Category Archives: Mac Antivirus

Issues with AppSo crashes and high CPU use on a Mac?

High Mac AppSo UseWe had a client report today about a strange thing that has started to happen on their Mac. They complain that the computer will begin to work fine, and slowly over time, the Mac will grind to a halt and begin to crash and freeze at times. They checked the Activity Monitor and noticed a process called “AppSo” taking up huge amounts of memory and processor usage. As it turns out, chances are pretty good that this Mac has a trojan horse installed onto it, probably from installing fake online-based utility programs like “Install Mac,” or “MacKeeper.” You may also see a pop-up window that says “Please run InstallMac compatibility test and updates for the upcoming Mac OSX.” These programs typically have full access to your Mac, and then proceed to install backdoor programs to capture your data and make it appear as if your Mac is having problems (which it creates).

So, we have to first determine if we in fact are infected by these types of Trojan Horse programs. It’s pretty easy to determine by going to the “Go” menu and choosing “Go To Folder…” in the Macintosh finder. When the search box appears, type in this path:

~/Library/LaunchAgents

That is the user library, not the system library. Inside this folder, look for some files that look like the following examples:

something.ltvbit.plist

something.download.plist

something.update.plist

The “something” above may contain random names–and this is just a few examples; there could be many variations of these–such as:

MacKeepr, InKeepr, Javeview,Leperdvil, Manroling,Totiteck, etc.

BACKUP YOUR MAC FIRST! If you happen to see any or all of these files, you must move them to the trash to get rid of this Mac trojan horse. Simply move any one of those folders that contained our example above into the trash. You may have a now-empty LaunchAgents folder, and that is perfectly OK.

Let’s go to the Finder’s “GO” menu again and choose “Go To Folder…” and type in:

~/Library/Application Support

Locate any of the files in this folder that we noticed in our examples above. Remove anything that contains those names.

You can then head to your Applications folder on your Mac and locate any items that contain any of our example names from above, or, “ZipDevil.” Move these items to the trash as well.

Restart your Mac.

At this point when you come back after your restart, you should be able to empty your Mac’s trash in the Finder.

You may want to also consider checking all of your browsers for extensions that shouldn’t be there, or, look unfamiliar. This includes Safari, Chrome and Firefox. These extensions can be the door that the trojan horse used to get into your Macintosh. It wouldn’t be a bad idea to start to consider to use some Macintosh anti-virus and anti-trojan software such as Norton Antivirus or Trend Micro Antivirus.

Please leave some comments if you have issues with this procedure, or, just want to let us know that you indeed had a Macintosh Trojan Horse!


 If you enjoyed this article and we have helped you out, please consider a small donation so that we may bring you more helpful tips and tricks on the Macintosh!

Incoming search terms:

  • appso
  • antiviras

800-656-8547 is another pop-up scam–don’t fall for it!

800-656-8547 Scam

800-656-8547 is most likely a phishing scam designed to get access into your Mac–don’t fall for it!

There is another scam going around as pop-ups that appear in your browser while surfing the web with Safari, Firefox or Chrome. What happens is a pop-up appears and explains that you have a security breach on your Macintosh (or Windows computer). Then, it directs you to call 800-656-8547, for instructions on how to take care of this “breach.” The instructions are to let a “technician” into your computer virtually, which is a bad idea in general, and then have to pay them upwards of $300 to “clean your Macintosh.” This is just another variation of the typical pop-up scareware banners that trick you into thinking something is wrong with your computer–which there is not. Whatever you do, don’t call that number! 

If you happen to be reading this post after you have called the number for this pop-up scam, here’s a few things to do immediately on your Macintosh.

  • First, if you gave them a credit card number, you will probably want to call the bank and have them deny the charge and cancel that card. Once they have that number, they may use it further, or, sell it off on the black market.
  • If they actually took control of your Mac, they may have done nothing, or, they may have inserted any variety of malware, keylogging software, etc. It’s hard to say for sure, but, different scams of this variety do different things. At minimum, you would want to change your administrator password (System Preferences –> Users and Groups –> Change Password) for all accounts on the Mac. Depending on your comfort level, you would also want to consider rolling back to an earlier date in time with Time Machine backup, or, consider a scorched Earth path to completely wipe the computer clean and start over. If you were to do this drastic step, I would wipe the computer clean, and then install an operating system first, and then go back and restore just your user folder from backup. Select only important users in the Setup Assistant dialog box—not the Applications, Other files and folders, or Computer & Network Settings. Don’t transfer the Guest account, if you had this enabled.
  • Don’t install 3rd party software from your backups–try to go back to the original media for this step.
  • We advise you change any internet passwords that you may have typed in after this breach, such as banking or online retail store accounts–this is a good step to do anyway, every few months.
  • It’s not a bad idea to install some form of anti-virus software at this point, such as Sophos for the Mac, which is more of a piece-of-mind-just-in-case step. It will come up with some errors during scanning, which usually means that it cannot scan system files that are in use. If it finds anything strange, it will quarantine these files.

