HT201222: Apple security updates

Learn about Apple security updates
ftt944

Q: Removing Jimbrie from Mac

How to remove Jimbrie malware from my iMac

iMac, OS X El Capitan (10.11.3)

Posted on Apr 9, 2016 6:41 AM

Close

Q: Removing Jimbrie from Mac

  • All replies
  • Helpful answers

  • by Linc Davis,

    Linc Davis Linc Davis Apr 9, 2016 6:52 AM in response to ftt944
    Level 10 (207,926 points)
    Applications
    Apr 9, 2016 6:52 AM in response to ftt944

    You may have installed ad-injection malware ("adware").

    Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

    Back up all data first.

    Some of the most common types of adware can be removed by following Apple's instructions. But before you follow those instructions, you can attempt an automatic removal.

    If you're not already running the latest version of OS X ("El Capitan"), updating or upgrading in the App Store may cause the adware to be removed automatically. If you're already running the latest version of El Capitan, you can nevertheless download the current updater from the Apple Support Downloads page and run it. Again, some kinds of malware will be removed—not all. There is no such thing as automatic removal of all possible malware, either by OS X or by third-party software. That's why you can't rely on software to protect you.

    If the malware is removed in your case, you'll still need to make changes to the way you use the computer to protect yourself from further attacks. Ask if you need guidance.

    If the malware is not removed automatically, and you can't remove it yourself by following Apple's instructions, see below.

    This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.

    Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

    If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.

    Step 1

    Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

    ~/Library/LaunchAgents

    In the Finder, select

              Go â–¹ Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

    If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

    There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

    Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

    Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

    Leave the folder open for now.

    Step 2

    Do as in Step 1 with this line:

    /Library/LaunchAgents

    The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

    Step 3

    Repeat with this line:

    /Library/LaunchDaemons

    This time the folder will be named "LaunchDaemons."

    Step 4

    Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

    Step 5

    If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

  • by Cocccs,

    Cocccs Cocccs Apr 26, 2016 3:39 PM in response to Linc Davis
    Level 1 (0 points)
    Apr 26, 2016 3:39 PM in response to Linc Davis

    Linc Davis!  It looks like I have some jimbrie files under ~/Library/LaunchAgents.  Will deleting them work?  Thanks for your very clear instructions, and you will be forever my hero if you can tell me how to get rid of this!

     

    Screen Shot 2016-04-26 at 6.33.30 PM.pngScreen Shot 2016-04-26 at 6.33.03 PM.pngScreen Shot 2016-04-26 at 6.32.31 PM.png

  • by Linc Davis,

    Linc Davis Linc Davis Apr 26, 2016 4:27 PM in response to Cocccs
    Level 10 (207,926 points)
    Applications
    Apr 26, 2016 4:27 PM in response to Cocccs

    Please back up all data first, then move the files with "Jimbrie," "yeti," or "Javeview" in the name to the Trash. You will get a warning that some of the files are locked; confirm. Log out or restart the computer, then empty the Trash.

  • by Cocccs,

    Cocccs Cocccs Apr 26, 2016 7:16 PM in response to Linc Davis
    Level 1 (0 points)
    Apr 26, 2016 7:16 PM in response to Linc Davis

    You are a true gem! Thanks so much!

  • by reneeintucson,

    reneeintucson reneeintucson Aug 2, 2016 11:44 AM in response to ftt944
    Level 1 (4 points)
    Aug 2, 2016 11:44 AM in response to ftt944

    I don't seem to have any jimbrie files in these folders. Could they be named deceptively, or is there another place they

    could be? Thanks, btw, for your fantastically clear instructions! Much appreciated.Screen Shot 2016-08-02 at 10.56.32 AM.pngScreen Shot 2016-08-02 at 10.58.25 AM.pngScreen Shot 2016-08-02 at 10.47.03 AM.png

  • by reneeintucson,

    reneeintucson reneeintucson Aug 5, 2016 6:36 AM in response to ftt944
    Level 1 (4 points)
    Aug 5, 2016 6:36 AM in response to ftt944

    After removing files, I still needed to go into Google settings / advanced settings and, down at the bottom, click reset. Jimbrie had set Google to go get it every time it started. The extensions were clear and I couldn't see this on the settings sheet. Clicking reset finally fixed a very frustrating problem.

  • by lissafromlaguna beach,

    lissafromlaguna beach lissafromlaguna beach Sep 3, 2016 10:29 AM in response to Linc Davis
    Level 1 (4 points)
    Sep 3, 2016 10:29 AM in response to Linc Davis

    Screen Shot 2016-09-03 at 12.13.49 PM.png

  • by lissafromlaguna beach,

    lissafromlaguna beach lissafromlaguna beach Sep 3, 2016 10:40 AM in response to lissafromlaguna beach
    Level 1 (4 points)
    Sep 3, 2016 10:40 AM in response to lissafromlaguna beach

    2Screenshot_9_3_16__10_34_AM.jpg3Screenshot_9_3_16__10_36_AM.jpg4Screenshot_9_3_16__10_41_AM.jpg

  • by lissafromlaguna beach,

    lissafromlaguna beach lissafromlaguna beach Sep 3, 2016 10:48 AM in response to lissafromlaguna beach
    Level 1 (4 points)
    Sep 3, 2016 10:48 AM in response to lissafromlaguna beach

    5Screenshot_9_3_16__10_47_AM.jpg6Screenshot_9_3_16__10_49_AM.jpg

  • by lissafromlaguna beach,

    lissafromlaguna beach lissafromlaguna beach Sep 3, 2016 10:51 AM in response to lissafromlaguna beach
    Level 1 (4 points)
    Sep 3, 2016 10:51 AM in response to lissafromlaguna beach

    Hi Link, I uploaded the files in the wrong order, but I did do them all in the right order. Should I repeat the same process and just put all jimbrie files in the trash and delete as I go to each folder, I didn't see any instructions in the step by steps to delete and I don't want to get ahead of myself.  Then after that do I reset my browsers so the homepage is back to normal. Thank you so much for your help.