Malware mit Verweis auf Avira…

[ostwind]

Hallo zusammen,

jetzt hab' ich mir wohl echt so ein komisches Ding eingefangen (… das 'Malwarebytes' nicht findet)

So und ähnlich, alle paar Minuten.
Wenn ich schnell genug bin, komm' ich auf diese Seite:

Mit etrecheck find' ich auch nichts verdächtiges.
wie werd' ich das Ding wieder los?

EtreCheckPro version: 6.7.3 (67033)
Report generated: 2023-09-04 20:40:27
Download EtreCheckPro from https://etrecheck.com
Runtime: 3:24
Performance: Excellent

Problem: Other problem
Description:
malware

Major Issues:
  Anything that appears on this list needs immediate attention.
  Unsigned files - There are unsigned software files installed that could be malicious and should be reviewed.

Minor Issues:
  These issues do not need immediate attention but they may indicate future problems or opportunities for improvement.
  Heavy RAM usage - Apps are using a large amount of RAM.
  Unsigned files - There are unsigned software files installed. These files could be old, incompatible, and cause problems. They should be reviewed.
  System modifications - There are a large number of system modifications running in the background.
  x86-only Apps - This computer has x86-only apps might not work on future versions of the operating system.
  Kernel extensions present - This computer has kernel extensions that may not work in the future.
  Sharing enabled - This computer has sharing services enabled that could be a security risk.

Hardware Information:
  iMac (Retina 5K, 27-inch, 2017)
    Status: Supported
  iMac Model: iMac18,3
  3,4 GHz Quad-Core Intel Core i5 (i5-7500) CPU: 4-core
  16 GB RAM - Upgradeable
    BANK 0/DIMM0 - 4 GB DDR4 SO-DIMM 2400 
    BANK 0/DIMM1 - 4 GB DDR4 SO-DIMM 2400 
    BANK 1/DIMM0 - 4 GB DDR4 SO-DIMM 2400 
    BANK 1/DIMM1 - 4 GB DDR4 SO-DIMM 2400 

Video Information:
  Radeon Pro 570 - VRAM: 4 GB
    iMac (built-in) 5120 x 2880

Drives:
  disk0 - APPLE HDD ST1000DM003 1.00 TB (Mechanical - 7200 RPM)
  Internal SATA 6 Gigabit Serial ATA
    disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
    disk0s2 [APFS Fusion Drive] 1000.00 GB
      disk2 [APFS Virtual drive] 1.03 TB (Shared by 6 volumes)
        disk2s1 - M******************n (APFS) [APFS Virtual drive] (960.92 GB used)
        disk2s2 - Preboot (APFS) [APFS Preboot] (3.55 GB used)
        disk2s3 - Recovery (APFS) [Recovery] (1.15 GB used)
        disk2s4 (APFS) [APFS Container] (11.82 GB used)
          disk2s4s1 - Macintosh HD (APFS) [APFS Snapshot] (11.82 GB used)
        disk2s5 - VM (APFS) [APFS VM] (1 MB used)
        disk2s6 - Update (APFS) (81 MB used)

  disk1 - APPLE SSD SM0032L 28.00 GB (Solid State - TRIM: Yes)
  Internal PCI-Express 8.0 GT/s x2 NVM Express
    disk1s1 - EFI [EFI] 315 MB
    disk1s2 [APFS Fusion Drive] 27.69 GB
      disk2 [APFS Virtual drive] 1.03 TB (Shared by 6 volumes)
        disk2s1 - M******************n (APFS) [APFS Virtual drive] (960.92 GB used)
        disk2s2 - Preboot (APFS) [APFS Preboot] (3.55 GB used)
        disk2s3 - Recovery (APFS) [Recovery] (1.15 GB used)
        disk2s4 (APFS) [APFS Container] (11.82 GB used)
          disk2s4s1 - Macintosh HD (APFS) [APFS Snapshot] (11.82 GB used)
        disk2s5 - VM (APFS) [APFS VM] (1 MB used)
        disk2s6 - Update (APFS) (81 MB used)

  disk3 - WD Elements 10B8 1.00 TB
  External USB 5 Gbit/s USB
    disk3s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
    disk3s2 [APFS Container] 999.83 GB
      disk4 [APFS Virtual drive] 999.83 GB (Shared by 1 volumes)
        disk4s1 -    (APFS) (926.43 GB used)

