lralou26

Q: How do I remove "MegaBackup" malware?

I was installing updates and accidentally installed some Malware.  I've removed everything except I cannot delete this "MegaBackup."  When I try to send it to the trash it says "cannot be deleted because MegaBackup is running", however I have closed it.  Can anyone help?

MacBook Air (13-inch Mid 2013)

Posted on Aug 16, 2015 6:46 AM

Close

Q: How do I remove "MegaBackup" malware?

  • All replies
  • Helpful answers

Page 1 of 5 last Next
  • by Sparkleberry,Helpful

    Sparkleberry Sparkleberry Aug 16, 2015 6:50 AM in response to lralou26
    Level 4 (3,110 points)
    Notebooks
    Aug 16, 2015 6:50 AM in response to lralou26
  • by Linc Davis,Helpful

    Linc Davis Linc Davis Aug 16, 2015 8:28 AM in response to lralou26
    Level 10 (207,926 points)
    Applications
    Aug 16, 2015 8:28 AM in response to lralou26

    You may have installed ad-injection malware ("adware").

    Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

    This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure that doesn't involve downloading anything.

    Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up.

    If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.

    Step 1

    Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

    ~/Library/LaunchAgents

    In the Finder, select

              Go Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

    If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

    There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

    Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

    Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

    Leave the folder open for now.

    Step 2

    Do as in Step 1 with this line:

    /Library/LaunchAgents

    The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

    Step 3

    Repeat with this line:

    /Library/LaunchDaemons

    This time the folder will be named "LaunchDaemons."

    Step 4

    Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

    Step 5

    If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

  • by psbrown97,

    psbrown97 psbrown97 Aug 21, 2015 9:28 AM in response to lralou26
    Level 1 (0 points)
    Aug 21, 2015 9:28 AM in response to lralou26

    Screen Shot 2015-08-21 at 10.15.12 AM.png

  • by psbrown97,

    psbrown97 psbrown97 Aug 21, 2015 9:36 AM in response to Linc Davis
    Level 1 (0 points)
    Aug 21, 2015 9:36 AM in response to Linc Davis

    Screen Shot 2015-08-21 at 10.33.34 AM.png

  • by Eric Root,

    Eric Root Eric Root Aug 21, 2015 10:01 AM in response to psbrown97
    Level 9 (69,813 points)
    iTunes
    Aug 21, 2015 10:01 AM in response to psbrown97
  • by sadiebryde,

    sadiebryde sadiebryde Aug 28, 2015 12:04 PM in response to lralou26
    Level 1 (5 points)
    Aug 28, 2015 12:04 PM in response to lralou26

    Screen Shot 2015-08-28 at 11.56.37 AM.png

    Hello Iralou26, I followed your directions up to step 6. So now what? Thanks, Sadie

  • by conway_michaela,

    conway_michaela conway_michaela Sep 6, 2015 5:54 PM in response to Linc Davis
    Level 1 (0 points)
    Sep 6, 2015 5:54 PM in response to Linc Davis

    Screen Shot 2015-09-06 at 7.50.25 PM.png

  • by mckngbrd,

    mckngbrd mckngbrd Sep 17, 2015 5:53 AM in response to Linc Davis
    Level 1 (5 points)
    Sep 17, 2015 5:53 AM in response to Linc Davis

    Wondering where to go from here...I found no extensions in google. HELP!

    Screen Shot 2015-09-17 at 8.44.53 AM.png

  • by sadiebryde,Helpful

    sadiebryde sadiebryde Sep 17, 2015 8:05 AM in response to mckngbrd
    Level 1 (5 points)
    Sep 17, 2015 8:05 AM in response to mckngbrd

    On OSX 7.5 this is what I did. Used the "uninstall" function to remove the software. It was still there afterwards  so I dragged it to the trash, but couldn't empty it. Because it was still open. Then I searched around & found this board & tried the partial solution listed, which was of no use. Continued looking and found a solution on another discussion board, and it worked. Open Activity Monior in System Preferences and look for the MegaBackup running in the background, which it is still doing. Then select it and choose the option to stop activity. This eliminates the software. The whole thing was so annoying & time consuming I researched it further & found out that this software is NOT malware, its some defective app that behaves like malware.

  • by pinkstones,

    pinkstones pinkstones Sep 17, 2015 8:31 AM in response to mckngbrd
    Level 5 (4,209 points)
    Safari
    Sep 17, 2015 8:31 AM in response to mckngbrd

    You need to get rid of CleanMyMac2 and MacKeeper.  Neither program is necessary to run a Mac efficiently, and no matter what those programs say they will do, they don't actually do it.  The only program required to keep your computer in good running order is the gray matter between your ears.  There is nothing you can download that will "clean", "optimize", "refresh", or otherwise enhance your hard drive. 

  • by Eric Root,

    Eric Root Eric Root Sep 17, 2015 10:47 AM in response to mckngbrd
    Level 9 (69,813 points)
    iTunes
    Sep 17, 2015 10:47 AM in response to mckngbrd
  • by j_campion,

    j_campion j_campion Sep 22, 2015 9:56 PM in response to Linc Davis
    Level 1 (0 points)
    Sep 22, 2015 9:56 PM in response to Linc Davis

    Screen Shot 2015-09-22 at 9.52.55 PM.png

  • by stevejobsfan0123,

    stevejobsfan0123 stevejobsfan0123 Sep 23, 2015 8:04 AM in response to j_campion
    Level 8 (43,464 points)
    iPhone
    Sep 23, 2015 8:04 AM in response to j_campion

    Remove the scam MacKeeper product. Instructions are in Eric's post, right above yours.

  • by Linc Davis,

    Linc Davis Linc Davis Sep 23, 2015 1:47 PM in response to j_campion
    Level 10 (207,926 points)
    Applications
    Sep 23, 2015 1:47 PM in response to j_campion

    You installed the "Flashmall" trojan. Take the steps below to disable it.

    Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

    Back up all data before continuing.

    1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination  command-C:

    ~/Library/LaunchAgents

    In the Finder, select

              Go Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

    2. Inside the folder you just opened, there may be files with a name beginning in any of the following ways:

               com.crossrider

               com.extensions

               com.flashmall

               com.Installer.completer

               com.webhelper

               com.webtools

               flashmall

               UpdateDownloader

               WebSocketServerApp

    Move any such files to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

    3. Do as in Step 1 with this line:

    ~/Library/Application Support

    A folder named "Application Support" will open. Inside it there may be subfolders with any of these names:

                 IM.Installer

                 webHelperApp

                 WebTools

    If so, move those subfolders—not the "Application Support" folder—to the Trash.

    4. Open this folder in the same way as above:

    ~/Library/ScriptingAdditions

    and remove an item named

                BrowserHelper.osax

    if present.

    5. Open this folder:

    ~/Library

    Look for subfolders with either of these names:

                flashmall

                WebTools

    and move them to the Trash, if present. Don't remove the subfolder named "WebKit".

    6. Open the Applications folder. Move to the Trash items with any of these names:

                Flashmall

                mediaDownloader

                WebTools

    Important: You can't delete applications by trying to drag them from the Dock or the LaunchPad. Open the Applications folder in the Finder.

    7. Open this folder in the same way as above:

    ~/Applications

    This is not the usual Applications folder, but a different one inside your home folder. Look for an application with a name like this:

                 flashmall

    and move it to the Trash, if present. Also remove anything else in that folder that you don't recognize.

    Empty the Trash.

    8. From the Safari menu bar, select

              Safari Preferences... Extensions

    Uninstall all extensions you don't know you need, including one called "GoldenBoy," if it's present. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

Page 1 of 5 last Next