Which Mac Software Upgrade Is Being Hacked November 2017

I think my mac got hacked. Help please

Which Mac Software Upgrade Is Being Hacked November 2017 Free
Which Mac Software Upgrade Is Being Hacked November 2017 17
Which Mac Software Upgrade Is Being Hacked November 2017 18
Which Mac Software Upgrade Is Being Hacked November 2017 Update

Here are my EtreCheck results.

Go to Software Update in System Preferences to find the macOS Catalina upgrade. Click Upgrade Now and follow the onscreen instructions to begin your upgrade. If you don’t have broadband access, you can upgrade your Mac at any Apple Store.

Oct 20, 2017 On the 19th of October 2017 we were informed by a malware research company ESET that our servers have been hacked and our apps namely Folx and Elmedia Player DMG files are distributed with a malware. Our cybersecurity team in close coordination with ESET Team and Apple representatives took all the necessary steps and actions to stop the.
Mar 25, 2019 A cybercriminal campaign focused on targeting the supply chain through the exploitation of ASUS Live Update software may have involved the installation of backdoors on over one million PCs.

EtreCheck version: 3.4.6 (460)

Report generated 2017-10-21 05:33:24

Download EtreCheck from https://etrecheck.com

Runtime: 6:42

Performance: Below Average

Click the [Lookup] links for more information from Apple Support Communities.

Click the [Details] links for more information about that line.

Problem: No problem - just checking

Hardware Information: ⓘ

21.5' iMac (Late 2013)

[Technical Specifications] - [User Guide] - [Warranty & Service]

iMac - model: iMac14,1

1 3,49 GHz Intel Core i7 (i7-3770K) CPU: 4-core

16 GB RAM Upgradeable - [Instructions]

BANK0/DIMM0

4 GB DDR3 1600 MHz ok

BANK1/DIMM0

4 GB DDR3 1600 MHz ok

BANK0/DIMM1

4 GB DDR3 1600 MHz ok

BANK1/DIMM1

4 GB DDR3 1600 MHz ok

Handoff/Airdrop2: supported

Video Information: ⓘ

NVIDIA GeForce GTX 660 - VRAM: 1535 MB

M2550D 1920 x 1080

Disk Information: ⓘ

Hitachi HDS722020ALA330 disk0: (2 TB) (Rotational)

(disk0s1) <not mounted> [EFI]: 210 MB

High Sierra (disk0s2 - HFS+) <not mounted> : 295.02 GB

(disk0s3) <not mounted> [Recovery]: 650 MB

disk0s4 (disk0s4 - NTFS) <not mounted> : 209.72 GB

games (disk0s5 - HFS+) <not mounted> : 716.05 GB

(disk0s6) <not mounted> [Recovery]: 650 MB

Sierra (disk0s7 - Journaled HFS+) / [Startup]: 688.20 GB (89.16 GB free)

USB Information: ⓘ

USB30Bus

USB20Bus

hub_device

Generic USB2.0-CRW

Yubico Yubikey 4 OTP+U2F+CCID

USB20Bus

hub_device

Burr-Brown from TI USB Audio CODEC

Telink 2.4G Mouse

ROCCAT ROCCAT Valo

Virtual disks: ⓘ

Franz (disk1s1 - HFS+) /Volumes/Franz : 236 MB (95 MB free)

Physical disk: Disk Image 236 MB (95 MB free)

System Software: ⓘ

macOS Sierra 10.12.3 (16D32) - Time since boot: about 2 days

Configuration files: ⓘ

/etc/hosts - Count: 13 - Corrupt!

