lora from lake orion

Q: what is kuklorest? Something seems to be taking over my browser and setting it to bing

what is kuklorest? Something seems to be taking over my browser and setting it to bing

MacBook Pro (Retina, 15-inch, Mid 2014), iOS 8.4.1

Posted on Aug 27, 2015 6:41 AM

Close

Q: what is kuklorest? Something seems to be taking over my browser and setting it to bing

  • All replies
  • Helpful answers

Previous Page 2 of 3 last Next
  • by sammy2016,

    sammy2016 sammy2016 Dec 22, 2015 11:02 AM in response to Linc Davis
    Level 1 (0 points)
    Dec 22, 2015 11:02 AM in response to Linc Davis

    I've gone through these steps twice, restarted twice, but no success – when I open a new Safari page, it still gives me the Klukorest page rather than Google (what my homepage had been set to), and when I go to Settings/General, the option for setting the homepage still does not appear, therefore I cannot reset the homepage. I followed the steps as far as I could: I deleted everything suspicious in Launch Agent and in Application Support folders within Library, emptied trash, and rebooted. But I wasn't able to follow the Extension step because when I go to Settings/Extensions, there doesn't seem to be any way to delete any of the extensions (only option there is to check or uncheck boxes, there is no toggle on/off button anywhere, hitting "delete" does nothing no matter where I put the cursor, nothing highlights, and no matter where I double click, nothing happens and no option to delete). Help please!

  • by stevejobsfan0123,

    stevejobsfan0123 stevejobsfan0123 Dec 22, 2015 11:06 AM in response to sammy2016
    Level 8 (43,997 points)
    iPhone
    Dec 22, 2015 11:06 AM in response to sammy2016

    Are you unwilling to try the other recommendations in this thread? They were outlined before the post with the long and apparently incomplete instructions.

  • by Linc Davis,

    Linc Davis Linc Davis Dec 22, 2015 12:29 PM in response to sammy2016
    Level 10 (208,037 points)
    Applications
    Dec 22, 2015 12:29 PM in response to sammy2016

    You may have installed ad-injection malware ("adware").

    Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

    Some of the most common types of adware can be removed by following Apple's instructions.

    If you're not already running the latest version of OS X ("El Capitan"), updating or upgrading in the App Store may cause the adware to be removed automatically. Back up all data before taking that step. If you're already running the latest version of El Capitan, you can nevertheless download the current updater from the Apple Support Downloads page and run it. Again, some kinds of malware will be removed. That may be all you need to do as far as removal is concerned, but you'll still need to make changes to the way you use the computer to protect yourself from further attacks.

    If the above steps don't work for you, see below.

    This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.

    Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

    If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.

    Step 1

    Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

    ~/Library/LaunchAgents

    In the Finder, select

              Go Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

    If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

    There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

    Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

    Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

    Leave the folder open for now.

    Step 2

    Do as in Step 1 with this line:

    /Library/LaunchAgents

    The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

    Step 3

    Repeat with this line:

    /Library/LaunchDaemons

    This time the folder will be named "LaunchDaemons."

    Step 4

    Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

    Step 5

    If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

  • by tcommerford,

    tcommerford tcommerford Dec 30, 2015 4:14 PM in response to Linc Davis
    Level 1 (0 points)
    Dec 30, 2015 4:14 PM in response to Linc Davis

    Every time I open Chrome it defaults to search.kulorest.com even though the default searches are all set to Google in Chrome.

    Screen Shot 2015-12-30 at 5.41.34 PM.pngScreen Shot 2015-12-30 at 6.05.56 PM.pngScreen Shot 2015-12-30 at 6.07.35 PM.pngScreen Shot 2015-12-30 at 6.08.58 PM.pngScreen Shot 2015-12-30 at 6.12.26 PM.png

  • by Linc Davis,

    Linc Davis Linc Davis Dec 30, 2015 4:50 PM in response to tcommerford
    Level 10 (208,037 points)
    Applications
    Dec 30, 2015 4:50 PM in response to tcommerford

    Please create a new Chrome user profile. Note that Chrome can sync your account settings between devices, so if you enable that feature, malicious profile data can spread from one to another in a virus-like way.

  • by tcommerford,

    tcommerford tcommerford Dec 30, 2015 9:10 PM in response to Linc Davis
    Level 1 (0 points)
    Dec 30, 2015 9:10 PM in response to Linc Davis

    Thank you so much.  That has resolved the issue with Chrome.   Can you point me to any information to clean up Firefox?  I continue to be directed to dev.search.strtpoint.com when searching from within the address bar on that browser.

