planeta4166

Q: How can I remove installmac virus from my Mac Pro

Hi everyone, every time I open Chrome the default page is installmac. This virus have been giving me internet connection problems and my computer is also slowing down.

 

Is there any way I can delete this virus?

 

 

Thanks.

Posted on Sep 23, 2013 5:35 AM

Close

Q: How can I remove installmac virus from my Mac Pro

  • All replies
  • Helpful answers

first Previous Page 3 of 3
  • by thomas_r.,

    thomas_r. thomas_r. Aug 19, 2014 3:09 AM in response to vietitali
    Level 7 (30,944 points)
    Mac OS X
    Aug 19, 2014 3:09 AM in response to vietitali

    vietitali wrote:

     

    I still get the "search install" and bing when I search in the address bar on Google Chrome.

     

    I'm not sure I understand that. You can't have two different search engines selected at once. What exactly are you seeing? A screenshot would help.

     

    Make a screenshot by following the directions here:

     

    http://support.apple.com/kb/HT5775

     

    Be sure no sensitive personal information is displayed. To add that image to a post here, click the camera icon in the post editor toolbar.

  • by John Darrah,

    John Darrah John Darrah Aug 20, 2014 11:33 AM in response to thomas_r.
    Level 1 (19 points)
    Quicktime
    Aug 20, 2014 11:33 AM in response to thomas_r.

    thank you. That was supposed to be ALL CAP

  • by jwelsh802,

    jwelsh802 jwelsh802 Jan 3, 2015 2:23 PM in response to Linc Davis
    Level 1 (0 points)
    Jan 3, 2015 2:23 PM in response to Linc Davis

    System Version: OS X 10.10.1 (14B25)

    Kernel Version: Darwin 14.0.0

    Boot Mode: Normal

     

     

    Model: MacBookPro9,2

     

     

    USB

     

     

       Slim  Mac SL (Seagate LLC)

     

     

    User diagnostics

     

     

       2014-12-16 iFunBox crash

       2014-12-16 iFunBox crash

       2014-12-16 iFunBox crash

       2014-12-16 iFunBox crash

     

     

    Kernel messages

     

     

       --- last message repeated 1 time ---

       Jan 2 16:04:23   WARNING: hibernate_page_list_setall skipped 18335 xpmapped pages

       Jan 2 16:22:15   BUG in process suhelperd[167]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       --- last message repeated 118 times ---

       Jan 2 16:22:41   BUG in process suhelperd[167]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)

       Jan 2 16:49:48   WARNING: hibernate_page_list_setall skipped 4908 xpmapped pages

       --- last message repeated 1 time ---

       Jan 2 17:13:11   WARNING: hibernate_page_list_setall skipped 5491 xpmapped pages

       --- last message repeated 1 time ---

       Jan 2 17:45:08   WARNING: hibernate_page_list_setall skipped 5940 xpmapped pages

       --- last message repeated 1 time ---

       Jan 2 20:30:06   WARNING: hibernate_page_list_setall skipped 6170 xpmapped pages

       --- last message repeated 1 time ---

       Jan 2 20:43:15   WARNING: hibernate_page_list_setall skipped 7380 xpmapped pages

       Jan 3 14:02:46   BUG in process suhelperd[167]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       Jan 3 14:02:47   utun_start: ifnet_disable_output returned error 12

       Jan 3 14:04:01   BUG in process suhelperd[167]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       --- last message repeated 129 times ---

       Jan 3 15:01:35   WARNING: hibernate_page_list_setall skipped 7380 xpmapped pages

       Jan 3 15:01:56   WARNING: hibernate_page_list_setall skipped 23007 xpmapped pages

       Jan 3 15:47:54   Over-release of kernel-internal importance assertions for pid 17 (syslogd), dropping 1 assertion(s) but task only has 3 remaining (3 external).

       Jan 3 16:03:37   BUG in process suhelperd[178]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       --- last message repeated 118 times ---

       Jan 3 16:04:15   BUG in process suhelperd[178]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)

       Jan 3 16:39:49   process Finder[207] caught causing excessive wakeups. Observed wakeups rate (per sec): 151; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 80261

     

     

    Extrinsic daemons

     

     

       com.microsoft.office.licensing.helper

       com.adobe.fpsaud

       com.seagate.TBDecorator.plist

     

     

    Extrinsic agents

     

     

       com.genieo.completer.ltvbit

       com.leadertech.PowerRegister.SEA1.UUID

       com.genieo.completer.download

       com.genieo.completer.update

       com.google.keystone.user.agent

     

     

    launchd items

     