Mounted Volumes:
  disk2s1 - M******************n [APFS Virtual drive]
    Filesystem: APFS
    Mount point: /System/Volumes/Data
    Fusion drive
    Used: 960.92 GB
    Shared values
      Size: 1.03 TB
      Free: 45.64 GB
      Available: 74.38 GB

  disk2s2 - Preboot [APFS Preboot]
    Filesystem: APFS
    Mount point: /System/Volumes/Preboot
    Fusion drive
    Used: 3.55 GB
    Shared values
      Size: 1.03 TB
      Free: 45.64 GB

  disk2s4 [APFS Container]
    Filesystem: APFS
    Mount point: /System/Volumes/Update/mnt1
    Fusion drive
    Used: 11.82 GB
    Shared values
      Size: 1.03 TB
      Free: 45.64 GB

  disk2s4s1 - Macintosh HD [APFS Snapshot]
    Filesystem: APFS
    Mount point: /
    Fusion drive
    Read-only: Yes
    Used: 11.82 GB
    Shared values
      Size: 1.03 TB
      Free: 45.64 GB
      Available: 74.38 GB

  disk2s5 - VM [APFS VM]
    Filesystem: APFS
    Mount point: /System/Volumes/VM
    Fusion drive
    Used: 1 MB
    Shared values
      Size: 1.03 TB
      Free: 45.64 GB

  disk2s6 - Update
    Filesystem: APFS
    Mount point: /System/Volumes/Update
    Fusion drive
    Used: 81 MB
    Shared values
      Size: 1.03 TB
      Free: 45.64 GB

  disk4s1 -   
    Filesystem: APFS
    Mount point: /Volumes/
    Used: 926.43 GB
    Shared values
      Size: 999.83 GB
      Free: 73.19 GB

Network:
  Interface en0: Ethernet
  Interface en1: Wi-Fi
    802.11 a/b/g/n/ac
  Interface en3: Thunderbolt 13
  Interface bridge0: Thunderbolt Bridge
  Interface en4: iPhone

  Remote login: Enabled

 

[ostwind]

Teil 2:

System Software:
  macOS Ventura 13.4.1 (22F770820d)
  Time since boot: Less than an hour

Configuration Files:
  /etc/hosts - Count: 1

Notifications:
  Tutanota Desktop.app
    2 notifications

  Safari.app
    6 notifications

Security:
  Gatekeeper: App Store and identified developers
  System Integrity Protection: Enabled

  Antivirus software: Apple

  Remote login: Enabled

Unsigned Files:
  Launchd: /Library/LaunchDaemons/org.virtualbox.startup.plist
    Executable: /Library/Application Support/VirtualBox/LaunchDaemons/VirtualBoxStartup.sh restart
    Details: Exact match found in the legitimate list - probably OK

  Launchd: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Java-Updater.plist
    Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck
    Details: Exact match found in the legitimate list - probably OK

  Launchd: /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
    Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool
    Details: Exact match found in the legitimate list - probably OK

  Launchd: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Helper-Tool.plist
    Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool
    Details: Exact match found in the legitimate list - probably OK

  Launchd: ~/Library/LaunchAgents/com.DigiDNA.iMazing2Mac.Mini.plist
    Executable: /Applications/iMazing.app/Contents/MacOS/iMazing Mini.app/Contents/MacOS/iMazing Mini

  Launchd: /Library/LaunchAgents/com.oracle.java.Java-Updater.plist
    Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck
    Details: Exact match found in the legitimate list - probably OK

  Plugin: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin

  Preference panel: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy/JavaControlPanel.prefPane

  Apps: 12

Old Applications:
  42 x86-only apps

Kernel Extensions:
  /Library/Application Support/VirtualBox
    [Not Loaded] VBoxDrv.kext - org.virtualbox.kext.VBoxDrv (6.1.18)
    [Not Loaded] VBoxNetAdp.kext - org.virtualbox.kext.VBoxNetAdp (6.1.18)
    [Not Loaded] VBoxNetFlt.kext - org.virtualbox.kext.VBoxNetFlt (6.1.18)
    [Not Loaded] VBoxUSB.kext - org.virtualbox.kext.VBoxUSB (6.1.18)