     

    Update: I was able to resolve the Firefox issue by doing a complete refresh of the browser via its about:support troubleshooting page.

  • by Linc Davis,

    Linc Davis Linc Davis Dec 30, 2015 9:09 PM in response to tcommerford
    Level 10 (208,037 points)
    Applications
    Dec 30, 2015 9:09 PM in response to tcommerford

    If Safari is not affected, you may have installed a malicious Firefox extension.

    First follow the instructions on this page. If there's a Firefox extension you can't remove in the Extensions manager, see below.

    Back up all data before proceeding.

    Triple-click anywhere in the line below on this page to select it:

    ~/Library/Application Support/Mozilla

    Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

              Go Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return.

    A folder should open with an item named "Mozilla" selected. Quit Firefox if it's running. Move the selected item to the Trash. Relaunch the browser and test.

    If the extension is still present, repeat with this line:

    /Library/Application Support/Mozilla

    If this folder exists, you may be prompted for your administrator login password when making changes to it.

    Some kinds of malware may insert code into the Firefox application itself. If the above steps don't solve the problem, quit Firefox, delete it from the Applications folder, and download a fresh copy directly from mozilla.org.

  • by tcommerford,

    tcommerford tcommerford Dec 30, 2015 9:15 PM in response to Linc Davis
    Level 1 (0 points)
    Dec 30, 2015 9:15 PM in response to Linc Davis

    Thanks again.  I also implemented the steps you outlined and all appears to be working fine. 

  • by sammy2016,

    sammy2016 sammy2016 Dec 31, 2015 10:37 AM in response to Linc Davis
    Level 1 (0 points)
    Dec 31, 2015 10:37 AM in response to Linc Davis

    Below are all the screenshots. Nothing looks suspicious (I had deleted malware stuff the last time I went through some of these steps), except that the Kuklorest extension appeared this time, though not the last time I checked. Should I uninstall that extension? Delete it? Something else? Thanks!!

    Screen Shot 2015-12-31 at 10.24.47 AM.pngten

    Screen Shot 2015-12-31 at 10.27.38 AM.png

    Screen Shot 2015-12-31 at 10.29.08 AM.png

    Screen Shot 2015-12-31 at 10.30.58 AM.png

    Interesting - last time i went through the steps (similar, but not exactly the same as your steps), my extensions folder did not include Kuklorest. Not sure if I should uninstall it or delete it or what, so doing nothing right now.

    Screen Shot 2015-12-31 at 10.33.09 AM.png

    I don't usually use Chrome, but I do have it, so did the screenshot of Extensions.

  • by Linc Davis,

    Linc Davis Linc Davis Dec 31, 2015 3:03 PM in response to sammy2016
    Level 10 (208,037 points)
    Applications
    Dec 31, 2015 3:03 PM in response to sammy2016
    Should I uninstall that extension?

    Yes.

  • by sammy2016,

    sammy2016 sammy2016 Jan 2, 2016 1:24 PM in response to Linc Davis
    Level 1 (0 points)
    Jan 2, 2016 1:24 PM in response to Linc Davis

    Thank you! Finally, success. I really appreciate your help.

  • by rburton,

    rburton rburton Feb 22, 2016 12:23 PM in response to Linc Davis
    Level 1 (0 points)
    Feb 22, 2016 12:23 PM in response to Linc Davis

    Thanks Linc Davis -- I appreciate your easy-to-follow explanation that solved the problem.

  • by Alderley Apple,

    Alderley Apple Alderley Apple Mar 22, 2016 8:23 AM in response to Linc Davis
    Level 1 (0 points)
    Mar 22, 2016 8:23 AM in response to Linc Davis

    This worked for me. Many thanks.

  • by Windin88,

    Windin88 Windin88 Mar 22, 2016 9:14 PM in response to Linc Davis
    Level 1 (0 points)
    Mar 22, 2016 9:14 PM in response to Linc Davis

    Thanks so much!!!

     

    All done!!!

  • by Myomaman,

    Myomaman Myomaman Apr 2, 2016 9:14 AM in response to Linc Davis
    Level 1 (4 points)
    Apr 2, 2016 9:14 AM in response to Linc Davis

    Linc,

     

    Thank you so much for the info on removing kuklorest.  The Apple support on removal of adware and malware was helpful and thankfully i didn't have any of those on my Mac, but i did recently find that kuklorest had made it onto my Mac.  I followed all your instructions and appear to be clean now with one exception.  I still show a kuklorest uninstall icon in my Applications.  When I try to move it to the trash, I am told I do not have permission to do so.  How can I remove this last piece of kuklorest?

Previous Page 2 of 3 last Next