Write in front
According to the tonymacx86 on the matching black Apple, at home also have family use, mainly is up and down QQ, see video, listen to music. A few days ago with chrome found that each page opened or refreshed after the click will open or an ad page, at first thought it was the operator, but did not hit the embedded code. Tangled n Long.
Process logging
ls/library/application\ support/
A suspicious directory was found in the directory 23b523c2bf11af4e
And then sweep it all down.
Find/| grep 23b523c2bf11af4e
Found a couple of suspicious places.
/Library/Application support/23b523c2bf11af4e **********************
/library/launchagents/com.23b523c2bf11af4e.agent.plist *****************************
/library/launchdaemons/com.23b523c2bf11af4e.daemon.plist ****************************
/library/launchdaemons/com.23b523c2bf11af4e.helper.plist ***********************
These papers look at the names and they probably know what they mean.
See The 23B523C2BF11AF4E directory there's a Agen program so
Ps-ef | grep Agen
0 71 1 0 11:29 morning?? 0:00.04/library/application Support/23b523c2bf11af4e/agent/agent.app/contents/macos/agent-helper
501 306 1 0 11:31 morning?? 0:02.65/usr/sbin/distnoted Agent
501 308 1 0 11:31 morning?? 0:02.12/USR/SBIN/CFPREFSD Agent
501 429 1 0 11:32 morning?? 0:00.16/library/application support/23b523c2bf11af4e/agent/agent.app/contents/macos/agent
89 468 1 0 11:32 morning?? 0:00.01/usr/sbin/distnoted Agent
The distnoted agent and the CFPREFSD agent don't know what's been killed.
Look at this, and I probably know what it is.
Be decisive to keep one copy of these documents and then delete them decisively. After the reboot, it's all right. But still know this east is how to get up, may be installed in which package comes with??? But installed to a common software, also can only hehe.
Hope for everyone to help, interested in studying the program is what the case can be private messages me.
Is the Mac really safe? Malicious plug-in removal note