakmjmhfnnfclmjdfpnbmdeddkoeo
     Name: Aviary Image Editor
     Modified: Thursday, May 31, 2012 @ 1:32:45 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/deceagebecbceejblnlcjooeohmmeldh
     Name: Netflix
     Modified: Tuesday, March 31, 2015 @ 3:43:32 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/dllkocilcinkggkchnjgegijklcililc
     Name: Google News
     Modified: Friday, March 6, 2015 @ 10:36:48 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/dpdmhfocilnekecfjgimjdeckachfbec
     Name: Dropbox for Gmail (Beta)
     Modified: Thursday, May 7, 2015 @ 7:28:37 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/ejepbkjeppcgfmjnhceoliiagodinled
     Name: 3D Street Runner
     Modified: Thursday, November 8, 2012 @ 7:05:39 AM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/ejidjjhkpiempkbhmpbfngldlkglhimk
     Name: Gmail Offline
     Modified: Thursday, August 15, 2013 @ 6:44:15 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/ejkjjleifeeaccajkekdcckflfpenoen
     Name: Add to Feedly™
     Modified: Tuesday, April 8, 2014 @ 8:14:26 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/fbangkleohkafngihneedemihgfeikcl
     Name: Pandora
     Modified: Friday, November 2, 2012 @ 12:23:23 AM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/fjinggjjjcdolmgegjcdimhnmjffgfik
     Name: Aviary Markup Editor
     Modified: Thursday, May 31, 2012 @ 1:32:44 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/gcbommkclmclpchllfjekcdonpmejbdp
     Name: HTTPS Everywhere
     Modified: Thursday, May 7, 2015 @ 7:28:37 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/gmlllbghnfkpflemihljekbapjopfjik
     Name: Bookmark Manager
     Modified: Thursday, May 7, 2015 @ 7:28:37 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/gndgglaokdcehgidecngoahldebkmkpf
     Name: Bubble Shooter -HD
     Modified: Thursday, November 8, 2012 @ 7:05:40 AM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/goblijolcnempeilmnkmfbhohlpngemd
     Name: DocuSign - Sign Documents for Free
     Modified: Sunday, December 14, 2014 @ 3:24:37 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/haiffjcadagjlijoggckpgfnoeiflnem
     Name: Citrix Receiver
     Modified: Tuesday, March 31, 2015 @ 3:43:32 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/hdokiejnpimakedhajhdlcegeplioahd
     Name: LastPass: Free Password Manager
     Modified: Monday, April 20, 2015 @ 5:49:35 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/hompjdfbfmmmgflfjdlnkohcplmboaeo
     Name: Allow Right-Click
     Modified: Tuesday, July 22, 2014 @ 8:38:14 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/ihbmdfdhanakpfoiaomnelodiejioflb
     Name: Battlestar Galactica Online
     Modified: Friday, February 27, 2015 @ 6:53:45 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/ijanohecbcpdgnpiabdfehfjgcapepbm
     Name: Netflix Enhancer - Old
     Modified: Thursday, May 7, 2015 @ 7:28:37 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/ioekoebejdcmnlefjiknokhhafglcjdl
     Name: Dropbox
     Modified: Sunday, January 11, 2015 @ 5:51:19 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/jeabbdefhlelidlhahnfpbllaomkioke
     Name: Hipmunk
     Modified: Thursday, May 31, 2012 @ 1:32:44 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/jpfpebmajhhopeonhlcgidhclcccjcik
     Name: Speed Dial 2
     Modified: Monday, April 20, 2015 @ 5:49:35 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/kajjckmbclbffbpecfbiecehkfgopppd
     Name: HelloSign: Online signatures made easy
     Modified: Friday, February 27, 2015 @ 6:53:45 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/kfjoocpipbbafoimjgbkmfnjcjejdbjo
     Name: Simplenote
     Modified: Friday, November 2, 2012 @ 12:08:26 AM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/lbfehkoinhhcknnbdgnnmjhiladcgbol
     Name: Evernote Web
     Modified: Tuesday, April 8, 2014 @ 8:14:28 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg
     Name: Chrome Hotword Shared Module
     Modified: Friday, March 6, 2015 @ 10:36:25 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/ldjdhmenakdgnabjanjbachbihbgnjfc
     Name: HBO GO
     Modified: Monday, November 12, 2012 @ 3:50:35 AM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/lghjfnfolmcikomdjmoiemllfnlmmoko
     Name: InvisibleHand
     Modified: Sunday, January 11, 2015 @ 5:51:19 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/loljledaigphbcpfhfmgopdkppkifgno
     Name: Lazarus: Form Recovery
     Modified: Wednesday, October 15, 2014 @ 3:52:39 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/mcbkbpnkkkipelfledbfocopglifcfmi
     Name: Poppit!
     Modified: Tuesday, July 22, 2014 @ 8:38:14 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/ncjjeokpcnllmmbbipeaagmdpdpiadin
     Name: Dark Horizon
     Modified: Thursday, May 31, 2012 @ 1:32:44 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/nffchahhjecejoiigmnhhicpoabngedk
     Name: OneDrive
     Modified: Tuesday, April 8, 2014 @ 8:14:28 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/ocaebkdojpikfmhmnekiflipcicedobi
     Name: imo free video calls and text
     Modified: Tuesday, April 8, 2014 @ 8:14:28 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/oijfbknbncemokdnlboeabbcfhobechi
     Name: Mini Ninjas
     Modified: Thursday, July 4, 2013 @ 8:20:03 AM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/oknpjjbmpnndlpmnhmekjpocelpnlfdi
     Name: Readability
     Modified: Tuesday, April 8, 2014 @ 8:14:28 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/onmcdiilacdmbmeimljopoipdmjhbajo
     Name: Bejeweled 3
     Modified: Thursday, November 8, 2012 @ 7:05:39 AM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/pjjhlfkghdhmijklfnahfkpgmhcmfgcm
     Name: Google Reader
     Modified: Saturday, October 13, 2012 @ 7:47:52 AM
/Users/brianchristie/Library/Application Support/Google/Chrome/Default/Extensions/pnengefjfhgcceajaepbjhanoojifmog
     Name: Writer
     Modified: Tuesday, April 8, 2014 @ 8:14:28 PM
/Users/brianchristie/Library/Application Support/Google/Chrome/External Extensions/apdfllckaahabafndbhieahigkjlhalf.json
     Name: [error finding localized extension name: JSONException, error 1 : Parse Error: Expecting '{' or '[']
     Modified: Wednesday, May 8, 2013 @ 5:06:42 AM
/Users/brianchristie/Library/Application Support/Google/Chrome/External Extensions/lmjegmlicamnimmfhcmpkclmigmmcbeh.json
     Name: [Unknown error extracting extension in CChromeExtension.GetNameFromCRX]
     Modified: Friday, November 7, 2014 @ 5:12:45 AM

