Category Archives: Macintosh Security

Issues with AppSo crashes and high CPU use on a Mac?

High Mac AppSo UseWe had a client report today about a strange thing that has started to happen on their Mac. They complain that the computer will begin to work fine, and slowly over time, the Mac will grind to a halt and begin to crash and freeze at times. They checked the Activity Monitor and noticed a process called “AppSo” taking up huge amounts of memory and processor usage. As it turns out, chances are pretty good that this Mac has a trojan horse installed onto it, probably from installing fake online-based utility programs like “Install Mac,” or “MacKeeper.” You may also see a pop-up window that says “Please run InstallMac compatibility test and updates for the upcoming Mac OSX.” These programs typically have full access to your Mac, and then proceed to install backdoor programs to capture your data and make it appear as if your Mac is having problems (which it creates).

So, we have to first determine if we in fact are infected by these types of Trojan Horse programs. It’s pretty easy to determine by going to the “Go” menu and choosing “Go To Folder…” in the Macintosh finder. When the search box appears, type in this path:

~/Library/LaunchAgents

That is the user library, not the system library. Inside this folder, look for some files that look like the following examples:

something.ltvbit.plist

something.download.plist

something.update.plist

The “something” above may contain random names–and this is just a few examples; there could be many variations of these–such as:

MacKeepr, InKeepr, Javeview,Leperdvil, Manroling,Totiteck, etc.

BACKUP YOUR MAC FIRST! If you happen to see any or all of these files, you must move them to the trash to get rid of this Mac trojan horse. Simply move any one of those folders that contained our example above into the trash. You may have a now-empty LaunchAgents folder, and that is perfectly OK.

Let’s go to the Finder’s “GO” menu again and choose “Go To Folder…” and type in:

~/Library/Application Support

Locate any of the files in this folder that we noticed in our examples above. Remove anything that contains those names.

You can then head to your Applications folder on your Mac and locate any items that contain any of our example names from above, or, “ZipDevil.” Move these items to the trash as well.

Restart your Mac.

At this point when you come back after your restart, you should be able to empty your Mac’s trash in the Finder.

You may want to also consider checking all of your browsers for extensions that shouldn’t be there, or, look unfamiliar. This includes Safari, Chrome and Firefox. These extensions can be the door that the trojan horse used to get into your Macintosh. It wouldn’t be a bad idea to start to consider to use some Macintosh anti-virus and anti-trojan software such as Norton Antivirus or Trend Micro Antivirus.

Please leave some comments if you have issues with this procedure, or, just want to let us know that you indeed had a Macintosh Trojan Horse!


 If you enjoyed this article and we have helped you out, please consider a small donation so that we may bring you more helpful tips and tricks on the Macintosh!
Unidentified Developer

Unable to Install Mac OS X Apps: Unidentified Developer

Have you ever seen this message when trying to install Mac OS X software that didn’t come from the Mac App Store? Watch the new Capital Mac YouTube video below to see how to get around this new Macintosh security setting!

Unidentified Developer

Is this message stopping you from installing software on your Mac? 

800-656-8547 is another pop-up scam–don’t fall for it!

800-656-8547 Scam

800-656-8547 is most likely a phishing scam designed to get access into your Mac–don’t fall for it!

There is another scam going around as pop-ups that appear in your browser while surfing the web with Safari, Firefox or Chrome. What happens is a pop-up appears and explains that you have a security breach on your Macintosh (or Windows computer). Then, it directs you to call 800-656-8547, for instructions on how to take care of this “breach.” The instructions are to let a “technician” into your computer virtually, which is a bad idea in general, and then have to pay them upwards of $300 to “clean your Macintosh.” This is just another variation of the typical pop-up scareware banners that trick you into thinking something is wrong with your computer–which there is not. Whatever you do, don’t call that number! 

If you happen to be reading this post after you have called the number for this pop-up scam, here’s a few things to do immediately on your Macintosh.

  • First, if you gave them a credit card number, you will probably want to call the bank and have them deny the charge and cancel that card. Once they have that number, they may use it further, or, sell it off on the black market.
  • If they actually took control of your Mac, they may have done nothing, or, they may have inserted any variety of malware, keylogging software, etc. It’s hard to say for sure, but, different scams of this variety do different things. At minimum, you would want to change your administrator password (System Preferences –> Users and Groups –> Change Password) for all accounts on the Mac. Depending on your comfort level, you would also want to consider rolling back to an earlier date in time with Time Machine backup, or, consider a scorched Earth path to completely wipe the computer clean and start over. If you were to do this drastic step, I would wipe the computer clean, and then install an operating system first, and then go back and restore just your user folder from backup. Select only important users in the Setup Assistant dialog box—not the Applications, Other files and folders, or Computer & Network Settings. Don’t transfer the Guest account, if you had this enabled.
  • Don’t install 3rd party software from your backups–try to go back to the original media for this step.
  • We advise you change any internet passwords that you may have typed in after this breach, such as banking or online retail store accounts–this is a good step to do anyway, every few months.
  • It’s not a bad idea to install some form of anti-virus software at this point, such as Sophos for the Mac, which is more of a piece-of-mind-just-in-case step. It will come up with some errors during scanning, which usually means that it cannot scan system files that are in use. If it finds anything strange, it will quarantine these files.

