Q: MacKeeper install nightmare

The Guest account is part of OSX and nothing to worry about. It's for temporary use if someone wants to use your Mac and you don't want them messing with your account; all its contents and settings are erased when you log out. You can't remove it, but as I say it's quite normal to have it.

how to avoid or remove mac defender , mac keeper , mac helper .an apple article is there ; support.apple.com/kb/ph202225 .

open spotlight - type - activity monitor in top extreme right - search field is there - type mac defender - click on it if it is there in system it will be shown and the same way rest of 2 .

or best method - click on all processes - all process will be in alphabetical order - go to M -  mac keeper , mac helper , mace security will be there . select all of  them . click on quit or force quit in the same window on left top corner .

quit activity monitor application

  then go to finder from dock - click application folder - locate the malware if it is visible drag and drop all of them to trash or select first on - do a right click - move to trash . same for rest of two .

also this malware installs in users & groups : go to system preferences - users & groups - open pad lock by entering your user name password - select that malware - click on minus sign it is moved into trash .

see these malware in downloads - go to finder from dock - click 0n download folder - select them move to trash .

in the last go  to apple logo - click on restart - ten empty the trash bu using key board command : shift + command + delete - then click or hit enter .

    they are gone : symptoms of this malware are sometimes a robotic figure is formed when you open safari .

to avoid malware : download www.malwarebytes.org/antimalware/mac  in your download folder .

  once it is downloaded move this file to application folder .( use 3 fingers to drag & drop in application folder )

     then remove this malwarebytes from download folder as it is .dmg file it will occupy hard disk space .

now how to open it : move to application folder select malwarebytes - do a right click on it -   click on open - then click on scan

note it is a 3rd party app so this is the only way to open an unidentified app : apple article for it : support.apple.com/kb/ph/18657

note : use malwarebytes it is very much compatible with mac computers . it removes even viruses ( that are very rare in mac computers ) .exe , .db . txt files don't work on a mac & malwarebytes searches the entire mac finds all known viruses and stays updated to current malware & virus types . it shouldn't miss anything even locked files

While your enthusiasm to help is commendable, your posts are:

1) Almost impossible to read.

2) Filled with errors, both instructional and grammatical.

3) Often direct the person to use dangerous commands.

There are no Mac viruses. None. So they aren't just rare, there are none at all. You did get it right though that .exe files won't run on a Mac.

However, a .db file (usually short for database) isn't an app of any kind. And all kinds of apps, including those for the Mac, write files with that suffix. It's rather generic. In fact, I just did a search for .db files on my Mac. There are 533 of them on my El Capitan drive alone.

No idea at all why you believe a Mac can't use a .txt file. Just what kind of file type do you think TextEdit saves files as when they are plain text? That's right - .txt .

enlarge the post by pressing command  plus

  secondly i do agree while typing  in a fast way spelling mistakes do appear .

  these are key board short cuts used by a normal user in routine .

have you ever used malware bytes  it will pull out malware   . if not go to root user account - do a scan from there then log out from root user account as it is not safe to use after scanning .

  if any malicious software having embedded contents is downloaded it will be not removed .

  in this case : you have to wipe out hard drive - do a fresh installation

regarding mac keeper malware : i have already given the article no - it has to be removed manually .

some terminal commands are there to remove virus : but if is not expert in executing sudo commands . issues can come in system .

    in your case if you have doubts if any malicious software is there or virus do a fresh installation .

enlarge the post by pressing command  plus

Okay, you clearly didn't understand "Almost impossible to read." As in, so poorly written, with almost a complete lack of English punctuation, leading a sentence with a capital letter, etc., your posts are almost incomprehensible. Nothing to do with my eyesight.

these are key board short cuts used by a normal user in routine .

No, theses are shortcuts used by people who think chat-speak is an actual language. This is a multinational forum. It doesn't help users who's first language is not English try to decipher such a grammatical mess. There may be help in there they can use, but is almost impossible to glean from the post when you have trouble with English to start with. It's not much better for users who's first language is English.

Make an attempt to write real English. Speed is not preferrable to comprehension.

have you ever used malware bytes  it will pull out malware

Yes. It removes adware, not malware. Malware is a grouping of viruses, Trojans and worms. Adware is separated because it is generally not harmful, just really annoying. The name came from the company MalwareBytes, who wanted a common name on the Mac version, even though it has little to do with removing malware. Before being hired by MalwareBytes, Thomas Reed's app was named AdwareMedic. He has since started to add the ability to find and remove some actual malware, but first and foremost, it's purpose is to remove adware.

if not go to root user account

Number 3 above. Never, EVER, enable root without very good reason. There's no reason at all in enabling root in order to run MalwareBytes for Mac.

You're also speaking to me as if I need help removing something from my system. That is, you're just posting without reading.

The Other is normally the Root User. Article tells how to disable it.

Root User

is there any way to remove rom- 0- 1 malware please guide me .

You're going to have to be much more specific. rom- 0- 1 means little to nothing.

appreciate wrote:

 

is there any way to remove rom- 0- 1 malware please guide me .

It would be respectful to the original poster to start your own thread.

Best of luck.

There is a vulnerability in some routers whereby the ROM-0 configuration file can be downloaded (and then presumably modified and re-uploaded):

http://www.securityweek.com/widespread-attack-campaign-highlights-router-securit y-woes

This page will run a test for the vulnerability (it doesn't download the file, simply checks whether it's possible):

http://rom-0.cz/index/

My (older) Airport Extreme tested as 'probably not vulnerable'.

Thanks, Roger. I knew of various types of router attacks, but had yet to hear of it described as ROM-0.

While I had no reason to believe my router may be compromised, I ran the test and got this ambiguous message:

Address is probably not vulnerable

Not exactly a rousing declaration of cleanliness, but better than something saying I was in deep doo-doo.

One dot is not someone whose advice I consider proficient. Level 8 and up are those who may well know what they are talking about.

That one users need to keep an open mind about. More dots only means the person has been here for quite a few years and so has accumulated a lot of points from folks they have helped. But the very first post from a new user could easily be from a computer expert who just signed up on the forums, and they have the perfect answer. As such, I pay no attention to a user's level, but rather what they say and do.

1. Can't answer that at all. I don't use iCloud so can't say where the user Other would have come from.

2. I tried to find some of your items. Item pishaugupd.root literally exists nowhere on the web other than in this topic. A Google search turns up one (count 'em, one!) match for that phrase - this topic. com.apple.launchd.peruser.401 (most often ends in 501, which is the first user account created) are said to be leftover logs. Harmless and can be removed. cellulate is another one I can find no reference to at all related to OS X.

Just in case they may have some importance, I'd backup the drive, first. Then download EasyFind. To remove them, launch EasyFind. I find these to be the most useful settings. Particularly in this case where you want it to show items that would normally be hidden, such as the var folder.

Do a search on your drive for pishaugupd.root . When it appears in the list, click on it. At the bottom of the EasyFind window, a string of folders showing its path and location will be shown. This is live and any folder or item can be double clicked. In the example below, I've highlighted one of the only two files in the /private/var/ location of my drive:

So I could double click the folder Google to the right to open it in the Finder, then delete the file goog-phish-shavar if I wanted to. Those you do choose to remove may ask for your admin password before it will allow the item to be put in the trash.

Kurt Lang wrote:

It removes adware, not malware.

Actually, Malwarebytes Anti-Malware for Mac will remove malware as well... the trick will be actually finding any of it so that you can have Malwarebytes Anti-Malware remove it from your Mac. And this isn't actually a malware case, or at least, not outright malware... just particularly nasty adware.