System Integrity Protection status: enabled (Custom Configuration)

Gatekeeper: ⓘ

Mac App Store and identified developers

Kernel Extensions: ⓘ

/Applications/ESET Cyber Security Pro.app

[loaded] com.eset.kext.esets-kac (6.5.432 - SDK 10.6) [Lookup]

[not loaded] com.eset.kext.esets-mac (6.5.432 - SDK 10.6) [Lookup]

[loaded] com.eset.kext.esets-pfw (6.5.432 - SDK 10.6) [Lookup]

/Applications/Hands Off!.app

[loaded] com.metakine.handsoff.driver (3.2.3 - SDK 10.9) [Lookup]

/Applications/Parallels Desktop.app

[not loaded] com.parallels.kext.hypervisor (12.2.0 415** - SDK 10.9) [Lookup]

[not loaded] com.parallels.kext.netbridge (12.2.0 415** - SDK 10.9) [Lookup]

[not loaded] com.parallels.kext.usbconnect (12.2.0 415** - SDK 10.9) [Lookup]

[not loaded] com.parallels.kext.vnic (12.2.0 415** - SDK 10.9) [Lookup]

/Applications/VMware Fusion.app

[not loaded] com.vmware.kext.vmci (8.5.7) [Lookup]

[not loaded] com.vmware.kext.vmioplug.15.2.0 (8.5.7) [Lookup]

[not loaded] com.vmware.kext.vmnet (8.5.7) [Lookup]

[not loaded] com.vmware.kext.vmx86 (8.5.7) [Lookup]

/Library/Application Support/Paragon Software/Snapshot

[not loaded] com.Paragon-software.ParagonSnapshot (2.1.3 - SDK 10.7) [Lookup]

/Library/Application Support/org.pqrs/Karabiner

[loaded] org.pqrs.driver.Karabiner (10.22.0 - SDK 10.12) [Lookup]

/Library/Extensions

[loaded] as.vit9696.AppleALC (1.0.19 - SDK 10.12) [Lookup]

[loaded] at.obdev.nke.LittleSnitch (3.7.4 - SDK 10.11) [Lookup]

[not loaded] com.Niresh12495.ExtraExtensions (1.0 - SDK 10.8) [Lookup]

[not loaded] com.caiaq.driver.NIUSBAudio2DJDriver (2.8.0 (R36) - SDK 10.9) [Lookup]

[not loaded] com.caiaq.driver.NIUSBAudio4DJDriver (2.8.0 (R36) - SDK 10.9) [Lookup]

[not loaded] com.caiaq.driver.NIUSBHardwareDriver (2.8.0 (R36) - SDK 10.9) [Lookup]

[not loaded] com.caiaq.driver.NIUSBMaschineControllerDriver (2.6.0 (R82) - SDK 10.8) [Lookup]

[not loaded] com.caiaq.driver.NIUSBTraktorAudio2Driver (2.8.0 (R36) - SDK 10.9) [Lookup]

[not loaded] com.caiaq.driver.NIUSBTraktorKontrolS4Driver (2.8.0 (R36) - SDK 10.9) [Lookup]

[not loaded] com.caiaq.driver.NIUSBTraktorKontrolX1Driver (2.8.0 (R36) - SDK 10.9) [Lookup]

[loaded] com.malwarebytes.mbam.rtprotection (3.0 - SDK 10.12) [Lookup]

[loaded] com.paragon-software.filesystems.extfs (10.0.829 - SDK 10.10) [Lookup]

[loaded] com.paragon-software.filesystems.ntfs (15.0.729 - SDK 10.10) [Lookup]

[loaded] com.paragon-software.kext.VDMounter (111.2 - SDK 10.8) [Lookup]

[loaded] com.rehabman.driver.USBInjectAll (0.5.17 - SDK 10.11) [Lookup]

[loaded] com.usboverdrive.driver.hid (3.3 - SDK 10.9) [Lookup]

[not loaded] net.osx86.kexts.GenericUSBXHCI (1.2.11 - SDK 10.8) [Lookup]

[loaded] org.apple.dont.block.DirectHW (1.4 - SDK 10.11) [Lookup]

[loaded] org.netkas.driver.FakeSMC (6.24-316-g197d663.1737 - SDK 10.8) [Lookup]

[loaded] org.rehabman.driver.FakePCIID (1.3.6 - SDK 10.6) [Lookup]

[loaded] org.rehabman.driver.FakePCIID.XHCIMux (1.3.6 - SDK 10.6) [Lookup]

[not loaded] org.rehabman.voodoo.driver.PS2Controller (1.8.25 - SDK 10.8) [Lookup]