     

       /Library/LaunchDaemons/com.adobe.fpsaud.plist

        (com.adobe.fpsaud)

       /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

        (com.microsoft.office.licensing.helper)

       Library/LaunchAgents/com.genieo.completer.download.plist

        (com.genieo.completer.download)

       Library/LaunchAgents/com.genieo.completer.ltvbit.plist

        (com.genieo.completer.ltvbit)

       Library/LaunchAgents/com.genieo.completer.update.plist

        (com.genieo.completer.update)

       Library/LaunchAgents/com.google.keystone.agent.plist

        (com.google.keystone.user.agent)

       Library/LaunchAgents/com.leadertech.PowerRegister.SEA1.UUID.plist

        (com.leadertech.PowerRegister.SEA1.UUID)

     

     

    Extrinsic loadable bundles

     

     

       /System/Library/Extensions/JMicronATA.kext

        (com.jmicron.JMicronATA)

       /System/Library/Extensions/Seagate Storage Driver.kext

        (com.seagate.driver.PowSecDriverCore)

       /Library/Internet Plug-Ins/Flash Player.plugin

        (com.macromedia.Flash Player.plugin)

       /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

        (com.microsoft.sharepoint.browserplugin)

       /Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

        (com.microsoft.sharepoint.webkitplugin)

       /Library/Internet Plug-Ins/Silverlight.plugin

        (com.microsoft.SilverlightPlugin)

       /Library/PreferencePanes/Flash Player.prefPane

        (com.adobe.flashplayerpreferences)

     

     

    DNS (from DHCP): 75.75.75.75

     

     

    User login items

     

     

       iTunesHelper

     

     

    Safari extensions

     

     

       Omnibar

     

     

    Restricted user files: 136

     

     

    Elapsed time (s): 695

  • by life_doc13,

    life_doc13 life_doc13 Jan 15, 2015 8:17 AM in response to Linc Davis
    Level 1 (0 points)
    Jan 15, 2015 8:17 AM in response to Linc Davis

    System Version: OS X 10.9.4 (13E28)

    Kernel Version: Darwin 13.3.0

    Boot Mode: Normal

     

     

    Model: MacBookPro6,2

     

     

    Battery cycles: 905

     

     

    USB

     

     

       BRCM2070 Hub (Broadcom Corp.)

       Bluetooth USB Host Controller (Apple Inc.)

       Apple Internal Keyboard / Trackpad (Apple Inc.)

       Internal Memory Card Reader (Apple Inc.)

       IR Receiver (Apple Inc.)

     

     

    System diagnostics

     

     

       2014-12-31 Photo Booth spin

       2014-12-31 Photo Booth spin

       2015-01-05 Google Chrome Helper spin

       2015-01-09 PluginProcess spin

       2015-01-09 iPhoto spin

       2015-01-10 PluginProcess spin

       2015-01-12 WindowServer spin

       2015-01-13 PluginProcess spin

       2015-01-13 PluginProcess spin

       2015-01-14 WindowServer spin

     

     

    User diagnostics

     

     

       2014-12-25 PluginProcess crash

       2014-12-25 PluginProcess crash

       2014-12-31 iMovie crash

       2014-12-31 iMovie crash

       2015-01-12 NotificationCenter crash

     

     

    Kernel messages

     

     

       Jan 14 10:43:28   MacAuthEvent en1 Auth result for: 56:02:02:06:20:d7 Auth timed out

       Jan 14 11:02:01   WARNING: hibernate_page_list_setall skipped 109108 xpmapped pages

       Jan 14 11:02:19   WARNING: hibernate_page_list_setall skipped 165053 xpmapped pages

       Jan 14 15:40:47   MacAuthEvent en1 Auth result for: 56:02:02:06:21:84 Auth timed out

       Jan 14 15:40:47   MacAuthEvent en1 Auth result for: 56:02:01:06:21:81 Auth timed out

       Jan 14 15:40:48   MacAuthEvent en1 Auth result for: 56:02:01:06:21:66 Auth timed out

       Jan 14 15:40:48   MacAuthEvent en1 Auth result for: 56:02:02:06:21:81 Auth timed out

       Jan 14 15:51:04   WARNING: hibernate_page_list_setall skipped 165053 xpmapped pages

       Jan 14 15:51:24   WARNING: hibernate_page_list_setall skipped 225290 xpmapped pages

       Jan 14 17:19:26   WARNING: hibernate_page_list_setall skipped 225290 xpmapped pages

       Jan 14 17:19:42   WARNING: hibernate_page_list_setall skipped 285580 xpmapped pages

