Is the Mac really safe? Malicious plug-in removal note

Source: Internet
Author: User

Write in front

According to the tonymacx86 on the matching black Apple, at home also have family use, mainly is up and down QQ, see video, listen to music. A few days ago with chrome found that each page opened or refreshed after the click will open or an ad page, at first thought it was the operator, but did not hit the embedded code. Tangled n Long.


Process logging

ls/library/application\ support/

A suspicious directory was found in the directory 23b523c2bf11af4e

And then sweep it all down.

Find/| grep 23b523c2bf11af4e  

Found a couple of suspicious places.

/Library/Application support/23b523c2bf11af4e **********************

/library/launchagents/com.23b523c2bf11af4e.agent.plist *****************************

/library/launchdaemons/com.23b523c2bf11af4e.daemon.plist ****************************

/library/launchdaemons/com.23b523c2bf11af4e.helper.plist ***********************

These papers look at the names and they probably know what they mean.


See The 23B523C2BF11AF4E directory there's a Agen program so

Ps-ef | grep Agen

0 71 1 0 11:29 morning?? 0:00.04/library/application Support/23b523c2bf11af4e/agent/agent.app/contents/macos/agent-helper

501 306 1 0 11:31 morning?? 0:02.65/usr/sbin/distnoted Agent

501 308 1 0 11:31 morning?? 0:02.12/USR/SBIN/CFPREFSD Agent

501 429 1 0 11:32 morning?? 0:00.16/library/application support/23b523c2bf11af4e/agent/agent.app/contents/macos/agent

89 468 1 0 11:32 morning?? 0:00.01/usr/sbin/distnoted Agent


The distnoted agent and the CFPREFSD agent don't know what's been killed.

Look at this, and I probably know what it is.


Be decisive to keep one copy of these documents and then delete them decisively. After the reboot, it's all right. But still know this east is how to get up, may be installed in which package comes with??? But installed to a common software, also can only hehe.


Hope for everyone to help, interested in studying the program is what the case can be private messages me.






Is the Mac really safe? Malicious plug-in removal note

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.