[loaded] org.tgwbd.driver.NullCPUPowerManagement (1.0.0d2 - SDK 10.12) [Lookup]

[loaded] org.voodoo.driver.VoodooTSCSync (1.1 - SDK 10.6) [Lookup]

/Library/Extensions/AppleALC.kext/Contents/PlugIns

[not loaded] as.vit9696.PinConfigs (1.0.0) [Lookup]

/Library/Extensions/Niresh's Extra.kext/Contents/PlugIns

[not loaded] com.Niresh12495.Hackintosh.AHCIPortInjector (1.0.1) [Lookup]

[not loaded] com.Niresh12495.Hackintosh.ATAPortInjector (1.0.0) [Lookup]

[not loaded] com.Niresh12495.Hackintosh.IOAHCIBlockStorageInjector (1.1.1) [Lookup]

[not loaded] com.c0rk007hck.SuperVIAATA (1.0.3 - SDK 10.8) [Lookup]

[not loaded] com.insanelymac.driver.ApplePCIIDE (1.0.1) [Lookup]

[not loaded] com.nvidia.driver.AppleNForceATA (1.0.4) [Lookup]

/Library/Extensions/USBOverdrive.kext/Contents/PlugIns

[not loaded] com.usboverdrive.driver.bt (3.3 - SDK 10.9) [Lookup]

[not loaded] com.usboverdrive.driver.hid.safe (3.3) [Lookup]

/Library/Extensions/VoodooPS2Controller.kext/Contents/PlugIns

[not loaded] org.rehabman.voodoo.driver.PS2Keyboard (1.8.25 - SDK 10.8) [Lookup]

[not loaded] org.rehabman.voodoo.driver.PS2Mouse (1.8.25 - SDK 10.8) [Lookup]

[not loaded] org.rehabman.voodoo.driver.PS2Trackpad (1.8.25 - SDK 10.8) [Lookup]

/System/Library/Extensions

[not loaded] com.elgato.driver.DontMatchAfaTech (1.1) [Lookup]

[not loaded] com.elgato.driver.DontMatchCinergy450 (1.1) [Lookup]

[not loaded] com.elgato.driver.DontMatchCinergyXS (1.1) [Lookup]

[not loaded] com.elgato.driver.DontMatchEmpia (1.1) [Lookup]

[not loaded] com.elgato.driver.DontMatchVoyager (1.1) [Lookup]

[not loaded] com.insanelymac.RealtekRTL8111 (2.2.1 - SDK 10.11) [Lookup]

[not loaded] com.nvidia.NVDAStartupWeb (10.15.20 - OS X 10.7) [Lookup]

[not loaded] com.nvidia.web.GeForceTeslaWeb (10.15.20) [Lookup]

[loaded] com.nvidia.web.GeForceWeb (10.15.20) [Lookup]

[not loaded] com.nvidia.web.NVDAGF100HalWeb (10.15.20) [Lookup]

[loaded] com.nvidia.web.NVDAGK100HalWeb (10.15.20) [Lookup]

[not loaded] com.nvidia.web.NVDAGM100HalWeb (10.15.20) [Lookup]

[not loaded] com.nvidia.web.NVDANV50HalTeslaWeb (10.15.20) [Lookup]

[not loaded] com.nvidia.web.NVDAResmanTeslaWeb (10.15.20) [Lookup]

[loaded] com.nvidia.web.NVDAResmanWeb (10.15.20) [Lookup]

[loaded] net.osrom.kext.Disabler (1.0.1) [Lookup]

[loaded] org.voodoo.driver.VoodooHDA (2.8.8 - SDK 10.8) [Lookup]

System Launch Agents: ⓘ

[failed] com.apple.mdworker.sizing.plist (Apple, Inc. - installed 2017-01-13)

[not loaded] 5 Apple tasks

[loaded] 188 Apple tasks

[running] 86 Apple tasks

System Launch Daemons: ⓘ

[failed] com.apple.bluetoothaudiod.plist (? fcec4c65 0 - installed 2016-12-23)