       Jan 14 21:31:10   wl0: Roamed or switched channel, reason #4, bssid 78:cd:8e:21:4d:d8

       Jan 14 21:34:06   wl0: Roamed or switched channel, reason #8, bssid 78:cd:8e:21:4d:d8

       Jan 14 21:53:15   wl0: Roamed or switched channel, reason #4, bssid 78:cd:8e:21:4d:d8

       --- last message repeated 4 times ---

       Jan 14 21:56:46   wl0: Roamed or switched channel, reason #8, bssid 78:cd:8e:21:4d:d8

       Jan 14 21:57:14   wl0: Roamed or switched channel, reason #4, bssid 78:cd:8e:21:4d:d8

       Jan 14 21:59:27   process WindowServer[98] caught causing excessive wakeups. Observed wakeups rate (per sec): 315; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 283447

       Jan 14 21:59:30   wl0: Roamed or switched channel, reason #8, bssid 78:cd:8e:21:4d:d8

       --- last message repeated 1 time ---

       Jan 14 22:06:11   process Google Chrome He[19909] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback

       Jan 14 22:07:07   process Google Chrome He[19894] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback

       Jan 14 22:16:08   WARNING: hibernate_page_list_setall skipped 285580 xpmapped pages

       Jan 14 22:16:25   WARNING: hibernate_page_list_setall skipped 357692 xpmapped pages

       Jan 15 10:46:46   Previous Shutdown Cause: -60

     

     

    Extrinsic daemons

     

     

       scManagerD

       com.oracle.java.Helper-Tool

       com.microsoft.office.licensing.helper

       com.google.keystone.daemon

       com.cloudpath.maccmd

       com.adobe.fpsaud

     

     

    Extrinsic agents

     

     

       com.oracle.java.Java-Updater

       com.google.keystone.system.agent

       com.flashmall.updater

       com.flashmall.enabler

       com.zeobit.MacKeeper.Helper

       com.webtools.update.agent

       com.webhelper

       com.crossrider.wss002501.agent.plist

       com.adobe.ARM.UUID

     

     

    launchd items

     

     

       /Library/LaunchAgents/com.google.keystone.agent.plist

        (com.google.keystone.system.agent)

       /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

        (com.oracle.java.Java-Updater)

       /Library/LaunchAgents/com.teamviewer.teamviewer.plist

        (com.teamviewer.teamviewer)

       /Library/LaunchAgents/com.teamviewer.teamviewer_desktop.plist

        (com.teamviewer.desktop)

       /Library/LaunchDaemons/com.adobe.fpsaud.plist

        (com.adobe.fpsaud)

       /Library/LaunchDaemons/com.cloudpath.maccmd.plist

        (com.cloudpath.maccmd)

       /Library/LaunchDaemons/com.google.keystone.daemon.plist

        (com.google.keystone.daemon)

       /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

        (com.microsoft.office.licensing.helper)

       /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

        (com.oracle.java.Helper-Tool)

       /Library/LaunchDaemons/com.teamviewer.teamviewer_service.plist

        (com.teamviewer.service)

       /Library/LaunchDaemons/Safe.Connect.plist

        (scManagerD)

       Library/LaunchAgents/com.adobe.ARM.UUID.plist

        (com.adobe.ARM.UUID)

       Library/LaunchAgents/com.apple.FolderActions.enabled.plist

        (com.apple.FolderActions.enabled)

       Library/LaunchAgents/com.apple.FolderActions.folders.plist

        (com.apple.FolderActions.folders)

       Library/LaunchAgents/com.crossrider.wss002501.agent.plist

        (com.crossrider.wss002501.agent.plist)

       Library/LaunchAgents/com.webhelper.plist

        (com.webhelper)

       Library/LaunchAgents/com.webtools.update.agent.plist

        (com.webtools.update.agent)

       Library/LaunchAgents/com.zeobit.MacKeeper.Helper.plist

        (com.zeobit.MacKeeper.Helper)

       Library/LaunchAgents/Safari Security

        (No job label)

       Library/LaunchAgents/WebSocketServerApp

        (No job label)

     

     

    Extrinsic loadable bundles

     

     

       /System/Library/CoreServices/SecurityAgentPlugins/HomeDirMechanism.bundle

        (com.apple.SecurityAgentPlugin.HomeDirMechanism)

       /System/Library/CoreServices/SecurityAgentPlugins/KerberosAgent.bundle

        (com.apple.KerberosAgent)

       /System/Library/CoreServices/SecurityAgentPlugins/loginwindow.bundle

        (com.apple.securityAgentPlugins.loginwindowUI)