Hopefully after all of these steps, your Mac will be somewhat back to normal. Remember, this scam is a popular one and many more malicious folks are putting this scam into action. 800-656-8547 is just one of many following the same routine and we ask that you don’t ever call anyone for Macintosh help except for AppleCare and local computer companies (such as Capital Mac Service) in your area that specialize in the Macintosh. If you get bitten by this, or any other scam, don’t panic and don’t ever give out personal information such as credit card numbers, social security numbers and birthdates. Above all else, don’t let remote people take over your computer–this is just asking for trouble!

Don’t Fall Victim to Macintosh Help and Support Scams!

Don't fall victim to Macintosh Support Scams!

Don’t fall victim to Macintosh support scams including fake Mac tech support companies and anti-virus software. They will capture your personal data and credit card numbers!

When you see pop-ups and warnings that your Macintosh may be infected by a virus or spyware while surfing the web, don’t fall for it! Most of these scary popup warnings are nothing more than a scam to get your credit card numbers, passwords, or social security numbers! These fake companies (usually not based in the United States) generate these very official-looking and scary warnings that appear on your screen warning you that you have severe system problems and viruses on your Macintosh. The good news is almost 99.9% of the time, you and your Mac are perfectly safe.

If you decide to take these scam companies up on their offers of free diagnostic software, free tech support and more, you will most likely be handing over crucial and personal data that will come back to haunt you! The general way these companies scam you is by tricking you into installing software onto your Macintosh that allows them full access into your computer remotely, which in turn they can keep this access as long as they wish. They will then often generate fake messages with this software, such as leading you to believe you have a virus or spyware that can only be removed by them–for a huge fee. We have had customers fork over hundreds of dollars to these companies, for basically no reason. Once they take off these fake viruses, their software just generates more of them down the road, forcing you to give them more money.

Another way fake companies get your credit card numbers and other personal data is to masquerade as a real Apple Macintosh support business. These offshore companies often pay for higher Google results and trick you into thinking they are actually Apple Computer, by using domain names that appear to be related to Apple (they aren’t). Once you call these fake Mac support companies, they ask for access remotely to your Mac, or, credit card numbers and other personal data.

Lastly, another big scam is the “Clean My Mac” software that is going around the Internet via website ads and popup windows. This software usually is malicious and does nothing on your Mac except generate ways to steal your data and credit card numbers. The jury is out on the infamous “MacKeeper” software that you see on a daily basis–We feel that whether this is malicious software or not, our gut feeling is to stay away from it. Consult with a reputable firm to talk about cleaning and optimizing your Macintosh with genuine software such as Cocktail for the Mac, which we’ve talked about before. The Macintosh for the most part can take care of itself–it usually doesn’t need help from these online optimization and cleaning software titles–worry about backing up your data first and foremost instead of chasing these possibly damaging software titles.

Please contact Capital Mac Service before you attempt to install any third-party software to clean or disinfect your Mac, no matter how scary these warnings appear to be. Don’t call anyone on the web or visit websites unless you are 100% sure they are either Apple Computer, or, a reputable local Macintosh help and support firm. We can work backwards with you to see where these warnings came from and hopefully shut the doors to these malicious companies.

Another Day, Another Phishing Scam.

Phishing Scam

Don’t fall for these realistic-looking phishing scams!

I just got this screenshot from a Capital Mac Service customer that looks pretty scary–fortunately, this is yet another version of a typical scam going around the Internet. Basically, just clicking on a weblink brought this webpage up, which basically traps you on the page–you cannot get off of it without force quitting your browser. These types of scams try to trick you into thinking you have a virus or spyware on your Mac (or PC and Android as I found out by digging deeper). When you click through, they ask for a credit card number to remove this fake spyware and virus from your computer. If you visit the page where this scam comes from (see it here), you can see all the various directories with various scary webpages warning you about this virus you may have. They have different scareware pages for different operating systems! DO NOT fall for these scams when surfing the web. Take a screenshot and contact us if you like so we can educate further on the dangers of these fake and fraudulent sites trying to steal your credit card and other personal information.