  /Library/Extensions
    [Not Loaded] Soundflower.kext - com.Cycling74.driver.Soundflower (2.0b2 - SDK 10.10)
    [Not Loaded] CorsairAudio.kext - com.corsair.CorsairAudioKext (3.0.36)
    [Not Loaded] EPSONUSBPrintClass.kext - com.epson.print.kext.USBPrintClass (3.4.1)

System Launch Daemons:
  [Not Loaded]  38 Apple tasks
  [Loaded]  185 Apple tasks
  [Running]  164 Apple tasks
  [Other]  2 Apple tasks

System Launch Agents:
  [Not Loaded]  22 Apple tasks
  [Loaded]  186 Apple tasks
  [Running]  189 Apple tasks

Launch Daemons:
  [Not Loaded] CorsairAudioConfigService.plist (Corsair Memory, Inc. - installed 2022-03-15)
  [Not Loaded] com.adobe.ARMDC.Communicator.plist (Adobe Inc. - installed 2022-01-08)
  [Not Loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Inc. - installed 2022-01-08)
  [Running] com.crystalidea.macsfancontrol.smcwrite.plist (Ilya Parniuk - installed 2023-05-29)
  [Loaded] com.dymo.dymo-connect.helper.plist (Sanford, L.P. - installed 2022-09-21)
  [Running] com.dymo.pnpd.plist (Sanford, L.P. - installed 2021-09-16)
  [Loaded] com.epson.RemotePrintIODaemon.plist (Seiko Epson Corporation - installed 2022-10-17)
  [Not Loaded] com.nchsoftware.DeskFx.VadHelper.plist (NCH Software - installed 2022-03-22)
  [Not Loaded] com.nchsoftware.Voxal.VadHelper.plist (NCH Software - installed 2022-02-22)
  [Not Loaded] com.oracle.java.Helper-Tool.plist (Not signed - installed 2022-04-26)
  [Not Loaded] com.wibu.CodeMeter.Server.plist (WIBU-SYSTEMS AG - installed 2023-02-01)
  [Not Loaded] com.wibu.CodeMeter.WebAdmin.plist (WIBU-SYSTEMS AG - installed 2023-02-01)
  [Not Loaded] com.wibu.WIBUKEY.Server.plist (WIBU-SYSTEMS AG - installed 2019-09-30)
  [Not Loaded] org.virtualbox.startup.plist (Not signed - installed 2021-05-08)
  [Not Loaded] us.zoom.ZoomDaemon.plist (Zoom Video Communications, Inc. - installed 2022-01-17)

Launch Agents:
  [Not Loaded] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Inc. - installed 2022-01-08)
  [Running] com.epson.Epson_Low_Ink_Reminder.launcher.plist (Seiko Epson Corporation - installed 2022-05-08)
  [Loaded] com.epson.RemotePrintIOHelper.plist (Seiko Epson Corporation - installed 2022-10-17)
  [Running] com.epson.edca.launcher.plist (Seiko Epson Corporation - installed 2020-11-03)
  [Loaded] com.epson.esua.launcher.plist (Seiko Epson Corporation - installed 2021-10-14)
  [Running] com.epson.eventmanager.agent.plist (Seiko Epson Corporation - installed 2020-08-26)
  [Running] com.epson.scannermonitor.plist (Seiko Epson Corporation - installed 2020-08-26)
  [Not Loaded] com.oracle.java.Java-Updater.plist (Not signed - installed 2022-04-26)

User Launch Agents:
  [Loaded] com.DigiDNA.iMazing2Mac.Mini.plist (Not signed - installed 2023-05-07)
  [Loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2023-07-14)
  [Not Loaded] com.logmein.GoToMeeting.G2MAIRUploader.plist (LogMeIn, Inc. - installed 2022-11-16)
  [Not Loaded] com.logmein.GoToMeeting.G2MUpdate.plist (LogMeIn, Inc. - installed 2022-11-16)