Firefox extensions
---------------
/Library/Application Support/Mozilla/Extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/{23fcfd51-4958-4f00-80a3-ae97e717ed8b}
     Name: DivX Plus Web Player HTML5 <video>
     Modified: Monday, September 10, 2012 @ 7:58:59 AM
/Users/brianchristie/Library/Application Support/Firefox/Profiles/dc7hspqj.default/extensions/support@lastpass.com
     Name: [name not found in install.rdf]
     Modified: Monday, December 23, 2013 @ 7:59:20 PM
/Users/brianchristie/Library/Application Support/Firefox/Profiles/dc7hspqj.default/extensions/{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
     Name: Greasemonkey
     Modified: Tuesday, March 5, 2013 @ 7:55:15 PM

Login items
---------------
Flux, Flux, Flux, Flux, Spot Remote Server, FormatMatch, Day One Agent, ScreenSync, FormatMatch, BetterTouchTool, Last.fm, Cloud, GrowlTunes, Day-O, Fantastical, ODAT Tracker, Google Drive, Cloak, CrashPlan, DashExpander, Dropbox, CrashPlan menu bar, Plex Media Server, Caffeine, Degrees, Google Chrome, CrashPlan menu bar, Fitbit Connect Menubar Helper, Dropbox, Spotify, Alfred 2, InfiniteHD, HPEventHandler

Startup items
---------------
total 0
drwxr-xr-x  5 root  wheel  170 Feb  4  2011 ArcanaStartupSound
drwxr-xr-x  4 root  wheel  136 Oct 16  2011 DynDNSUpdater
drwxr-xr-x  4 root  wheel  136 Sep 15  2010 MATLABLmgr
drwxr-xr-x  5 root  wheel  170 Aug 11  2011 VirtualBox

