You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Websearch AdviceDaemon malware

My MacBook Pro '16, recently purchased 04/06/2020, inherited a nasty piece of malware (I think)

during my transfer of files from my 2011 MacBook Pro '17.


The symptoms include a persistent, repeating message:

""WebSearch Advice Daemon" will damage your computer.

This file was downloaded on an unknown date.


And now I cannot perform any functionality requiring server connections of any kind.

The new MacBook Pro has MacOS Catalina 10.15.4


MacBook Pro 16", macOS 10.15

Posted on Apr 13, 2020 7:33 AM

Reply
Question marked as Top-ranking reply

Posted on Apr 13, 2020 7:39 AM

If you suspect you have installed adware/malware:


Adware Removal Guide—Manual removal of : http://www.thesafemac.com/arg-identification/

or

Try running this trusted utility https://www.malwarebytes.com/mac/


also Verify you are not using SOCKS proxy:

>System Preferences>Networks>Advanced>Proxy uncheck the box


Adware/malware launch daemons can set SOCKS proxies without user participation.

(SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server.)

2 replies
Question marked as Top-ranking reply

Apr 13, 2020 7:39 AM in response to Mikes_MacBookPro04-13-2020

If you suspect you have installed adware/malware:


Adware Removal Guide—Manual removal of : http://www.thesafemac.com/arg-identification/

or

Try running this trusted utility https://www.malwarebytes.com/mac/


also Verify you are not using SOCKS proxy:

>System Preferences>Networks>Advanced>Proxy uncheck the box


Adware/malware launch daemons can set SOCKS proxies without user participation.

(SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server.)

Apr 13, 2020 7:56 PM in response to leroydouglas

It took me a while to get there, but yes, the combination of malwarebytes and the reference to the SOCKS proxies

definitely provided the solution. The debugging environment was the challenge. The symptoms were on my new MacBook Pro '16 after I migrated files from my 2011 MacBook Pro '17, which did not have the symptoms. The symptoms included the new MacBook Pro not being able to establish any connections to servers.


Clara from Apple Support demonstrated knowledge and patience as she used the older MacBook Pro to demonstrate the steps

for me to use on the newer MacBook Pro to get it connection-worthy. We were then use download and use malwarebytes

to identify, quarantine, and remove the suspect malware.


I did not read this leroydouglas posting until after Clara and I were done, but his references were right on.


//Mike

Websearch AdviceDaemon malware

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.