joe codes

x-cart guru & custom programmer

  • About
  • Archives
  • Contact

Powered by Genesis

Malware 2018

June 19, 2018 by joecodes Leave a Comment

Someone very close to me who is computer adept was tricked into downloading and running a sneaky Flash installer that actually installed malware. This exercise was a good time to review my checklist for finding and fixing this situation. I was pleasantly surprised to discover some new useful tools and updated my checklist for 2018.

Don’t think you are immune because you know more than others. If your computer is connected to the internet and you use a web browser it can happen to you, especially if you use Outlook (aka Lookout!).

My previous process was basic:

  1. Check Login Items in System Preferences.
  2. Run Lingon X to check for extra startup items.
  3. Run EtreCheck for a general report.
  4. Check browser settings, extensions, and plugins.
  5. Run Onyx to clean things up.

These are fine things to do and still not a bad recommendation, but this list doesn’t feel complete and I like to revisit older processes to see if they can be improved. I stumbled across a helpful forum post which inspired me to make a new checklist.

Disconnect

If you think you just installed something bad, turn off your internet. If you are connected to WiFi, turn it off, unplug your ethernet cable, however you are connected. This stops anything installed from doing any more harm over the internet.

Quit

Quit all of your open apps (especially web browsers). If any of these apps are infected this will help stop them from running whatever bad code may have been installed into them.

Backup

Your files on your computer may be infected or you may remove important files during this process. If you haven’t already, now would be a good time to backup your important stuff. I use Time Machine and Backblaze for a dual local/remote always-on backup strategy.

System Preferences

In System Preferences, Users and Groups > Login Items is still something to check. If you are unsure about something in that list use a web browser to do some digging, but wait and come back to this step after doing the other cleanup items below.

Profiles. This icon will usually not be present, but if it is, check to see if an odd profile is installed. Check its info for some common malware keywords. Here are some we discovered this time around: mymacupdater, myshopcoupon, and mackeeper.

CCleaner

Get CCleaner and run the default set of Cleaning items. Then check Tools > Startup for any new startup items. This seems like a good replacement for Lingon X mentioned earlier. Then check Tools > Uninstall to find extra apps like Mackeeper. This can also be handy to uninstall old apps you haven’t used in a long time.

While CCleaner does just fine with its basic cleaning for the purpose of this post, consider later running Onyx for deeper cleaning options.

Malwarebytes

Get Malwarebytes and run it. The free version does the basic job we need. It focuses on finding malware and did great when I tested it. I found the real-time protection was using a constant 10% cpu so that feature is now disabled.

Browser Settings

Now is when I would fire up your web browsers (check them all if you use more than one). Look in Preferences for startup page, plugins, and extensions. This is also a good time to get rid of any plugins or extensions you no longer use.

EtreCheck

I still like the report EtreCheck runs. While the previous steps should have already found anything really bad, this report might find something else or at least show some things you may not know about.

Avast

Get Avast and run it. During the install you can optionally install their VPN and password manager. I already use and highly recommend Encrypt.me for our VPN needs, and use the built-in keychain for managing passwords so I skipped these items. After installing I had to find it in the menu bar. This will take a long time to scan your computer but it does a very thorough check. It will find some of the items already found earlier that might have been quarantined or moved to the trash. It also helped scan Time Machine backups and remove those backed up bad files, along with all of those pesky bad email attachments. So I think it would be good to run through these steps if you ever restore from a backup.

 

You may want to restart after each of the above steps if you found anything along the way. This makes sure something you may have removed or disabled is quit and no longer loaded and running.

Even if you don’t suspect a problem now, it’s not a bad idea to go through these steps so you are familiar with the process and so that you already have some of these tools at the ready. Malwarebytes and Avast can also run in the background (their default setting) to provide some preventive measures to help avoid this situation in the first place.

While tools like Malwarebytes and Avast are very helpful, they also make money using FUD so be careful not to be swayed too hard by their own ads for protecting you and your family, which is a little ironic. macOS is already very good about malware and security so do some research on these tools before paying for their extra services.

Startup Items Extra Note

A final note that you can skip as it’s a bit more technical and not at all necessary. It’s great that Malwarebytes and Avast can continue to monitor things for you. This means they always start automatically and run in the background when you restart. By all means keep using them; a set-it-and-forget-it which is great. However, for me personally, I like to know what is running automatically and have control over this process. I wanted to see what each of these automatically started and how to control this behavior. Spoiler: they are both disappointing.

Malwarebytes

I Turned off all automatic settings and removed it from the menu bar, but it still starts Malware Bytes agent while not appearing in Login Items. Deactivating its free trial didn’t help. You must use CCleaner > Tools > Startup to find and disable it. You don’t need to restart and you can see it disappear in Activity Monitor. It seems to work fine after disabling the startup item. I could find nothing in their documentation about these automatic agents.

Avast

I found six different tasks automatically start. Even with all Shields off and all settings adjusted, they still run. They could only be disabled one-by-one in CCleaner. If one doesn’t disable, use Remove. I could find nothing in their documentation about these automatic agents. It seems to run fine after disabling them.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to email this to a friend (Opens in new window)

Related

Filed Under: Programming Tagged With: Apple, security

Leave a Reply Cancel reply

You must be logged in to post a comment.

Quick Thoughts

  • I was surprised to learn that foreach in JavaScript does not have a traditional break. The loop will run to completion.

  • Who knew that combination sums across all permutation lengths of an array would be so difficult? It was a challenge but the final product looks good and takes a lot of resources. Limiting the max length for basic memory limits. Would only do something like this for occasional reporting.

  • Working on a new project that can have hundreds of forms on a page. The browser was spending way too much time in Parse HTML. Wasted a bunch of time before learning this is a long-standing bug in Chrome when there are many forms or inputs. Other browsers are fine.

Recent Posts

  • MacBook External DVD Player
  • Progressive Enhancement
  • Keychain Password Search
  • Smarty preg_match
  • iPhone Plus Experiment

Tag Cloud

Apple JavaScript Mason Perl PHP security simple Smarty speed stability Tax WWDC X-Cart

Search

Subscribe

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Recent Comments

  • Bad App Alert on Startup Item Help
  • iPhone Pre-Order Needs to Change on iPhone Pre-Order Warning
  • Apple vs Pro on My Personal Three S’s of Development
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.