Hopefully after all of these steps, your Mac will be somewhat back to normal. Remember, this scam is a popular one and many more malicious folks are putting this scam into action. 800-656-8547 is just one of many following the same routine and we ask that you don’t ever call anyone for Macintosh help except for AppleCare and local computer companies (such as Capital Mac Service) in your area that specialize in the Macintosh. If you get bitten by this, or any other scam, don’t panic and don’t ever give out personal information such as credit card numbers, social security numbers and birthdates. Above all else, don’t let remote people take over your computer–this is just asking for trouble!

Another Day, Another Phishing Scam.

Phishing Scam

Don’t fall for these realistic-looking phishing scams!

I just got this screenshot from a Capital Mac Service customer that looks pretty scary–fortunately, this is yet another version of a typical scam going around the Internet. Basically, just clicking on a weblink brought this webpage up, which basically traps you on the page–you cannot get off of it without force quitting your browser. These types of scams try to trick you into thinking you have a virus or spyware on your Mac (or PC and Android as I found out by digging deeper). When you click through, they ask for a credit card number to remove this fake spyware and virus from your computer. If you visit the page where this scam comes from (see it here), you can see all the various directories with various scary webpages warning you about this virus you may have. They have different scareware pages for different operating systems! DO NOT fall for these scams when surfing the web. Take a screenshot and contact us if you like so we can educate further on the dangers of these fake and fraudulent sites trying to steal your credit card and other personal information.

Do I need any particular antivirus software for my new (or old) Mac?

Capital Mac Norton AntivirusThe easy answer: probably not. In the 13 years I was with Apple Computer, I saw about two distinct and separate viruses on a Mac. One of them was a simple Microsoft Word virus that only affected Word documents. The other was a real-deal virus, however, Apple caught that one before anyone really had contracted it.

So, do you need Macintosh antivirus software? Probably not.

I’d be more worried about you losing your data to a hard drive or directory damage issue than getting a virus. Most people on any computer platform equate any problem–big or small–to a virus. Most of the customers I dealt with while working with Apple began with “My computer isn’t working. It’s probably a virus.” Obviously from our end, this was never, ever a virus and almost always a directory damage issue or software problem.

If you were to invest in a virus software for your Mac for peace of mind sake, I would recommend something simple as the Norton suite of antivirus software, if you really want to still run one on your system. Be aware that these types of software will possibly reduce the speed of your Mac, since it has to scan every file every few minutes.

If you are gun-shy about Mac antivirus, or, if you just have questions, just contact us at Capital Mac Service and we can cover your options!

 

 

A Simple Way to Keep Your Family Mac Safe at Home

OpenDNS Settings

with a simple tool such as OpenDNS, you can limit a good portion of what your kids can see while surfing on your family Macintosh.

There’s no magic bullet to keep your kids from visiting the darkest corners of the web, however, with a simple tool such as OpenDNS, you can limit a good portion of what your kids can see while surfing on your family Macintosh.

OpenDNS is a free service (with paid upgrades for more options) to limit which sites your kids can surf while on the Internet. It basically involves the following:

  1. Setting up a free account at http://www.opendns.com/
  2. Configuring your Macintosh computer (or router) with the proper DNS numbers
    • 208.67.222.222
    • 208.67.220.220
  3. Configuring which types of sites can or will not be blocked on the OpenDNS website

Upon completion of these steps, anytime your children try to access a site that is deemed inappropriate, they will simply see a blocked page load on your Mac. You can disallow entire groups of sites, such as gambling or adult sites, or, chat and social media sites. By choosing these broad types of sites, OpenDNS will apply their growing database of inappropriate sites to your block list. The good news is that you don’t have to go in and input thousands of potentially harmful sites–OpenDNS takes care of all of this on their end. Your Mac simply looks at this remote list first before delivering the site to your computer. Even better, you can log in and add or subtract sites that you may find should or shouldn’t be on the list, such as Facebook.

Capital Mac Service would be more than happy to consult you on this service and potentially get your network setup correctly for the DNS number changes. Contact us today for more information on this important service.