       /System/Library/CoreServices/SecurityAgentPlugins/MCXMechanism.bundle

        (com.apple.securityAgentPlugin.MCXMechanism)

       /System/Library/CoreServices/SecurityAgentPlugins/PKINITMechanism.bundle

        (com.apple.PKINITMechanism)

       /System/Library/CoreServices/SecurityAgentPlugins/RestartAuthorization.bundle

        (com.apple.securityAgentPlugin.RestartAuthorization)

       /System/Library/Extensions/AMDRadeonVADriver.bundle

        (com.apple. AMDRadeonVADriver)

       /System/Library/Extensions/AMDRadeonX3000.kext

        (com.apple.AMDRadeonX3000)

       /System/Library/Extensions/AMDRadeonX3000GLDriver.bundle

        (com.apple.AMDRadeonX3000GLDriver)

       /System/Library/Extensions/AMDRadeonX4000.kext

        (com.apple.AMDRadeonX4000)

       /System/Library/Extensions/AMDRadeonX4000GLDriver.bundle

        (com.apple.AMDRadeonX4000GLDriver)

       /System/Library/Extensions/AppleFSCompressionTypeLZVN.kext

        (com.apple.AppleFSCompression.AppleFSCompressionTypeLZVN)

       /System/Library/Extensions/AppleIntelHD3000Graphics.kext

        (com.apple.driver.AppleIntelHD3000Graphics)

       /System/Library/Extensions/AppleIntelHD3000GraphicsGA.plugin

        (com.apple.driver.AppleIntelHD3000GraphicsGA)

       /System/Library/Extensions/AppleIntelHD3000GraphicsGLDriver.bundle

        (com.apple.driver.AppleIntelHD3000GraphicsGLDriver)

       /System/Library/Extensions/AppleIntelHD3000GraphicsVADriver.bundle

        (com.apple.AppleIntelHD3000GraphicsVADriver)

       /System/Library/Extensions/AppleIntelHD4000Graphics.kext

        (com.apple.driver.AppleIntelHD4000Graphics)

       /System/Library/Extensions/AppleIntelHD4000GraphicsGLDriver.bundle

        (com.apple.driver.AppleIntelHD4000GraphicsGLDriver)

       /System/Library/Extensions/AppleIntelHD4000GraphicsVADriver.bundle

        (com.apple.AppleIntelHD4000GraphicsVADriver)

       /System/Library/Extensions/AppleIntelHD5000Graphics.kext

        (com.apple.driver.AppleIntelHD5000Graphics)

       /System/Library/Extensions/AppleIntelHD5000GraphicsGLDriver.bundle

        (com.apple.driver.AppleIntelHD5000GraphicsGLDriver)

       /System/Library/Extensions/AppleIntelHD5000GraphicsVADriver.bundle

        (com.apple.AppleIntelHD5000GraphicsVADriver)

       /System/Library/Extensions/AppleIntelHDGraphicsGLDriver.bundle

        (com.apple.driver.AppleIntelHDGraphicsGLDriver)

       /System/Library/Extensions/AppleIntelHSWVA.bundle

        (com.apple.AppleIntelHSWFBVA)

       /System/Library/Extensions/AppleIntelIVBVA.bundle

        (com.apple.AppleIntelIVBFBVA)

       /System/Library/Extensions/ATIRadeonX2000.kext

        (com.apple.ATIRadeonX2000)

       /System/Library/Extensions/ATIRadeonX2000GA.plugin

        (com.apple.ATIRadeonX2000GA)

       /System/Library/Extensions/ATIRadeonX2000GLDriver.bundle

        (com.apple.ATIRadeonX2000GLDriver)

       /System/Library/Extensions/ATIRadeonX2000VADriver.bundle

        (com.apple.ATIRadeonX2000VADriver)

       /System/Library/Extensions/BJUSBMP.kext

        (jp.co.canon.bj.kext.BJUSBMP)

       /System/Library/Extensions/EPSONUSBPrintClass.kext

        (com.epson.print.kext.USBPrintClass)

       /System/Library/Extensions/GeForce.kext

        (com.apple.GeForce)

       /System/Library/Extensions/GeForceGA.plugin

        (com.apple.GeForceGA)

       /System/Library/Extensions/GeForceGLDriver.bundle

        (com.apple.GeForceGLDriver)

       /System/Library/Extensions/GeForceTesla.kext

        (com.apple.GeForceTesla)

       /System/Library/Extensions/GeForceTeslaGLDriver.bundle

        (com.apple.GeForceTeslaGLDriver)