Which Mac Software Upgrade Is Being Hacked November 2017 Free

[not loaded] 50 Apple tasks

[loaded] 160 Apple tasks

[running] 96 Apple tasks

[killed] 2 Apple tasks

2 processes killed due to insufficient RAM

Launch Agents: ⓘ

[running] at.obdev.LittleSnitchUIAgent.plist (Objective Development Software GmbH - installed 2017-06-20) [Lookup]

[not loaded] com.adobe.AAM.Updater-1.0.plist (Adobe Systems, Inc. - installed 2017-08-19) [Lookup]

[not loaded] com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2017-08-19) [Lookup]

[running] com.bjango.istatmenusagent.plist (Bjango Pty Ltd - installed 2017-08-06) [Lookup]

[running] com.bjango.istatmenusnotifications.plist (Bjango Pty Ltd - installed 2017-08-06) [Lookup]

[running] com.bjango.istatmenusstatus.plist (Bjango Pty Ltd - installed 2017-08-06) [Lookup]

[not loaded] com.divx.dms.agent.plist (? bf9bdaf7 ce0766cf - installed 2017-10-20) [Lookup]

[not loaded] com.divx.uninstall.converter.plist (Shell Script 9e90dee7 - installed 2017-08-07)

[not loaded] com.divx.uninstall.player.plist (Shell Script 664f994d - installed 2017-08-07)

[not loaded] com.divx.uninstall.preferences.plist (Shell Script 1cd1d81c - installed 2017-08-07)

[not loaded] com.divx.update.agent.plist (DivX, LLC - installed 2017-10-20) [Lookup]

[failed] com.eset.esets_gui.plist (ESET, spol. s r.o. - installed 2017-10-13) [Lookup]

[not loaded] com.maintain.LogOut.plist (Shell Script 1d95663e - installed 2017-08-06)

[not loaded] com.maintain.PurgeInactiveMemory.plist (Apple, Inc. - installed 2017-08-06)

[not loaded] com.maintain.Restart.plist (Shell Script 5421a7fd - installed 2017-08-06)

[not loaded] com.maintain.ShutDown.plist (Shell Script 9b7e817c - installed 2017-08-06)

[not loaded] com.maintain.Sleep.plist (Shell Script 94f768ba - installed 2017-08-06)

[not loaded] com.maintain.SystemEvents.plist (Apple, Inc. - installed 2017-08-06)

[running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2017-10-14) [Lookup]

[failed] com.nvidia.nvagent.plist (NVIDIA Corporation - installed 2017-06-19) [Lookup]

[not loaded] com.oracle.java.Java-Updater.plist (? 57a58793 72ac4dde - installed 2017-08-01) [Lookup]

[not loaded] com.paragon-software.ntfs.notification-agent.plist (Paragon Software GmbH - installed 2017-06-01) [Lookup]

Launch Daemons: ⓘ

[running] at.obdev.littlesnitchd.plist (? d0208090 c56ffbf9 - installed 2017-06-20) [Lookup]

[running] com.adobe.adobeupdatedaemon.plist (Adobe Systems, Inc. - installed 2017-08-19) [Lookup]

[running] com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2017-09-30) [Lookup]

[loaded] com.adobe.fpsaud.plist (? 2afb3af7 178755d7 - installed 2017-06-23) [Lookup]

[running] com.bjango.istatmenusdaemon.plist (Bjango Pty Ltd - installed 2017-08-06) [Lookup]

[loaded] com.bresink.system.privilegedhelper-ts5.plist (? 2ab87c3a 536aa922 - installed 2017-08-06) [Lookup]

[loaded] com.cocoatech.pathfinder.SMFHelper7.plist (Dragan Milic - installed 2017-10-13) [Lookup]

[running] com.eset.esets_daemon.plist (ESET, spol. s r.o. - installed 2017-10-13) [Lookup]

[not loaded] com.maintain.CocktailScheduler.plist (Shell Script 300b8a41 - installed 2017-08-06)

Which Mac Software Upgrade Is Being Hacked November 2017 17

[not loaded] com.maintain.HideSpotlightMenuBarIcon.plist (Apple, Inc. - installed 2017-08-06)

[running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2017-10-14) [Lookup]

[running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2017-10-14) [Lookup]

[running] com.micromat.techtoolpro9.BackgroundTool.plist (Micromat, Inc. - installed 2017-04-08) [Lookup]

[running] com.nvidia.nvroothelper.plist (NVIDIA Corporation - installed 2017-06-19) [Lookup]

[loaded] com.oracle.java.Helper-Tool.plist (Shell Script e3fefdd2 - installed 2017-07-22) [Lookup]

[loaded] com.paragon-software.installer.plist (Paragon Software GmbH - installed 2017-06-01) [Lookup]

[loaded] com.paragon-software.ntfs.loader.plist (Apple, Inc. - installed 2017-05-24)

[running] com.paragon-software.ntfsd.plist (Paragon Software GmbH - installed 2017-05-24) [Lookup]

[loaded] com.paragon-software.snapshot.plist (Paragon Software GmbH - installed 2016-09-27) [Lookup]

[loaded] com.paragon-software.vdmounter.plist (Apple, Inc. - installed 2017-05-16)

[loaded] com.paragon.ExtFS.launch.plist (Apple, Inc. - installed 2017-01-13)

[loaded] com.rogueamoeba.instanton-agent.plist (Rogue Amoeba Software, LLC - installed 2016-10-04) [Lookup]

[failed] com.spotflux.Spotflux.tun.plist (Apple, Inc. - installed 2017-03-04)

[failed] hackintosh.zone.voodooloader.plist (Apple, Inc. - installed 2017-01-13)

[not loaded] org.pqrs.Karabiner.load.plist (Shell Script 44439558 - installed 2016-10-31) [Lookup]

[failed] org.rehabman.voodoo.driver.Daemon.plist (? 7bf177c7 34070fe - installed 2016-12-08) [Lookup]

[not loaded] org.virtualbox.startup.plist (? 0 ? - installed (null)) [Lookup]

User Launch Agents: ⓘ

[not loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2017-09-16) [Lookup]

User Login Items: ⓘ

Magnet Application - Hidden

(/Applications/Magnet.app)

OnBoot UnMount by [redacted] [redacted] Application - Hidden

(/Applications/OnBoot UnMount by [redacted] [redacted].app)

SpeechSynthesisServer Application

(/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks /SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app)

USBOverdriveHelper Application

(/Library/PreferencePanes/USB Overdrive.prefPane/Contents/Resources/USBOverdriveHelper.app)

Android File Transfer Agent Application

(~/Library/Application Support/Google/Android File Transfer/Android File Transfer Agent.app)

ESET Cyber Security Pro Application

(/Applications/ESET Cyber Security Pro.app)

Internet Plug-ins: ⓘ

FlashPlayer-10.6: 26.0.0.131 (installed 2017-07-21) [Lookup]

DivX Web Player: 3.8.5.2 (installed 2017-08-07) [Lookup]

QuickTime Plugin: 7.7.3 (installed 2017-08-06)

Flash Player: 26.0.0.131 (installed 2017-07-21) Cannot contact Adobe

PepperFlashPlayer: 26.0.0.131 (installed 2017-06-21) [Lookup]

Silverlight: 5.1.50901.0 (installed 2017-06-01) [Lookup]

JavaAppletPlugin: Java 8 Update 144 build 01 (installed 2017-10-15) Check version

3rd Party Preference Panes: ⓘ

Flash Player (installed 2017-06-23) [Lookup]

Java (installed 2017-08-01) [Lookup]

Native Instruments USB Audio (installed 2017-03-20) [Lookup]

NVIDIA Driver Manager (installed 2017-06-19) [Lookup]

USB Overdrive (installed 2017-10-14) [Lookup]

VoodooHDA (installed 2015-09-09) [Lookup]

Time Machine: ⓘ

Mobile backups: OFF

Auto backup: NO - Auto backup turned off

Volumes being backed up:

games: Disk size: 716.05 GB Disk used: 716.05 GB

Destinations:

Time Machine [Local]

Total size: 594.50 GB

Total number of backups: 1

Oldest backup: 01/03/2017, 15:41

Last backup: 01/03/2017, 15:41

Size of backup disk: Too small

Backup size 594.50 GB < (Disk used 716.05 GB X 3)

Top Processes by CPU: ⓘ

50% firefox

28% VirtualDJ

7% WindowServer

6% kernel_task

3% RTProtectionDaemon

Top Processes by Memory: ⓘ

1.90 GB Adobe Photoshop CC 2017

1.32 GB firefox

1.31 GB VirtualDJ

1.24 GB kernel_task

366 MB Path Finder

Top Processes by Network Use: ⓘ

Input Output Process name

20 B 462 MB VirtualDJ

Which Mac Software Upgrade Is Being Hacked November 2017 18

8 MB 410 KB firefox

4 MB 4 MB mDNSResponder

828 KB 284 KB Franz

864 B 912 B ntpd

Top Processes by Energy Use: ⓘ

29.74 VirtualDJ

24.04 firefox

11.32 WindowServer

2.82 CEPHtmlEngine Helper

2.70 coreaudiod

Virtual Memory Information: ⓘ

4.31 GB Available RAM

52 MB Free RAM

11.69 GB Used RAM

4.26 GB Cached files

9 MB Swap Used

Software installs (last 30 days): ⓘ

MacPwn High Sierra: (installed 2017-10-07)

ESET Cyber Security Pro: (installed 2017-10-13)

Malwarebytes for Mac: (installed 2017-10-14)

USB Overdrive: (installed 2017-10-14)

DivX Pro: (installed 2017-10-20)

Install information may not be complete.

Diagnostics Events (last 3 days for minor events): ⓘ

2017-10-21 04:47:14 WindowServer High CPU use [Open] [Details]

2017-10-21 04:07:46 VTDecoderXPCService Crash [Open]

2017-10-21 04:01:28 VirtualDJ 8.app High CPU use [Open] [Details]

2017-10-21 03:57:14 Android File Transfer Agent.app Crash [Open]

2017-10-21 02:29:07 Firefox.app High CPU use [Open] [Details]

2017-10-21 00:00:14 iSkysoft iMedia Converter Deluxe.app Crash [Open]

Cause: BUG IN CLIENT OF LIBPLATFORM: os_unfair_lock is corrupt

2017-10-20 23:02:56 DivX Player.app Crash [Open]

2017-10-20 03:24:05 Kodi.app High CPU use [Open] [Details]

2017-10-19 22:41:04 Path Finder.app High CPU use [Open] [Details]

2017-10-19 01:40:05 iStat Menus Status.app Crash [Open]

iMac, macOS Sierra (10.12.3)

Posted on

On the 19th of October 2017 we were informed by a malware research company ESET that our servers have been hacked and our apps namely Folx and Elmedia Player DMG files are distributed with a malware.

Our cybersecurity team in close coordination with ESET Team and Apple representatives took all the necessary steps and actions to stop the distribution of this Malware successfully.

We now officially announce that it is absolutely safe to download Elmedia Player, Folx, and other Eltima Software applications by users.

SYSTEM CHECK!!!
If you recently downloaded Elmedia Player or Folx, ESET advises you do a system check to confirm if your system was compromised or not.

Instructions- Scan for the absence of the following file or directory on your system:

/tmp/Updater.app/
/Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
/Library/.rand/
/Library/.rand/updateragent.app/

The presence of any of the files above is an indication that your system may have been infected by the trojanized Elmedia Player or Folx application which means your OSX/Proton is most likely running. If you downloaded Elmedia Player or Folx on the 19th of October 2017, your system is likely affected.

NOTE: Only Elmedia Player and Folx version downloaded from our official Eltima website was infected by this malware. However, the built-in automatic update mechanism is unaffected based on the data available to our cybersecurity experts.

Steps to rid your system of this Malware

Which Mac Software Upgrade Is Being Hacked November 2017 Update

A total system OS reinstall is the only guaranteed way to totally rid your system of this Malware. This is a standard procedure for any system compromise with the affection of administrator account.

Please, be advised that some other system information may have been affected and take appropriate measures to invalidate them.