How to stop CorruptPowerlog eating up my disk space?
I am running 10.14.6 (18G3020) on a 2018 MacBook Air.
Every 15 seconds or so a triplet of files is created in /private/var/db/powerlog/Library/BatteryLife/Quarantine. For example
30144 -rw-r--r-- 1 root wheel 15M Apr 1 17:02 CorruptPowerlog_1585785775.350699.PLSQL
64 -rw-r--r-- 1 root wheel 32K Apr 1 17:02 CorruptPowerlog_1585785775.350699.PLSQL-shm
0 -rw-r--r-- 1 root wheel 0B Apr 1 17:02 CorruptPowerlog_1585785775.350699.PLSQL-wal
This means that my disk space is shrinking by 60MB per minute.
I can delete these files as root, but they keep coming back.
What program creates these files? How can I stop this?
Solution 1:
PowerLog is malware
that displays pop-ups and unwanted advertisements that do not come from the websites you are browsing. These PowerLog ads are displayed as boxes with coupons, underlined keywords (in-text ads), pop-up ads, or advertising banners. Virustotal
PowerLog is usually bundled with other free software that you download from the Internet. Unfortunately, some free downloads do not adequately advertise that other software is being installed, and you may find that you installed PowerLog without your knowledge.
The PowerLog ads may have different text in the popup: "Powered by PowerLog", "Advertisements by PowerLog", "Brought to you by PowerLog", "Ads by PowerLog", or "Ads powered by PowerLog". These ads are designed to encourage the installation of additional questionable content, including web browser toolbars, optimization utilities, and other products, so that the PowerLog publisher can generate pay-per-click revenue.
Note: Once installed, PowerLog installs another app of this type called MacPerformance. This app forces browsers to open websites that offer updates for software with fake tools. You can see the PowerLog process in the Activity Monitor: It is displayed as "PowerLift".
When your device is infected with the PowerLog adware, the following symptoms are common:
-
Ads appear in places where they shouldn't be.
-
Your web browser's home page has mysteriously changed without your permission.
-
Web pages you normally visit do not display properly.
-
Website links direct you to websites other than those you expected.
-
Browser pop-ups will appear recommending fake updates or other software.
-
Other unwanted programs may be installed without your knowledge.
How to remove PowerLog adware
Go to the system settings. Click Profiles. The list contains the entry "AdminPrefs". Select this option and click the "-" button in the lower left corner.
Note: If there is no profile icon, no profiles are installed. This is normal.
Open "Finder" an click on "Applications". Find and remove the PowerLog app. Also look for MPlayerX, NicePlayer, or any other suspicious application and drag it to the Trash. After removing the potentially unwanted applications that are causing online ads, scan your Mac for any remaining unwanted components
Avoid launchd trying to start this program again. Delete the associated files from the following paths
/Library/LaunchAgents
~/Library/LaunchAgents
/Library/LaunchDaemons
Look for recently added suspicious files in the LaunchAgents folder and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware typically installs multiple files with the same string.
Look for recently added suspicious files in the LaunchDaemons folder. For example "com.aoudad.net-Settings.plist", "com.myppes.net-Settings.plist", "com.kuklorest.net-Settings.plist", "com.avickUpd.plist" and delete it.
Check for adware-generated files in the (~)/Library/Application\ Support folder. Also, look for recently added suspicious folders in the Application Support folder. For example "MplayerX" or "NicePlayer" and move these folders to the trash.
Last uninstall the PowerLog extension from Safari, Chrome, or Firefox.
But you can also use Malwarebytes or Combo Cleaner. They can also remove it.