       /System/Library/Extensions/GeForceTeslaVADriver.bundle

        (com.apple.GeForceTeslaVADriver)

       /System/Library/Extensions/GeForceVADriver.bundle

        (com.apple.GeForceVADriver)

       /System/Library/Extensions/hp_designjet_series.kext

        (com.hp.print.hpio.Designjet.kext)

       /System/Library/Extensions/hp_Deskjet_io_enabler.kext

        (com.hp.print.hpio.Deskjet.kext)

       /System/Library/Extensions/hp_fax_io.kext

        (com.hp.kext.hp-fax-io)

       /System/Library/Extensions/hp_Inkjet1_io_enabler.kext

        (com.hp.print.hpio.Inkjet1.kext)

       /System/Library/Extensions/hp_Inkjet2_io_enabler.kext

        (com.hp.print.hpio.Inkjet2.kext)

       /System/Library/Extensions/hp_Inkjet3_io_enabler.kext

        (com.hp.print.hpio.Inkjet3.kext)

       /System/Library/Extensions/hp_Inkjet4_io_enabler.kext

        (com.hp.print.hpio.Inkjet4.kext)

       /System/Library/Extensions/hp_Inkjet5_io_enabler.kext

        (com.hp.print.hpio.Inkjet5.kext)

       /System/Library/Extensions/hp_Inkjet7_io_enabler.kext

        (com.hp.print.hpio.inkjet7.kext)

       /System/Library/Extensions/hp_Inkjet8_io_enabler.kext

        (com.hp.print.hpio.inkjet8.kext)

       /System/Library/Extensions/hp_Inkjet_io_enabler.kext

        (com.hp.print.hpio.Inkjet.kext)

       /System/Library/Extensions/hp_io_printerclassdriver_enabler.kext

        (com.hp.hpio.hp_io_printerclassdriver_enabler)

       /System/Library/Extensions/hp_Laserjet_io_enabler.kext

        (com.hp.print.hpio.Laserjet.kext)

       /System/Library/Extensions/hp_Officejet_io_enabler.kext

        (com.hp.print.hpio.Officejet.kext)

       /System/Library/Extensions/hp_Photosmart_io_enabler.kext

        (com.hp.print.hpio.Photosmart.kext)

       /System/Library/Extensions/hp_PhotosmartPro_io_enabler.kext

        (com.hp.print.hpio.PhotosmartPro.kext)

       /System/Library/Extensions/hp_psa640_io_enabler.kext

        (com.hp.hpio.hp_psa640_io_enabler)

       /System/Library/Extensions/hp_qc_io_enabler.kext

        (com.hp.hpio.hp_psa530_630_io_enabler)

       /System/Library/Extensions/LexmarkUSBMerge.kext

        (com.lexmark.print.usbmerge)

       /Library/Audio/Plug-Ins/HAL/AirPlay.driver

        (com.apple.audio.AirTunesHALPlugin)

       /Library/Audio/Plug-Ins/HAL/AppleAVBAudio.driver

        (com.apple.audio.AppleAVBAudio)

       /Library/Audio/Plug-Ins/HAL/BluetoothAudioPlugIn.driver

        (com.apple.audio.BluetoothAudioPlugIn)

       /Library/Audio/Plug-Ins/HAL/iSightAudio.driver

        (com.apple.iSightAudio)

       /Library/Extensions/hp_io_enabler_compound.kext

        (com.hp.kext.io.enabler.compound)

       /Library/Internet Plug-Ins/AdobePDFViewer.plugin

        (com.adobe.acrobat.pdfviewer)

       /Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin

        (com.adobe.acrobat.pdfviewerNPAPI)

       /Library/Internet Plug-Ins/Default Browser.plugin

        (com.apple.DefaultBrowser.PlugIn)

       /Library/Internet Plug-Ins/Flash Player.plugin

        (com.macromedia.Flash Player.plugin)

       /Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin

        (net.telestream.wmv.plugin)

       /Library/Internet Plug-Ins/googletalkbrowserplugin.plugin

        (com.google.googletalkbrowserplugin)

       /Library/Internet Plug-Ins/iPhotoPhotocast.plugin

        (com.apple.plugin.iPhotoPhotocast)

       /Library/Internet Plug-Ins/JavaAppletPlugin.plugin

        (com.oracle.java.JavaAppletPlugin)

       /Library/Internet Plug-Ins/o1dbrowserplugin.plugin

        (com.google.o1dbrowserplugin)

       /Library/Internet Plug-Ins/Quartz Composer.webplugin

        (com.apple.QuartzComposer.webplugin)

