chlooethomas

Q: What is AppYM?

My macbook is very hot and my batterie is shutting down too fast, I don't know what's going on. I have this AppYM which is using a lot of my processor, so maybe it's a virus? I don't know, can someone help me please? I have this macbook air for 2 years an d I never had any issues before today.

MacBook Air, OS X Yosemite (10.10.5)

Posted on Nov 9, 2015 6:48 AM

Close

Q: What is AppYM?

  • All replies
  • Helpful answers

Page 1 of 3 last Next
  • by Linc Davis,Apple recommended

    Linc Davis Linc Davis Nov 9, 2015 12:15 PM in response to chlooethomas
    Level 10 (207,995 points)
    Applications
    Nov 9, 2015 12:15 PM in response to chlooethomas

    You installed one or more variants of the "InstallMac" trojan. Take the steps below to disable it.

    The criminal behind this attack tries to make the malware hard to remove by varying the names of the files it installs. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

    Back up all data before continuing.

    1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

    ~/Library/LaunchAgents

    In the Finder, select

              Go Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

    2. Inside the folder you just opened, there may be files with a name of the form

              something.AppRemoval.plist

              something.download.plist

              something.ltvbit.plist

              something.update.plist

    where something is usually a meaningless string, such as any of the following:

              Epolife

              InstallMac

              Javeview

              Kuklorest

              Manroling

              Otwexplain

    These are examples, not a complete list. The string could be anything. The point is that the same string will usually appear in the name of three or four files.

    You could have more than one copy of the malware, with different values of something.

    Move all such items to the Trash. If there are any other files with a name that begin with something, move them to the Trash also. After you've done that, there may not be anything left in the LaunchAgents folder; in that case, you can delete the folder, but otherwise don't delete it. Other files in the folder are not necessarily malicious (though they could be, if you also installed some other kind of malware.)

    Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

    3. Open this folder in the same way as above:

    ~/Library/Application Support

    and move to the Trash any subfolders named with the same something you found in Step 2.

    Don't move the Application Support folder or anything else inside it.

    4. Open the Applications folder. If there is an item with the same name as in Step 3, or any of the other names listed in Step 2, or with the name "Zip Devil," drag it to the Trash.

    If in doubt, press the key combination option-command-4 to arrange the apps by date added. Look at the apps that have been added since you first noticed the problem. If there is one you don't recognize, drag it to the Trash.

    Empty the Trash.

    If you get an alert that the application is in use, force it to quit.

    5. From the Safari menu bar, select

              Safari Preferences... Extensions

    Uninstall all extensions you don't know you need. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

    6. Reset the home page in each of your browsers, if it was changed. In Safari, first load the home page you want, then select

              Safari Preferences... General

    and click

              Set to Current Page

  • by ShawnieFresh209,

    ShawnieFresh209 ShawnieFresh209 Nov 16, 2015 4:23 PM in response to Linc Davis
    Level 1 (0 points)
    Nov 16, 2015 4:23 PM in response to Linc Davis

    I just went through your whole process, thanks!!! I had a call with Mac support last week and they didn't even see these files.  I had 2 of the ones you mentioned.  Dumped everything and my system is rocking now.  Great forum here!

  • by R2B33,

    R2B33 R2B33 Nov 17, 2015 2:33 PM in response to Linc Davis
    Level 1 (0 points)
    Nov 17, 2015 2:33 PM in response to Linc Davis

    Linc-

    Your solution worked great.

    I was able to eliminate 3 generations of the bug.

    Thanks,

    Rick

  • by MrsMagpie_1911,

    MrsMagpie_1911 MrsMagpie_1911 Nov 19, 2015 2:05 AM in response to Linc Davis
    Level 1 (0 points)
    Nov 19, 2015 2:05 AM in response to Linc Davis

    Thanks so much for this fix Linc Davis - my iMac was saying it was out of Application memory and all applications were pausing. I went to the folders you mentioned and deleted the files (they were named Javeview, Kuklorest and Manroling as you said) and no problem since. Did this on 17/11/2015.