User Login Items:
  [Loaded] HotKeyHelper (App Store - installed 2022-11-03)
    Modern Login Item
    /Applications/HotKey.app/Contents/Library/LoginItems/HotKeyHelper.app

  [Running] Multitouch (Ryan Hanson - installed 2023-07-22)
    Application
    /Applications/Multitouch.app

  [Not Loaded] MultitouchHelper (Ryan Hanson - installed 2023-07-22)
    Modern Login Item
    /Applications/Multitouch.app/Contents/Library/LoginItems/MultitouchHelper.app

  [Not Loaded] LaunchAtLoginHelper (App Store - installed 2023-07-31)
    Modern Login Item
    /Applications/TickTick.app/Contents/Library/LoginItems/LaunchAtLoginHelper.app

  [Not Loaded] TogglLauncher (App Store - installed 2023-07-31)
    Modern Login Item
    /Applications/Toggl Track.localized/Toggl Track.app/Contents/Library/LoginItems/TogglLauncher.app

  [Running] Tutanota Desktop (Tutao GmbH - installed 2023-07-15)
    Application
    /Applications/Tutanota Desktop.app

  [Running] XMenu (App Store - installed 2022-04-12)
    Application
    /Applications/XMenu.app

  [Not Loaded] StartupHelper (Seiko Epson Corporation - installed 2022-11-22)
    Modern Login Item
    /Library/Printers/EPSON/Fax/Utility/Fax Receive Monitor.app/Contents/Library/LoginItems/StartupHelper.app

  [Not Loaded] StartUpHelper (Spotify - installed 2023-04-15)
    Modern Login Item
    /Users/***/Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app

  [Not Loaded] DriveDxLoginItemHelper (Kirill Luzanov - installed 2023-05-30)
    Modern Login Item
    ~/Downloads/DriveDx.app/Contents/Library/LoginItems/DriveDxLoginItemHelper.app

Internet Plug-ins:
  JavaAppletPlugin: Java 8 Update 333 build 02 (? - installed 2022-06-26)
  AdobePDFViewer: 21.005.20058 (Adobe Systems, Inc. - installed 2021-07-15)
  AdobePDFViewerNPAPI: 17.012.20098 (Adobe Systems, Inc. - installed 2021-07-15)

Audio Plug-ins:
  CorsairAudio: 3.0.36 (Corsair Memory, Inc. - installed 2022-03-15)
  DeskFxVirtualAudioDevice: 3.16 (NCH Software - installed 2022-03-22)
  VoxalVirtualAudioDevice: 6.18 (NCH Software - installed 2022-02-22)
  SBVirtualMic: 1.0.0 (Screaming Bee Inc - installed 2019-10-03)

3rd Party Preference panels:
  CodeMeter (WIBU-SYSTEMS AG - installed 2023-02-01)
  Java (? - installed 2022-04-26)

Backup:
  Auto backup: Yes
  Destinations:
       [Local] (Last used)
      Total size: 999.62 GB
      Total number of backups: 8
      Oldest backup: 2023-07-27 11:31:59
      Last backup: 2023-09-04 20:28:14
  2 local snapshots
  Oldest local snapshot: 2023-09-03 15:47:17
  Last local snapshot: 2023-09-04 19:58:29

Performance:
  System Load: 1.73 (1 min ago) 1.49 (5 min ago) 1.54 (15 min ago)
  Nominal I/O usage: 6.17 MB/s
  File system: 27.07 seconds
  Write speed: 496 MB/s
  Read speed: 1469 MB/s

CPU Usage Snapshot:
  Type Overall
  System: 3 %
  User: 6 %
  Idle: 91 %

Top Processes Snapshot by CPU:
  Process (count) CPU (Source - Location)
  EtreCheckPro 13.86 % (Etresoft, Inc.)
  WindowServer 11.44 % (Apple)
  com.apple.WebKit.WebContent (24) 5.56 % (Apple)
  kernel_task 5.06 % (Apple)
  Safari 4.70 % (Apple)

Top Processes Snapshot by Memory:
  Process (count) RAM usage (Source - Location)
  com.apple.WebKit.WebContent (24) 4.06 GB (Apple)
  EtreCheckPro 786 MB (Etresoft, Inc.)
  Safari 262 MB (Apple)
  corespotlightd 180 MB (Apple)
  com.apple.WebKit.GPU 179 MB (Apple)

