Q: how to get rid of pop ups flash mall
-
Nov 1, 2015 5:41 PMby Linc Davis,A
You installed a variant of the "Flashmall" trojan. To remove it, start by backing up all data.
1. Triple-click anywhere in the line below on this page to select it:
/Library/LaunchAgents
Right-click or control-click the highlighted line and select
Services ▹ Open
from the contextual menu.* A folder named "LaunchAgents" should open.
In the folder, there may be one or more files with a name that begins in either of the following ways:
com.SoftwareUpdater
com.WebShoppers
Move each such file to the Trash. You may be prompted for your administrator password.
2. Do as in Step 1 with this line:
~/Library/LaunchAgents
3. Log out or restart the computer.
4. Open the Applications folder in the Finder. It may have subfolders with either of these names:
SoftwareUpdater
WebShoppers
Move each such subfolder to the Trash. Empty the Trash.
5. From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall all extensions you don't know you need, including one called "SearchTrust," if it's present. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return.
B
Also delete the items named "MacKeeper" and "MegaBackup" from the Applications folder.
-
Jan 17, 2016 1:12 AMby ViGnEsH_R,Start time: 14:30:13 01/17/16
Revision: 1166
Model Identifier: MacBookPro12,1
System Version: OS X 10.10.4 (14E46)
Kernel Version: Darwin 14.4.0
Time since boot: 11 minutes
Diagnostic reports
2015-12-29 com.apple.AmbientDisplayAgent crash
2016-01-13 LookupViewService crash
Log
Jan 17 14:07:18 com.apple.xpc.launchd.domain.pid.quicklookd.8762: Path not allowed in target domain: type = pid, path = /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iT unesLibraryService.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd. app
Jan 17 14:15:43 com.apple.xpc.launchd.domain.pid.quicklookd.9419: Path not allowed in target domain: type = pid, path = /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iT unesLibraryService.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd. app
Jan 17 14:18:41 com.apple.iTunesHelper.48028: Service exited with abnormal code: 1
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.S peechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc/Contents/MacOS/DataDetectorsDynamicData error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc/Contents/MacOS/DataDetectorsDynamicData error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeSta mpingService.xpc/Contents/MacOS/XPCTimeStampingService error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Diction aryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.x pc/Contents/MacOS/com.apple.DictionaryServiceHelper error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychai nSandboxCheck.xpc/Contents/MacOS/XPCKeychainSandboxCheck error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuth orizeAgent.xpc/Contents/MacOS/IOServiceAuthorizeAgent error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.S peechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeSta mpingService.xpc, error = 1: Operation not permitted
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Failed to bootstrap path: path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc, error = 1: Operation not permitted
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Failed to bootstrap path: path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc, error = 1: Operation not permitted
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Failed to bootstrap path: path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc, error = 1: Operation not permitted
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Failed to bootstrap path: path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Diction aryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.x pc, error = 1: Operation not permitted
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Failed to bootstrap path: path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuth orizeAgent.xpc, error = 1: Operation not permitted
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychai nSandboxCheck.xpc, error = 1: Operation not permitted
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.S peechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc/Contents/MacOS/DataDetectorsDynamicData error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
Jan 17 14:18:52 com.apple.xpc.launchd.domain.pid.SecurityAgent.194: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/ com.apple.geod.xpc/Contents/MacOS/com.apple.geod error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
Jan 17 14:20:21 com.apple.xpc.launchd.domain.pid.quicklookd.256: Path not allowed in target domain: type = pid, path = /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iT unesLibraryService.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /System/Library/Frameworks/QuickLook.framework/Versions/A/Resources/quicklookd. app
Agents
com.ShopTool.agent
com.SoftwareUpdater.agent
com.apple.AirPortBaseStationAgent
Applications
/Applications/AnyTrans.app
- com.imobie.AnyTrans
/Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app
- com.apple.ScriptEditor.id.cocoa-applet-template
/Library/Application Support/Script Editor/Templates/Droplets/Droplet with Settable Properties.app
- com.apple.ScriptEditor.id.droplet-with-settable-properties-template
/Library/Application Support/Script Editor/Templates/Droplets/Recursive File Processing Droplet.app
- com.apple.ScriptEditor.id.file-processing-droplet-template
/Library/Application Support/Script Editor/Templates/Droplets/Recursive Image File Processing Droplet.app
- com.apple.ScriptEditor.id.image-file-processing-droplet-template
/Library/Image Capture/Devices/Canon IJScanner2.app
- jp.co.canon.ijscanner2.scanner.ica
/Library/Image Capture/Devices/Canon IJScanner4.app
- jp.co.canon.ij.ica.scanner4
/Library/Image Capture/Devices/EPSON Scanner.app
- com.epson.scanner.ica
/Library/Printers/EPSON/Fax/AutoSetupTool/EPFaxAutoSetupTool.app
- com.epson.ijfax.app.EPFaxAutoSetupTool
/Library/Printers/EPSON/Fax/FaxIOSupport/epsonfax.app
- com.epson.ijfax.app.epsonfax
/Library/Printers/EPSON/Fax/Filter/commandFilter.app
- com.epson.ijfax.filter.commandFilter
/Library/Printers/EPSON/Fax/Filter/rastertoepfax.app
- com.epson.ijfax.filter.rastertoepfax
/Library/Printers/EPSON/Fax/Utility/FAX Utility.app
- com.epson.ijfax.utility.FAXUtility
/Library/Printers/EPSON/Fax/Utility/Fax Receive Monitor.app
- com.epson.ijfax.app.FaxReceiveMonitor
Frameworks
- N/A
PrefPane
- N/A
Contents of /Library/LaunchAgents/com.ShopTool.agent.plist
- mod date: Jan 16 12:25:24 2016
- checksum: 2154220605
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableGlobbing</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.ShopTool.agent</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Applications/ShopTool/ShopTool</string>
<string>-guid</string>
<string>18505066139564423</string>
<string>-source</string>
<string>mm-1602</string>
<string>-brand</string>
<string>ShopTool</string>
<string>-dt</string>
<string>1452927319</string>
</array>
<key>RunAtLoad</key>
...and 9 more line(s)
Contents of /Library/LaunchAgents/com.SoftwareUpdater.agent.plist
- mod date: Jan 16 12:25:28 2016
- checksum: 3215026757
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableGlobbing</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.SoftwareUpdater.agent</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Applications/SoftwareUpdater/SoftwareUpdater</string>
<string>-guid</string>
<string>18505066139564423</string>
<string>-source</string>
<string>mm-1602</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
...and 7 more line(s)
Firewall: On
DNS: 208.67.222.222 (static)
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
Safari extensions
AdBlock
- com.betafish.adblockforsafari
iCloud errors
Finder: 16
Spotlight: 2
Restricted files: 7
Elapsed time (sec): 196