System startup items
---------------
None

User launch agents
---------------
total 96
-rw-r--r--  1 brianchristie  staff   697 Jun 19  2012 com.adobe.AAM.Updater-1.0.plist
-rw-r--r--  1 brianchristie  staff   603 Mar  2 19:40 com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist
-rw-r--r--  1 brianchristie  staff   627 Nov 19 06:03 com.akamai.single-user-client.plist
-rw-r--r--  1 brianchristie  staff   490 Nov  6  2013 com.amazon.cloud-player.plist
-rw-r--r--  1 brianchristie  staff   916 Mar  4  2011 com.apple.CSConfigDotMacCert-brian.m.christie@me.com-SharedServices.Agent.plist
-rw-r--r--  1 root           staff   695 Sep 10  2012 com.divx.agent.postinstall.plist
-rw-r--r--  1 brianchristie  staff   563 Apr  8 14:23 com.dtv.vgconnect.plist
-rw-r--r--  1 brianchristie  staff   570 May  3 15:10 com.dtv.vgconnect.uninstall.plist
-rw-r--r--@ 1 brianchristie  staff  1143 Apr 22 18:12 com.google.Chrome.framework.plist
-rw-r--r--@ 1 brianchristie  staff   540 May  8 19:32 com.spotify.webhelper.plist
-rw-r--r--  1 brianchristie  staff   785 Nov  8  2014 com.valvesoftware.steamclean.plist
-rw-r--r--  1 brianchristie  staff   677 Aug 11  2011 org.virtualbox.vboxwebsrv.plist

System launch agents
---------------
total 56
-rw-r--r--  1 root  wheel  612 Mar  5  2012 com.adobe.AAM.Updater-1.0.plist
-rw-r--r--  1 root  wheel  520 Nov 21  2011 com.bitcasa.BitcasaUI.plist
-rw-r--r--@ 1 root  wheel  792 Oct  8  2014 com.google.keystone.agent.plist
-rw-r--r--  1 root  admin  605 Jul 28  2009 com.hp.help.tocgenerator.plist
-rw-r--r--  1 root  admin  435 Jan 24  2014 com.sony.WirelessAutoImportLauncher.agent.plist
-r--r--r--  1 root  wheel  563 Oct 16  2014 com.sophos.uiserver.plist
-rw-r--r--  1 root  wheel  508 Jul 14  2011 net.culater.SIMBL.Agent.plist

System launch daemons
---------------
total 72
-rw-r--r--  1 root  wheel   634 Mar  5  2012 com.adobe.SwitchBoard.plist
-rw-r--r--  1 root  wheel   462 Apr 11 21:50 com.adobe.fpsaud.plist
-rw-r--r--  1 root  wheel   600 Nov 21  2011 com.bitcasa.BitcasaUpdateCheck.plist
-rw-r--r--  1 root  wheel  1693 Jan  8 13:58 com.crashplan.engine.plist
-rw-r--r--  1 root  wheel   689 Mar 12  2012 com.edovia.screensconnect.daemon.plist
-rw-r--r--  1 root  wheel  1161 Oct 22  2013 com.fitbit.galileod.plist
-rw-r--r--@ 1 root  wheel   818 Oct  8  2014 com.google.keystone.daemon.plist
-rw-r--r--  1 root  wheel   568 Aug 25  2010 com.microsoft.office.licensing.helper.plist
-r--r--r--  1 root  wheel   560 Oct 16  2014 com.sophos.common.servicemanager.plist

Third-party kernel extensions
---------------
com.globaldelight.driver.BoomDevice (1.1) <66 5 4 3 1>
com.Cycling74.driver.Soundflower (1.5.1) <66 5 4 3>
com.sophos.nke.swi (9.2.50) <4 3 1>
org.virtualbox.kext.VBoxDrv (4.0.12) <7 5 4 3 1>
org.virtualbox.kext.VBoxUSB (4.0.12) <95 94 38 7 5 4 3 1>
com.sophos.kext.sav (9.2.50) <5 4 1>

User cron tasks
---------------
None

Root cron tasks
---------------
*/20 * * * * /usr/share/prey/prey.sh > /var/log/prey.log

launchd.conf contents
---------------
None

DNS settings
---------------
Server:		8.8.8.8

Hosts file
---------------
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
127.0.0.1	localhost
255.255.255.255	broadcasthost
::1             localhost 
fe80::1%lo0	localhost