  • by eashram,

    eashram eashram Nov 20, 2015 3:29 PM in response to Linc Davis
    Level 1 (0 points)
    Nov 20, 2015 3:29 PM in response to Linc Davis

    Thank you very much

  • by RadicalWisdom,

    RadicalWisdom RadicalWisdom Nov 20, 2015 8:42 PM in response to Linc Davis
    Level 1 (0 points)
    Mac OS X
    Nov 20, 2015 8:42 PM in response to Linc Davis

    Thank you so much for this information!! We had noticed our mac mini was totally gummed up and my husband noticed that our memory was being hogged by something called AppYM. We did the search here and found this so grateful!!

  • by caseywebdev,

    caseywebdev caseywebdev Nov 25, 2015 9:36 PM in response to Linc Davis
    Level 1 (0 points)
    Nov 25, 2015 9:36 PM in response to Linc Davis

    My wife had the rogue AppYM process (2, actually) each claiming 32GB of memory and freezing up the system. Linc's solution worked, and in addition to having 4 of the "somethings" he listed there were several "Zebrouss" files maliciously created as well. Hope this helps!

  • by rpote,

    rpote rpote Nov 26, 2015 6:06 PM in response to caseywebdev
    Level 1 (0 points)
    Nov 26, 2015 6:06 PM in response to caseywebdev

    Thank you. This cleared up my system. Is there something else about this malware I should be concerned about? Does it gather any information on my system for instance?

     

    Much appreciated!

  • by itsdascott,

    itsdascott itsdascott Nov 29, 2015 1:22 PM in response to Linc Davis
    Level 1 (0 points)
    Nov 29, 2015 1:22 PM in response to Linc Davis

    What a star man you are !!!

     

    Thought my iMac was on its way out. You saved the day big time.

     

    thanks so very much

     

    Andy

  • by amybeckmanvo,

    amybeckmanvo amybeckmanvo Nov 30, 2015 8:00 AM in response to Linc Davis
    Level 1 (0 points)
    Nov 30, 2015 8:00 AM in response to Linc Davis

    I am so grateful for this post. I was stumped and have had to shell out so much lately on technology I thought I was going to lose it with my macbook being so slow lately.  Honestly...you are a godsend!  Thank you so much!  My two were kulorest and epolife

  • by alemonfish,

    alemonfish alemonfish Dec 7, 2015 7:47 AM in response to Linc Davis
    Level 1 (0 points)
    Dec 7, 2015 7:47 AM in response to Linc Davis

    As of 12/7/2015 this method still seems to work! I was about ready to have to call a computer guy to come take a look at it.

  • by Arctic Anomaly,

    Arctic Anomaly Arctic Anomaly Dec 7, 2015 7:48 PM in response to chlooethomas
    Level 1 (0 points)
    Dec 7, 2015 7:48 PM in response to chlooethomas

    This saved my sanity ... excellent advice and it worked like a charm.  I was using "activity monitor" and watched that app gobble up more and more of my Mac's working memory.  Just in the nick of time ... thanks, support team!

  • by BillieBillie,

    BillieBillie BillieBillie Dec 8, 2015 8:05 AM in response to ShawnieFresh209
    Level 1 (4 points)
    Mac OS X
    Dec 8, 2015 8:05 AM in response to ShawnieFresh209

    Thanks a million Link. I may have "overdone it", to wit: I didn't write down all of the several "something.plist" and after going through your procedures for LaunchAgents and LaunchDaemons I got to looking around and found dozens of other "something.plist" throughout the Application Support File (sub folders included Adobe and Apple). They were partially labeled info.....plist, manifest.....plist, TableOfContents.....plist, Version.....plist, and so on. Did I trash too many items? The good news is iMac is working like a charm! Do I need any of those items deleted? Thanks again........

  • by DLCIPRIANI2012,

    DLCIPRIANI2012 DLCIPRIANI2012 Dec 9, 2015 4:11 AM in response to Linc Davis
    Level 1 (0 points)
    Dec 9, 2015 4:11 AM in response to Linc Davis

    Your help and time on this problem was greatly appreciated. It seemed to have worked!

Page 1 of 3 last Next