       /Library/Internet Plug-Ins/QuickTime Plugin.plugin

        (com.apple.QuickTime Plugin.plugin)

       /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

        (com.microsoft.sharepoint.browserplugin)

       /Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

        (com.microsoft.sharepoint.webkitplugin)

       /Library/Internet Plug-Ins/Silverlight.plugin

        (com.microsoft.SilverlightPlugin)

       /Library/iTunes/iTunes Plug-ins/Quartz Composer Visualizer.bundle

        (com.apple.QuartzComposer.iTunesPlugIn)

       /Library/PreferencePanes/Flash Player.prefPane

        (com.adobe.flashplayerpreferences)

       /Library/PreferencePanes/JavaControlPanel.prefPane

        (com.oracle.java.JavaControlPanel)

       /Library/QuickTime/AppleMPEG2Codec.component

        (com.apple.AppleMPEG2Codec)

       /Library/Spotlight/GBSpotlightImporter.mdimporter

        (com.apple.garageband.spotlightimporter)

       /Library/Spotlight/GraphPad Prism.mdimporter

        (com.GraphPad.PrismMDImporter)

       /Library/Spotlight/iBooksAuthor.mdimporter

        (com.apple.MDImporter.iBooksAuthor)

       /Library/Spotlight/iWork.mdimporter

        (com.apple.MDImporter.iWork)

       /Library/Spotlight/Microsoft Office.mdimporter

        (com.microsoft.MDImporter.Office)

       Library/Address Book Plug-Ins/SkypeABDialer.bundle

        (com.skype.skypeabdialer)

       Library/Address Book Plug-Ins/SkypeABSMS.bundle

        (com.skype.skypeabsms)

       Library/Internet Plug-Ins/WebEx64.plugin

        (com.cisco_webex.plugin.gpc64)

       Library/iTunes/iTunes Plug-ins/TuneUp/TuneUp Visualizer.bundle

        (com.TuneUp.app.iTuneUp Visualizer)

     

     

    Extrinsic shared libraries

     

     

       /usr/lib/dtrace/libdtrace_dyld.dylib

       /usr/lib/libgmalloc.B.dylib

       /usr/lib/libruby.2.0.0.dylib

       /usr/lib/libXplugin.1.dylib

     

     

    Proxies

     

     

       ProxyAutoConfigEnable : 1

       ProxyAutoConfigURLString : http://wpad/wpad.dat

       ProxyAutoDiscoveryEnable : 1

     

     

    DNS (from DHCP): 75.75.75.75

     

     

    Profiles: 1

     

     

    User login items

     

     

       iTunesHelper

       Dropbox

       AdobeResourceSynchronizer

       SpeechSynthesisServer

       Google Drive.app

       TuneupMyMac

     

     

    Restricted user files: 117

     

     

    Font problems: 45

     

     

    Elapsed time (s): 194

  • by Linc Davis,

    Linc Davis Linc Davis Jan 15, 2015 10:44 AM in response to life_doc13
    Level 10 (208,037 points)
    Applications
    Jan 15, 2015 10:44 AM in response to life_doc13

    You installed the "Crossrider" trojan. Take the steps below to disable it.

    Back up all data before continuing.

    1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination  command-C:

    ~/Library/LaunchAgents

    In the Finder, select

              Go â–¹ Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

    2. Inside the folder you just opened, there may be files with any of the following names:

               com.crossrider.wss*.agent.plist

               flashmall_updater.plist

               flashmall_updater.sh

               com.webhelper.plist

               com.webtools.update.agent.plist

               WebSocketServerApp

    Here * stands for a variable six-digit number. Some of these files may be absent. Move any that you have to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

    3. Do as in Step 1 with this line:

    ~/Library/Application Support

    A folder named "Application Support" will open. Inside it there may be a subfolder with this name:

                webHelperApp

    If so, move that subfolder—not the "Application Support" folder—to the Trash.

    4. Finally, open this folder in the same way as above:

    ~/Library

    Look for a subfolder with this name:

                 WebTools

    and move it to the Trash, if present. Finally, empty the Trash.

  • by life_doc13,

    life_doc13 life_doc13 Jan 16, 2015 8:10 AM in response to Linc Davis
    Level 1 (0 points)
    Jan 16, 2015 8:10 AM in response to Linc Davis

    Thank you very much Linc Davis! Problem resolved. I really appreciate the help.