Top Processes Snapshot by Network Use:
  Process (count) Input / Output (Source - Location)
  com.apple.WebKit.Networking 29 MB / 3 MB (Apple)
  mDNSResponder 1 MB / 224 KB (Apple)
  apsd 352 KB / 234 KB (Apple)
  trustd 76 KB / 11 KB (Apple)
  rapportd 24 KB / 33 KB (Apple)

Top Processes Snapshot by Energy Use:
  Process (count) Energy (0-100) (Source - Location)
  WindowServer 4 (Apple)
  Safari 1 (Apple)
  corespotlightd 1 (Apple)
  com.apple.WebKit.WebContent (24) 1 (Apple)
  bluetoothd 1 (Apple)

Virtual Memory Information:
  Physical RAM: 16 GB

  Free RAM: 351 MB
  Used RAM: 9.37 GB
  Cached files: 6.29 GB

  Available RAM: 6.63 GB
  Swap Used: 0 B

Software Installs (past 60 days):
  Install Date Name (Version)
  2023-07-08 XProtectPlistConfigData (2169)
  2023-07-14 Schnelle macOS-Sicherheitsmaßnahme 13.4.1 (c) (13.4.1 (c))
  2023-07-15 Keynote (13.1)
  2023-07-15 ChatSecure (5.0.4)
  2023-07-15 eDrawings (31.3.0040)
  2023-07-31 TickTick (4.5.60)
  2023-07-31 Toggl Track (8.12.0)
  2023-07-31 Craft (2.5.9)
  2023-07-31 CapCut (2.3.2)
  2023-07-31 iMovie (10.3.7)
  2023-09-02 XProtectPayloads (109)

Diagnostics Information (past 7-30 days):
  2023-08-30 14:47:17 com.apple.MobileSoftwareUpdate.UpdateBrainService High CPU Use
    Executable: /private/var/db/*/com.apple.MobileSoftwareUpdate.UpdateBrainService

  2023-08-29 20:43:43 com.apple.WebKit.WebContent High CPU Use
    Executable: /Volumes/VOLUME/*/W**************k/V******s/A/X*********s/c*****************************c/C******s/M***S/c*************************t


End of report

 

[Hotze]

Schon wieder….

Es ist kein Virus und keine Systemmeldung. Es ist nervige Werbung um unbedarfte User zu verunsichern, um ihre nutzlose, dumme Software zu verteilen.

Du kannst gerne die Suche benutzen und die wöchentlichen Threads dazu lesen.

https://www.macuser.de/threads/wie-kann-man-die-mcaffee-werbung-ausstellen.922867/

 

[MacKaz]

Neben-Anmerkung: Ventura würde ich updaten, 13.4.1 ist etwas älter.

 

[dg2rbf]

Hi,
Ventura ist aktuell bei 13.5.1, Updaten ist angesagt.
Franz

 

[ostwind]

Die Zahl im roten Kreis sollte man also doch mal beachten… Danke für den Hinweis!

Und ja, wenn man bei der Suche nicht "das richtige" eingibt… findet man nichts… und Ärger und die erste allgemeine Verunsicherung machen sich schnell breit.
Wäre nun nur noch interessant, wer diese Meldungen erlaubt hat… kann mir nicht vorstellen, dass ich das war.

Vielen Dank für die raschen Antworten!
Jetzt ist mein weiterer Abend gerettet.

 

[oneOeight]

Wäre nun nur noch interessant, wer diese Meldungen erlaubt hat… kann mir nicht vorstellen, dass ich das war.

Ach doch, du warst das.
Erlaub einfach Webseiten keine Benachrichtigungen.
Und ein Werbeblocker könnte auch nicht schaden.

 

[ostwind]

Na ja, das um Erlaubnis gefragt wird war an:

Der Übeltäter war der mit den von Apple geklauten Icon… ohne Text:

 

[oneOeight]

Na ja, das um Erlaubnis gefragt wird war an:

Ist ja standardmäßig an.
Aber ist meiner Meinung nach ein unnützes Feature.