Q: Perfetnight

Try the suggestion made by the poster in this discussion:

http://www.mac-forums.com/switcher-hangout/328946-perfetnight-app.html

Ciao.

You may have installed ad-injection malware ("adware").

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

Some of the most common types of adware can be removed by following Apple's instructions. If those instructions don't work for you, or if you have trouble following them, see below.

This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure that doesn't involve downloading anything.

Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.

Step 1

Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

          Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

Leave the folder open for now.

Step 2

Do as in Step 1 with this line:

/Library/LaunchAgents

The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

Step 3

Repeat with this line:

/Library/LaunchDaemons

This time the folder will be named "LaunchDaemons."

Step 4

Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

Step 5

If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

I followed your directions in another post & sent all the files from Nov 16 to the trash, restarted the comp and then permanently deleted the files. Computer instantly sped up and all the popups disappeared. Thanks for the great advice Linc!

Thanks Linc for the great advice - I managed to install "Perfetnight" and "Advanced Mac Cleaner" (and thanks for the advice on AMC removal under that thread. All seems back to normality now. I had managed to install these by naïvely being fooled by a fake "adobe flash" updated in safari (and then running the "flash updater" installer on the dmg file downloaded and entering the admin password to allow the installation - less said about the silly error the better!).

While following the instructions I noted hard drive and network activity and checked using Activity Monitor to find logmein items active or in the Launch Agent/Daemon etc folders. I have an old copy of the app on my had drive, but have not used logmein for a few years (now removed and deleted).

Does anyone know if this malware has been transferring account passwords or deleting files or any other destructive activity or was it limited to advertising popups, altering homepage etc in web browsers only............or is there a possibility that account passwords etc have been transferred.

Thanks again Linc for the excellent instructions.

thank you very much for your help

google keystone agent is legitimate.

I think the rest are probably malware.

How does posting a screen shot of

~/Library/LaunchAgents

fix the problem --what am I missing to this logic?