Scan log
---------------
2014-12-13 10:04:23: ----- Scan Started -----
2014-12-13 10:04:23: Scanning with signatures version 39
2014-12-13 10:05:37: No adware found
2014-12-13 10:05:37: ----- Scan Ended -----
2015-02-08 16:49:28: ----- Scan Started -----
2015-02-08 16:49:28: Scanning with signatures version 50
2015-02-08 16:50:13: No adware found
2015-02-08 16:50:13: ----- Scan Ended -----
2015-02-25 17:44:48: ----- Scan Started -----
2015-02-25 17:44:48: Scanning with signatures version 52
2015-02-25 17:45:46: No adware found
2015-02-25 17:45:46: ----- Scan Ended -----
2015-03-29 20:40:57: ----- Scan Started -----
2015-03-29 20:40:57: Scanning with signatures version 59
2015-03-29 20:51:44: No adware found
2015-03-29 20:51:44: ----- Scan Ended -----
2015-05-03 14:57:36: ----- Scan Started -----
2015-05-03 14:57:36: Scanning with signatures version 63
2015-05-03 14:58:35: No adware found
2015-05-03 14:58:35: ----- Scan Ended -----


  • 0

#5
quickasfoxes

quickasfoxes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thank you so much! In terms of step 3, I have opened terminal, but each of the first events gives a "Event not found." message after I copy and paste. 


  • 0

#6
aido

aido

    Member

  • Member
  • PipPip
  • 49 posts

1. You don't  follow  my instructions in Step 1. You have not resetting Google Chrome. If you not want it, try this: Backup (export) all your bookmarks. Disable all extension and Plugins except the following below:

Adblock Plus
Spotify - Music for every moment
HTTPS Everywhere
Bookmark Manager
LastPass: Free Password Manager
Google Reader
 

Shut down and start Google Chrome. Check if the problem exists. If not, enable some extension (not more than 3) until you got the problem (you must Quit and Start Google Chrome several times). On this way you can find the problematic extension. NOTE: You have really REALLY a lot of extensions. Are you not wonder why sometimes Google Chrome slow down?

 

2. Remove the following extension from your Google Chrome Folder. (NOTE: Google Chrome must shut down before you delete it)

    a. Go to Finder Menu GO and move to the Command Go to Folder... 

    b. Copy the following Line and insert it to Finders Window and hit Enter. Move the Item marked in bold to the trash. 

/Users/brianchristie/Library/Application Support/Google/Chrome/External Extensions/

Delete this...

lmjegmlicamnimmfhcmpkclmigmmcbeh.json

Tell me please if you solved this problem at this way.

 

 

2. They are many Login Items (some doubly) that start automatically and running in background if you logged in. Do you need really all Items?

Login items
---------------
Flux, Flux, Flux, Flux, Spot Remote Server, FormatMatch, Day One Agent, ScreenSync, FormatMatch, BetterTouchTool, Last.fm, Cloud, GrowlTunes, Day-O, Fantastical, ODAT Tracker, Google Drive, Cloak, CrashPlan, DashExpander, Dropbox, CrashPlan menu bar, Plex Media Server, Caffeine, Degrees, Google Chrome, CrashPlan menu bar, Fitbit Connect Menubar Helper, Dropbox, Spotify, Alfred 2, InfiniteHD, HPEventHandler

Remove all items except the following:

Fantastical
Spotify

3. Uninstall Sophos if extsts an unistaller for it. See this Instructions: https://www.sophos.c...ase/121206.aspx

 

Restart you mac.

Tell me please if any problem solved (or not). If you have at this time no questions, we are going to return the next step. I wait for your answer... :)


Edited by aido, 11 May 2015 - 02:43 PM.

  • 0

#7
quickasfoxes

quickasfoxes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

1) Hm. I don't actually see all of those extensions in my currently running google chrome. All I have on chrome://extensions/ is:

Adblock

Allow Right Click

Citrix Receiver

Dropbox for Gmail

Google Cast

HBO GO

Honey

HTTPS Everywhere

Invisible Hand

Lastpass

Lazarus

Mojito

Netflix Enhancer

Readability

Speed Dial 2

 

Those other ones don't show up in chrome://extensions/. How can I remove them?

 

I will go through extensions as you suggested.

 

2). I just cleaned up my login items. Hopefully that will help.


  • 0

#8
aido

aido

    Member

  • Member
  • PipPip
  • 49 posts

Possible that you have start AdwareMedic before cleaning google chrome? :)

 

Tell me please if you ready to continue we are not ready.


  • 0






Similar Topics


Also tagged with one or more of these keywords: chrome, osx, malware, avledn, mac

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP