An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
EtreCheck 2.9.3: Suspected Adware or Malware
#38797 02/11/16 07:40 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
EtreCheck 2.9.3 just noted these 2 unknown files that may be Adware or Malware (or merely whitelisted):
1. ~/Library/LaunchAgents/com.macupdate.desktop5.scanner.plist
2. ~/Library/LaunchAgents/.dat.nosync022a.rOuyuR (hidden)

But before deleting these 2 files, I would like the advice of the experts here ‘bouts.

FWIW: Malwarebytes does not note this issue.

Waddya think, should I consign these two files to the trash or should they be retained? confused

P.S. While doing a bit of sleuthing/exploring on this issue, I discovered that Little Snitch reports EntreCheck tried to make an outgoing connection with Adobe.com. Maybe that's a clue that I need to dump EntreCheck. confused

Last edited by Pendragon; 02/11/16 08:19 PM.

Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: EtreCheck 2.9.3: Suspected Adware or Malware
Pendragon #38801 02/11/16 10:33 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
com.macupdate.desktop5.scanner.plist apparently has something to do with their app...maybe their "enhanced" downloader.

If you use neither, you can trash it, but I'd search to see if whatever it is has placed other unwanted components on your Mac.

A Google search for your second item found nothing but your post.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: EtreCheck 2.9.3: Suspected Adware or Malware
Pendragon #38804 02/11/16 11:57 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Hidden LaunchAgents or Daemons make me itchy. Why would someone go to the trouble of hiding legitimate files? Rather than deleting the files try moving them to a LaunchAgents (Disabled) folder the reboot and see what happens. That way you can always restore them if necessary.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: EtreCheck 2.9.3: Suspected Adware or Malware
joemikeb #38805 02/12/16 12:09 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Only the 2nd one is hidden; the MacUpdate item is visible and possibly deliberate on Harv's part...possibly a MU gotcha. (We've discussed MU's spurious d/l wrapper before.)


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: EtreCheck 2.9.3: Suspected Adware or Malware
artie505 #38811 02/12/16 11:59 AM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
I deleted the two "suspect" files with the following result:

1. Upon relaunching MacUpdate Desktop, I had to (re)install my SN & PW. Also, I had to reset a few options/selections. AFAIK, all is (again) normal in that regard.

FWIW, MacUpdate "claims" the nefarious wrapper is not in play for registered MU Desktop users (though I'm not convinced, so I go directly to the developer's site).

Since MU checks for outdated apps upon launch, maybe that's related...

2. As yet, I see no consequence from deleting the ".dat.nosync022a.rOuyuR (hidden)" file. Perhaps I just haven't done anything to prompt it.

As a side note, EtreCheck did not highlight that file on my other machine that has identical applications. Perhaps I installed something on one machine and then deleted it prior to installing it on the other. Curious and curiouser... confused



Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: EtreCheck 2.9.3: Suspected Adware or Malware
Pendragon #38812 02/12/16 12:25 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: Pendragon
1. Upon relaunching MacUpdate Desktop, I had to (re)install my SN & PW. Also, I had to reset a few options/selections. AFAIK, all is (again) normal in that regard.

FWIW, MacUpdate "claims" the nefarious wrapper is not in play for registered MU Desktop users (though I'm not convinced, so I go directly to the developer's site).

Since MU checks for outdated apps upon launch, maybe that's related... (Emphasis added)

~/Library/LaunchAgents/com.macupdate.desktop5.scanner.plist certainly seems to fill that bill...deliberate on your part as I guessed it might be.

Your other item may remain a mystery forever.

Edit: Out of curiosity, did you ever install anything that enabled you to view attachments sent by an Outlook user?

Last edited by artie505; 02/12/16 12:38 PM. Reason: Expand +

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: EtreCheck 2.9.3: Suspected Adware or Malware
Pendragon #38814 02/12/16 01:24 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Re EtreCheck contacting Adobe- this, just in, from the developer:

"EtreCheck connects to Adobe to check the most recent version of Flash and compare it to what the user has installed. If it is out of date, EtreCheck will print a red warning because Flash is one of the top methods of malware distribution. EtreCheck used to have a similar check for Java but Oracle had a much looser definition of “latest version” and the warning wasn’t useful."

I guess that answers that...


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: EtreCheck 2.9.3: Suspected Adware or Malware
Pendragon #38817 02/12/16 02:48 PM
Banned
Offline
Banned

Joined: Nov 2015
I just ran EtreCheck V 2.9.3 on my mid 2013 13" MacBook Air, and neither of those items showed up. I do have a non-applicable issue with a sudoers file which it flags, and also tells me that "Auto backup: NO - Auto backup turned off",. But that one I am well aware of, as I do not use Time Machine, but prefer the excellent backup/cloning program SuperDuper! for making bootable backups for both of my Macs to two external hard drives.

Also, I do not have the latest version of Adobe Flash on my machine.

Last edited by honestone; 02/12/16 02:50 PM.
Re: EtreCheck 2.9.3: Suspected Adware or Malware
Pendragon #38818 02/12/16 02:53 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
Originally Posted By: Pendragon
FWIW, MacUpdate "claims" the nefarious wrapper is not in play for registered MU Desktop users (though I'm not convinced, so I go directly to the developer's site).

If you're not convinced, there is no need to wonder, as you can easily make sure. Currently, MacUpdate’s Installers are recognizable by their name (‘Item X’ Installer), and their file size (1.6MB)*. It’s of course possible that a download from a developer also contains the word ‘Installer’ in its name and that the file size is 1.6MB, but that particular combination is considerably less likely.

But suppose it does happen. In that case a file named MacUpdate Installer’ will be present in the downloaded .dmg from MacUpdate, something that's quite unlikely in a download from a developer. So far, double-clicking those MacUpdate .dmg files is still safe: nothing untoward will happen beyond mounting and opening the disk image. In addition to the install (including that of any additional and potentially unwanted items), the MacUpdate Installers perform the actual download of the software they install, hence their standard and rather small size.

*) You can simply monitor this with your Downloads pulldown (Safari), and stop a download in progress, assuming your internet service isn’t so fast that the download completes before you can react. But even if you let the download complete, you can just delete the disk image.

PS. As of today, the number of MacUpdate Installers is still relatively small. Most downloads are ‘normal’, which makes it still worthwhile to use the MU download button before having to resort to the developer.


alternaut moderator
Re: EtreCheck 2.9.3: Suspected Adware or Malware
alternaut #38819 02/12/16 05:33 PM
Banned
Offline
Banned

Joined: Nov 2015
I used to rely on www.macupdate.com for obtaining updates, but once I had some issues with the MacUpdate Installer, I stopped getting updates that way. I instead go to the site for the product, and download updates from there. (Some software, of course, have the "Check for Updates" feature, and that can be used to get updates directly from the company's site).

Also, MacUpdate is not always up to date with information. For example, the new version of EtreCheck, which came out last week, was finally listed yesterday on MacUpdate. Also, they are definitely behind with updates for Office 2011. Right now, MacUpdate shows version 14.5.8 being available, but version 14.6.0 has been out for at least 2 weeks!

Another example si 1Password. The update for it came out on Monday, but it did not show up on MacUpdate until Tuesday. True, only a 1 day delay, but as I stated, it is worse for a number of other products.

Re: EtreCheck 2.9.3: Suspected Adware or Malware
honestone #38820 02/12/16 06:57 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
On a few occasions, I mis-clicked and got an updater with the MU installer. Of course, I merely deleted that and then fetched the update directly from the developer's site.

Re the MU site not being up to date, yeah, I too regularly notice that. If I may give MU a wee bit of credit, they have always put things to right within a day or two of my alerting them of their omission.


Harv
27" i7 iMac (10.13.6), iPhone Xs Max (12.1)

Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: EtreCheck 2.9.3: Suspected Adware or Malware
Pendragon #38824 02/12/16 08:50 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Unless I'm mistaken, MacUpdate has nothing to do with updates being posted in a timely or untimely manner, rather it's the developers who lag and leave MU to take the hit.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: EtreCheck 2.9.3: Suspected Adware or Malware
Pendragon #38825 02/12/16 09:13 PM
Banned
Offline
Banned

Joined: Nov 2015
They used to be more timely about the posting of updates. But the recent "glaring" ones I pointed out about EtreCheck and Office 2011 are just plain unacceptable (along with using the MacUpdate "installer"). And, this "late" posting of updates has actually been happening for a while.

No, I'll stick with getting the updates on my own (and also using the "Check For Updates" feature which some apps have).

Re: EtreCheck 2.9.3: Suspected Adware or Malware
artie505 #38826 02/12/16 09:16 PM
Banned
Offline
Banned

Joined: Nov 2015
Originally Posted By: artie505
Unless I'm mistaken, MacUpdate has nothing to do with updates being posted in a timely or untimely manner, rather it's the developers who lag and leave MU to take the hit.


That makes no difference, as far as I am concerned. MacUpdate should be looking on their own for updates being available. If I can do it (as I have recently done), they can do it.

Again, though, I am going to stick with getting them on my own. I can get them sooner (WAY sooner, in some cases), and without dealing with the problematic MacUpdate Installer.

Re: EtreCheck 2.9.3: Suspected Adware or Malware
honestone #38827 02/12/16 09:37 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: honestone
Originally Posted By: artie505
Unless I'm mistaken, MacUpdate has nothing to do with updates being posted in a timely or untimely manner, rather it's the developers who lag and leave MU to take the hit.

That makes no difference, as far as I am concerned. MacUpdate should be looking on their own for updates being available. If I can do it (as I have recently done), they can do it.

That's freakin' bizarre!

The cost of the resources that would be required for them to keep track of the thousands of apps they host would put them out of business, and for all their shortcomings, they're too useful to lose.

Searching for updates is not, nor should it be, part of their business; their business is providing a platform for developers who either make good or poor use of it.

Last edited by artie505; 02/12/16 11:44 PM.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: EtreCheck 2.9.3: Suspected Adware or Malware
artie505 #38857 02/14/16 05:20 AM
Banned
Offline
Banned

Joined: Nov 2015
Originally Posted By: artie505
Originally Posted By: honestone
Originally Posted By: artie505
Unless I'm mistaken, MacUpdate has nothing to do with updates being posted in a timely or untimely manner, rather it's the developers who lag and leave MU to take the hit.

That makes no difference, as far as I am concerned. MacUpdate should be looking on their own for updates being available. If I can do it (as I have recently done), they can do it.

That's freakin' bizarre!

The cost of the resources that would be required for them to keep track of the thousands of apps they host would put them out of business, and for all their shortcomings, they're too useful to lose.

Searching for updates is not, nor should it be, part of their business; their business is providing a platform for developers who either make good or poor use of it.


No, it's not freaking bizarre! MacUpdate needs to provide up to date information, plain and simple. And, their platform must be reliable enough for users to get the most up to date information. I already provided two glaring examples where that is not the case.

Re: EtreCheck 2.9.3: Suspected Adware or Malware
honestone #38863 02/14/16 10:11 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: honestone
Originally Posted By: artie505
Originally Posted By: honestone
MacUpdate should be looking on their own for updates being available. If I can do it (as I have recently done), they can do it.

That's freakin' bizarre!

Searching for updates is not, nor should it be, part of their business; their business is providing a platform for developers who either make good or poor use of it.

No, it's not freaking bizarre! MacUpdate needs to provide up to date information, plain and simple. And, their platform must be reliable enough for users to get the most up to date information. I already provided two glaring examples where that is not the case.

Originally Posted By: MacUpdate
All 40,000 apps on MacUpdate have been hand curated. (Emphasis added)

OK, then, how much do you figure it would cost MU to check all 40,000 apps on a regular enough basis to satisfy you and to update their descriptions, etc. as required, and how much of a paid annual membership would you be willing to spring for to defray the cost of new infrastructure and people and the ongoing new costs?

Edit: And how many of MU's current members, paid members included, do you figure wold join you, particularly considering that although they may be the best game in town they're not the only one and that the day they went bust there'd be somebody new dancing on their platform?

Last edited by artie505; 02/14/16 10:59 AM. Reason: Clarify +

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: EtreCheck 2.9.3: Suspected Adware or Malware
artie505 #38865 02/14/16 12:41 PM
Banned
Offline
Banned

Joined: Nov 2015
Originally Posted By: artie505

OK, then, how much do you figure it would cost MU to check all 40,000 apps on a regular enough basis to satisfy you and to update their descriptions, etc. as required, and how much of a paid annual membership would you be willing to spring for to defray the cost of new infrastructure and people and the ongoing new costs?

Edit: And how many of MU's current members, paid members included, do you figure wold join you, particularly considering that although they may be the best game in town they're not the only one and that the day they went bust there'd be somebody new dancing on their platform?


Blah, blah, blah. The site still must have current information. Also, they should not be including their downloader software when one downloads something from their site. That is just plain sleezy.

Nope, I am going to get my updates on my own. It does not take much time and effort to do that. But, there will always be some folks who are too lazy to do that, and also who do not believe in the KISS philosophy. To those I say "Stupid is as stupid does" (another one of my favorite lines).

Re: EtreCheck 2.9.3: Suspected Adware or Malware
Pendragon #38871 02/14/16 09:20 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
EtreCheck version 2.9.4 (254) is now available. See if that makes a difference.

Re: EtreCheck 2.9.3: Suspected Adware or Malware
grelber #38873 02/14/16 09:53 PM
Banned
Offline
Banned

Joined: Nov 2015
Originally Posted By: grelber
EtreCheck version 2.9.4 (254) is now available. See if that makes a difference.


Thanks for that info. I just downloaded and installed it, and it did not make any difference, in my case, at least on my Mac Mini. I'll do it on my MacBook Air soon, but I suspect the same results.

Thanks again!

Re: EtreCheck 2.9.3: Suspected Adware or Malware
honestone #38885 02/15/16 03:31 AM
Banned
Offline
Banned

Joined: Nov 2015
As I expected, got the same result on my MacBook Air with the new version of EtreCheck. Everything is good!


Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.043s Queries: 56 (0.030s) Memory: 0.6859 MB (Peak: 0.8362 MB) Data Comp: Zlib Server Time: 2024-03-28 16:58:34 UTC
Valid HTML 5 and Valid CSS