时间戳

首页 > 技术文章 > 【原创精品】mac 彻底卸载趋势科技

【原创精品】mac 彻底卸载趋势科技

tyxa 2017-09-23 13:55 原文

    在公司,给我的mac 笔电装了公司的查杀毒软件,此后,这货就像挥之不去的病毒,就像你心理上阴影一样如影随形,最邻人方案的是这货没界面,只是个后台服务,一般人就没办法了。最最令人反感的是它经常控制/拖慢网速,最最最令人反感的是它经常控制我的行为——不让我破解软件!

  好吧,你既然这么难缠,是个老大难,就是卸载了你。但是趋势的东西卸载都要密码!要不就是卸载工具和安装包在一起,且安装以后是没有卸载入口的!好吧,请教度娘:给的方案都是win下的删除注册表,我倒 (⊙o⊙)…,什么?没有mac方案?我倒。。。好不容易找到mac下的解决办法,点进去一看:是趋势科技的官网给的解决方案:说了一堆天书般的,圣经般的没用的东东。

  哎,自力根生吧。突然想到:Linux/nunix系列是没有注册表之说的,自立根生没问题的,完全可以自己卸载。

  来来来,先看看,这货的日常:
    

  这货就点哪个都不出现窗口/界面。下面是鼠标悬浮时的窗口:

  

  给我们的有用信息是【Trend Micro】 ,整个磁盘查找都没有半点文件的迹象。。。

  于是,找到进程,双击查看进程,点击取样,可得到如下:

cwd
/
txt
/Library/Application Support/TrendMicro/TmccMac/UIMgmt.app/Contents/MacOS/UIMgmt
txt
/Library/Frameworks/TMAppCore.framework/Versions/A/TMAppCore
txt
/Library/Frameworks/TMAppCommon.framework/Versions/A/TMAppCommon
txt
/Library/Application Support/TrendMicro/common/lib/libTmLog.dylib
txt
/Library/Application Support/TrendMicro/common/lib/libTmUtil.dylib
txt
/usr/lib/dyld
txt
/Library/Frameworks/iCoreClient.framework/Versions/A/iCoreClient
txt
/Library/Application Support/TrendMicro/common/lib/libprotobuf-lite.dylib
txt
/Library/Frameworks/iCoreClientPb.framework/Versions/A/iCoreClientPb
txt
/System/Library/CoreServices/Encodings/libSimplifiedChineseConverter.dylib
txt
/System/Library/CoreServices/SystemAppearance.bundle/Contents/Resources/Assets.car
txt
/private/var/folders/6z/hby371v12319h_64sn6n41qm0000gn/C/com.apple.IntlDataCache.le.kbdx
txt
/Library/Application Support/TrendMicro/TmccMac/UIMgmt.app/Contents/Resources/en.lproj/popupBG_RTS.png
txt
/Library/Application Support/TrendMicro/TmccMac/UIMgmt.app/Contents/Resources/popup_bt_off.png
txt
/Library/Application Support/TrendMicro/TmccMac/UIMgmt.app/Contents/Resources/en.lproj/popupBG_UgdReboot.png
txt
/usr/share/icu/icudt57l.dat
txt
/System/Library/CoreServices/SystemAppearance.bundle/Contents/Resources/SystemAppearance.car
txt
/System/Library/Fonts/SFNSText.ttf
txt
/System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Resources/AppleKeyboardLayouts-L.dat
txt
/private/var/folders/6z/hby371v12319h_64sn6n41qm0000gn/0/com.apple.LaunchServices-175-v2.csstore
txt
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/Resources/Extras2.rsrc
txt
/System/Library/Fonts/Helvetica.dfont
txt
/Library/Application Support/TrendMicro/TmccMac/UIMgmt.app/Contents/Resources/TMCCMac.icns
txt
/Library/Application Support/TrendMicro/TmccMac/UIMgmt.app/Contents/Resources/tball_normal.png
txt
/Library/Application Support/TrendMicro/TmccMac/UIMgmt.app/Contents/Resources/tball_offline.png
txt
/System/Library/CoreServices/SystemAppearance.bundle/Contents/Resources/VibrantLightAppearance.car
txt
/System/Library/CoreServices/SystemAppearance.bundle/Contents/Resources/FunctionRowAppearance.car
txt
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/Resources/HIToolbox.rsrc
txt
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/Resources/English.lproj/Localized.rsrc
txt
/Library/ScriptingAdditions/BartenderHelper.osax/Contents/MacOS/BartenderHelper
txt
/Applications/Bartender 2.app/Contents/Resources/BartenderHelperTwoOneThree.bundle/Contents/MacOS/BartenderHelperTwoOneThree
txt
/System/Library/Fonts/SFNSDisplay.ttf
txt
/System/Library/Fonts/Keyboard.ttf
txt
/private/var/db/dyld/dyld_shared_cache_i386
txt
/Library/Frameworks/TMGUIUtil.framework/Versions/A/TMGUIUtil
0
/dev/null
1
/dev/null
2
/dev/null
3
/private/var/log/TrendMicro/TmccCore/iCoreClientPb.log
4
/private/var/log/TrendMicro/TmccCore/iCoreClient.log
5
/Users/HFB/Library/Logs/TrendMicro/Debug/Application/UIMgmt.log
6
/private/var/log/TrendMicro/TmccCore/iFrameWork.log
7
->0xbce5551b6e807ed
8
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/Resources/Extras2.rsrc
10
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/Resources/HIToolbox.rsrc
11
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/Resources/English.lproj/Localized.rsrc

  看,有好多有关这货的资源调用我们得一个一个分析,若是系统的则略过,若是这个货的则先把文件/文件夹打个压缩包作为备份(等最后分析出那个该删哪个不该删,不该删的还原就好),再把源文件删除。重启电脑。这货是随机启动的,重启就知道卸载好了没。

  最后知道哪个该删哪个不该删,不该删的还原就好。

  先把子进程和父进程杀掉。  

  。。。

  经过几小时的浴血奋战终于真相大白:

  1》这货的安装目录是:/Library/Application Support/TrendMicro

  2》这货的日志目录是:/private/var/log/TrendMicro和/Users/HFB/Library/Logs/TrendMicro

 

  哈哈,遂,删除之。

                《完》

 

推荐阅读