  • by jwelsh802,

    jwelsh802 jwelsh802 Jan 19, 2015 2:59 PM in response to Linc Davis
    Level 1 (0 points)
    Jan 19, 2015 2:59 PM in response to Linc Davis

    System Version: OS X 10.10.1 (14B25)

    Kernel Version: Darwin 14.0.0

    Boot Mode: Normal

     

     

    Model: MacBookPro9,2

     

     

    System diagnostics

     

     

       2015-01-19 com.apple.WebKit.WebContent hang

       2015-01-19 com.apple.WebKit.WebContent hang

     

     

    Kernel messages

     

     

       Jan 14 19:12:41   WARNING: hibernate_page_list_setall skipped 4404 xpmapped pages

       Jan 17 14:12:55   BUG in process suhelperd[168]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       --- last message repeated 136 times ---

       Jan 17 14:14:29   BUG in process suhelperd[168]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)

       --- last message repeated 132 times ---

       Jan 17 14:14:35   BUG in process suhelperd[168]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       --- last message repeated 4 times ---

       Jan 17 14:14:39   BUG in process suhelperd[168]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)

       --- last message repeated 1 time ---

       Jan 17 15:04:38   process Image Capture Ex[3340] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback

       Jan 17 15:06:36   Sound assertion in AppleHDAFunctionGroup at line 1053

       Jan 17 16:28:15   WARNING: hibernate_page_list_setall skipped 220 xpmapped pages

       --- last message repeated 1 time ---

       Jan 17 18:17:08   WARNING: hibernate_page_list_setall skipped 237 xpmapped pages

       --- last message repeated 1 time ---

       Jan 17 18:52:45   WARNING: hibernate_page_list_setall skipped 899 xpmapped pages

       --- last message repeated 1 time ---

       Jan 17 19:08:28   WARNING: hibernate_page_list_setall skipped 989 xpmapped pages

       --- last message repeated 1 time ---

       Jan 17 19:11:17   WARNING: hibernate_page_list_setall skipped 981 xpmapped pages

       --- last message repeated 1 time ---

       Jan 18 23:07:14   WARNING: hibernate_page_list_setall skipped 1178 xpmapped pages

       --- last message repeated 1 time ---

       Jan 19 17:41:56   BUG in process suhelperd[168]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       --- last message repeated 131 times ---

     

     

    Extrinsic daemons

     

     

       com.microsoft.office.licensing.helper

       com.adobe.fpsaud

       com.seagate.TBDecorator.plist

     

     

    Extrinsic agents

     

     

       com.genieo.completer.ltvbit

       com.leadertech.PowerRegister.SEA1.UUID

       com.genieo.completer.download

       com.genieo.completer.update

     

     

    launchd items

     

     

       /Library/LaunchDaemons/com.adobe.fpsaud.plist

        (com.adobe.fpsaud)

       /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

        (com.microsoft.office.licensing.helper)

       Library/LaunchAgents/com.genieo.completer.download.plist

        (com.genieo.completer.download)

       Library/LaunchAgents/com.genieo.completer.ltvbit.plist

        (com.genieo.completer.ltvbit)

       Library/LaunchAgents/com.genieo.completer.update.plist

        (com.genieo.completer.update)

       Library/LaunchAgents/com.leadertech.PowerRegister.SEA1.UUID.plist

        (com.leadertech.PowerRegister.SEA1.UUID)

     

     

    Extrinsic loadable bundles

     

     

       /System/Library/Extensions/JMicronATA.kext

        (com.jmicron.JMicronATA)

       /System/Library/Extensions/Seagate Storage Driver.kext

        (com.seagate.driver.PowSecDriverCore)

       /Library/Internet Plug-Ins/Flash Player.plugin

        (com.macromedia.Flash Player.plugin)

       /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

        (com.microsoft.sharepoint.browserplugin)

       /Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

        (com.microsoft.sharepoint.webkitplugin)

       /Library/Internet Plug-Ins/Silverlight.plugin

        (com.microsoft.SilverlightPlugin)

       /Library/PreferencePanes/Flash Player.prefPane

        (com.adobe.flashplayerpreferences)

     

     

    DNS (from DHCP): 75.75.75.75

     

     

    User login items

     

     

       iTunesHelper

     

     

    Safari extensions

     

     

       Omnibar

     

     

    Restricted user files: 133

     

     

    Elapsed time (s): 316

  • by Linc Davis,

    Linc Davis Linc Davis Jan 19, 2015 6:09 PM in response to jwelsh802
    Level 10 (208,037 points)
    Applications
    Jan 19, 2015 6:09 PM in response to jwelsh802

    If Safari crashes on launch and you don't have another web browser, you should be able to launch Safari by starting up in safe mode.

