[INACTIVE] Macbook Pro Problem

I have a Macbook Pro, and it has a virus, or malware, or some malicious script that makes it go all wonky.  I've tried Malwarebytes and a number of other Mac antivirus programs to no avail.  I am a graphic artist, and one of the things it does is move the cursor independently so I cannot control it.  Sometimes if I reboot it goes away, but not always.  It also improves if I use the touchpad a little bit, but I prefer to work with a mouse.  Another thing it does is make all the windows and browsers larger, then smaller, in rapid succession, so I can't even read when it is active.  It does not happen all the time.  It usually is active upon starting up the Mac in the morning.  When I play Spotify, it sometimes enlarges the image so I cannot find anything.  It has done that with firefox and Safari too.  Sometimes if I want to make the image in the browser smaller (command scroll down) it does not allow that but instead remains full size.

Does any of this sound familiar? 

Hi @periwinkle

I have moved your threat to "Virus, Adware, & Malware Removal Help" forum. Soon as our malware remover experts login, they will check for malware infections.

 Good!

I have to leave soon and won't be back until around 4 or 5 pm pacific time.  The Mac will be on as I will leave music on for the cat.  But the screen will go dark after a while--  I hope that's not a barrier to your investigation.  Thank you so much.

No it will not.

Hello there,

This does not sound familiar to me. Although it has been quite a while for me being on the Mac, I am unsure about the root cause. I will do some looking around for a bit and should return later today at least with a solution.

---

Okay, here we are... Please download and install Sophos Antivirus Home (my usual starting recommendation)

Follow this tutorial and create a full system scan, as well as posting a screenshot of the results if possible or a logfile.

---

If this were to fail finding the threat, we still have about 10-15 more security tools we can use, so do not worry...

I'm back, in case anyone is around.  Tomorrow I'm here in the afternoon.  I right clicked on every Sophos shield I could find, but none of them gave me the option to create a special scan.  I even went into the Applications folder and doubleclicked on the shield, but nothing happened.  Neither did right clicking on it work.

Okay, so it installed? Are you able to run some kind of scan?

Dear Dr. Jay,

I right clicked on numerous shields and did not find the options to follow per your instructions.  I am using the free version.  Should I get the paid version?  Is that what the problem is?  I can run a regular scan, but not the advanced one you delineated.

[table class="event-table ng-isolate-scope"]
[tr class="row eventlist-row eventlist-row-borderless:$last} ng-scope" style=][td class="eventlist-row-content"]
PUA detected: 'Genieo' at '/Users/altheaday/.Trash/doctopdf.dmg'
threat
Jul 1, 2018 9:39:10 AM[/td]
[/tr]

[tr class="row eventlist-row eventlist-row-borderless:$last} ng-scope" style=][td class="eventlist-row-content"]
Malware cleaned up: 'Mal/Generic-S' at '/Users/altheaday/Library/Mail/V5/1501BB1D-0982-49C5-A789-BE9D9D955D93/Bulk Mail.mbox/A3A38045-640E-4DD7-9497-904A127741CB/Data/6/4/1/Attachments/146968/2/most.zip'
threat
Jul 1, 2018 9:31:39 AM[/td]
[/tr]

[tr class="row eventlist-row eventlist-row-borderless:$last} ng-scope" style=][td class="eventlist-row-content"]
Malware detected: 'Mal/Generic-S' at '/Users/altheaday/Library/Mail/V5/1501BB1D-0982-49C5-A789-BE9D9D955D93/Bulk Mail.mbox/A3A38045-640E-4DD7-9497-904A127741CB/Data/6/4/1/Attachments/146968/2/most.zip'


I don't think it cleared up the first and last threats.  Shall I purchase the software?

And the phenomena are still occurring, so the threat that was cleaned up didn't fix it. 

Okay, thanks for the update.

I apologize if the following does not work ahead of time... However, see if the solution here for this other user helps for you: https://community.sophos.com/products/free-antivirus-tools-for-desktops/f/sophos-anti-virus-for-mac-home-edition/7086/deleting-a-threat-manually---finding-the-threat

-It involves finding the "Quarantine Manager" and marking those other threats for deletion manually.

-If this fails, or you cannot do it easily, I can instruct you how to delete it manually.

Dr. Jay,

I uninstalled and then reinstalled Sophos, just to make sure.  Still won't open.

Please open Terminal (Finder > Go > Utilities > Terminal), and enter the following 2 commands, one at a time (place in the command, hit enter, then do the next command afterward):

Code: rm -f /Users/altheaday/.Trash/doctopdf.dmg

Code: rm -f /Users/altheaday/Library/Mail/V5/1501BB1D-0982-49C5-A789-BE9D9D955D93/Bulk Mail.mbox/A3A38045-640E-4DD7-9497-904A127741CB/Data/6/4/1/Attachments/146968/2/most.zip

---

Once done, please quit Terminal and Finder.

Then, press Spotlight () and search for "Activity Monitor" and open that, please, and take a screenshot of currently running apps. I would like to see the screenshot of the apps if you don't mind, or at least list the name of them. If there are too many running, then more than one screenshot may be necessary.

Okay, I did not see anything "bad" or malware on your system (but we will double check later with a different antivirus to put your mind at ease - you know, second opinion methodology).

First, I would like you to Reinstall Spotify, log in, and see if the problem is resolved. If it is not, please go to step 2 below.

---

Second, please open Terminal as you did above, and place in the following command (similar as before, hitting enter to continue):

Code: nvram ​-c

Once done, restart the Mac system immediately.

Once it has started up again, you will have to reconfigure a few system settings such as setting the time zone, setting the date and time, selecting the startup volume, and configuring any display options you wish to use. If you are having any troubles with that, please let me know and I will guide you through that. However, all of the options should be available in System Preferences (Apple).

If doing this has still not fixed the problem, then please answer questions in step 3 below, otherwise just post back and let me know progress please.

---

Okay, so step 3:

-Did you have issues before or after you installed any one of the following two apps:

Dr. Cleaner

CleanMyDrive 2


-Are you using a Apple/Mac certified mouse? Is it wired or wireless?


-What is the age of the Mac you are currently using (when did you buy it and how many times has it upgraded the operating system)?

---

Thanks for your patience... Hopefully we are getting closer to resolving this!

It's still wonky.

Okay... please answer this so it helps me help you:

Okay, so step 3:

-Did you have issues before or after you installed any one of the following two apps:

Dr. Cleaner

CleanMyDrive 2


-Are you using a Apple/Mac certified mouse? Is it wired or wireless?


-What is the age of the Mac you are currently using (when did you buy it and how many times has it upgraded the operating system)?

[adm]Due to lack of response, this topic is now closed. If you would like it reopened, PM me, a Security Officer, or another administrator. If you have a different computer other than the one above, or if you are someone else, please start a new topic.[/adm]