    You installed the "Genieo" or "InstallMac" ad-injection malware. Follow the instructions on this Apple Support page to remove it.

    Back up all data before making any changes.

    Besides the files listed in the linked support article, you may also need to remove this file in the same way:

    ~/Library/LaunchAgents/com.genieo.completer.ltvbit.plist

    If there are other items with a name that includes "Genieo" or "genieo" alongside any of those you find, remove them as well.

    One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

    After removing the malware, remember to reset your home page in all the web browsers affected, if it was changed.

    If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, then you may have one of the other kinds of adware covered by the support article. Follow the rest of the instructions in the article.

    Make sure you don't repeat the mistake that led you to install the malware. Chances are you got it from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.

    In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.

    Still in System Preferences, open the App Store or Software Update pane and check the box marked

              Install system data files and security updates (OS X 10.10 or later)

    or

              Download updates automatically (OS X 10.9 or earlier)

    if it's not already checked.

  • by jwelsh802,

    jwelsh802 jwelsh802 Jan 19, 2015 8:11 PM in response to Linc Davis
    Level 1 (0 points)
    Jan 19, 2015 8:11 PM in response to Linc Davis

    Thank you so very much Linc Davis! You are a life saver! I promise to be extremely selective with any downloads from this point on. Have a great night

  • by jazzdnny,

    jazzdnny jazzdnny Apr 6, 2015 10:46 AM in response to Linc Davis
    Level 1 (0 points)
    Apr 6, 2015 10:46 AM in response to Linc Davis

    Upon start up of my Mac Pro Tower I am getting a window

     

    Is this different from what you are referring to? How can I delete this?

    Thank you.

  • by lllaass,

    lllaass lllaass Apr 6, 2015 10:52 AM in response to jazzdnny
    Level 10 (190,667 points)
    Apple Watch
    Apr 6, 2015 10:52 AM in response to jazzdnny

    Try Linc Davis  recommended action on the first page of this discussion to remove it

  • by stevejobsfan0123,

    stevejobsfan0123 stevejobsfan0123 Apr 6, 2015 10:55 AM in response to jazzdnny
    Level 8 (44,007 points)
    iPhone
    Apr 6, 2015 10:55 AM in response to jazzdnny

    It is a quicker and less daunting task to run AdwareMedic, and have it search for and remove adware: http://adwaremedic.com/index.php.

  • by thomas_r.,

    thomas_r. thomas_r. Apr 6, 2015 11:00 AM in response to jazzdnny
    Level 7 (30,944 points)
    Mac OS X
    Apr 6, 2015 11:00 AM in response to jazzdnny

    This is new behavior on the part of the Genieo (aka InstallMac) adware. I'd be very curious to find out what you downloaded, and from where, around the time this problem started. I have not yet located a copy of Genieo that behaves this way, and don't know whether existing removal instructions will be adequate or whether they need revision. If you can help me find a copy of the installer for this thing, you would be helping yourself as well as countless others.

  • by Linc Davis,

    Linc Davis Linc Davis Apr 6, 2015 11:21 AM in response to jazzdnny
    Level 10 (208,037 points)
    Applications
    Apr 6, 2015 11:21 AM in response to jazzdnny

    There is no need to download anything to solve this problem.

    If Safari crashes on launch and you don't have another web browser, you should be able to launch Safari by starting up in safe mode.

    You may have installed the "Genieo" or "InstallMac" ad-injection malware. Follow the instructions on this Apple Support page to remove it.

    Back up all data before proceeding.

    Malware is always changing to get around the defenses against it. In addition to the files listed in the support article, you may also have to remove the following in the same way:

    ~/Library/LaunchAgents/com.Installer.completer.download.plist
    ~/Library/LaunchAgents/com.Installer.completer.ltvbit.plist
    ~/Library/LaunchAgents/com.Installer.completer.update.plist
    ~/Library/Application Support/IM.Installer/Completer.app 

    One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

    After removing the malware, remember to reset your home page in all the web browsers affected, if it was changed.

    If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, then you may have one of the other kinds of adware covered by the support article. Follow the rest of the instructions in the article.

    If you find Apple's instructions too hard to follow, ask for an alternative that doesn't require you to trust a black-box application without knowing what it does.

    Make sure you don't repeat the mistake that led you to install the malware. Chances are you got it from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.

    In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.

    Still in System Preferences, open the App Store or Software Update pane and check the box marked

              Install system data files and security updates (OS X 10.10 or later)

    or

              Download updates automatically (OS X 10.9 or earlier)

    if it's not already checked.

first Previous Page 3 of 3