Recently i've downloaded something and now I have all this adware on safari. Pop up ads and Certain words are highlited that when clicked go to ads for surveys and stuff etc. I've tried everything but i cant get rid of the highlighted text. Does anyone know how to fix this?
MacBook Pro
When you ran the test, one Safari extension was installed. Have you removed it?
yeah linc i have removed all extensions in the list i am just about to go through apples guide to remove adware ill let you no how it goes
Can anyone please help? I have an iPhone that in the past few days has been redirecting to an app at the app store called Big Fish Casino - Free Slots, Vegas. This happens when I go to, for example, to tmz.com. Sometimes it redirects without me even clicking a link on tmz.com. Other times, it will redirect as soon as I click anywhere once that site has loaded.
On some other web sites, the links within a web site, simply don't work; they act as though they aren't links at all.
I see mob-adserv.com flash up while it redirects and also tracking.crobo.com. There are some other links that flash really fast that I can't capture.
I have iOS 8.1.
Any help or ideas?? It feels very virus-ey. Thank you for your consideration!
rygarett wrote:
I have an iPhone that in the past few days has been redirecting to an app at the app store called Big Fish Casino - Free Slots, Vegas.
You have posted to an old posting in the wrong forum, so it's unlikely you'll get the help you need. Try the Using iPhone forum and start a new discussion by asking your question and clicking the Big Blue "Submit my question to the community" Button.
There is no virus or malware that can impact iOS unless you have a Jailbroke iPhone, so it's likely that your WiFi router has been hacked.
Thank you! I will do that. It's weird because i'm using LTE via Sprint service. I do have wireless at home that I use as well, but it has happened while not connected to WI-FI.
hello I'm having the same issue
Boot Mode: Normal
Model: MacBookAir4,1
Total RAM (GB): 2
Battery cycles: 342
System load advisory
combined level = Bad
- user level = OK
- battery level = Bad
- thermal level = Great
System diagnostics
2015-04-11 iTunes hang
User diagnostics
2015-04-11 Autoupdate crash
2015-04-27 Data Recovery Pro crash
2015-04-29 helpd crash
2015-04-29 helpd crash
Kernel messages
Apr 28 13:12:32 Sound assertion in AppleMikeyI2C_TS3A8235 at line 335
Apr 28 13:12:32 Sound assertion in AppleMikeyDevice at line 842
Apr 28 13:12:32 Sound assertion in AppleMikeyDevice at line 818
Apr 28 14:10:41 wl0: Roamed or switched channel, reason #8, bssid 00:13:33:d6:20:63
--- last message repeated 1 time ---
Apr 28 14:35:39 wl0: Roamed or switched channel, reason #4, bssid 00:13:33:d6:20:63
Apr 28 14:36:44 wl0: Roamed or switched channel, reason #8, bssid 00:13:33:d6:20:63
Apr 28 15:04:42 wl0: Roamed or switched channel, reason #4, bssid 00:13:33:d6:20:63
Apr 28 15:11:11 Sound assertion in AppleMikeyI2C at line 267
Apr 28 15:11:11 Sound assertion in AppleMikeyI2C_TS3A8235 at line 249
Apr 28 15:11:11 Sound assertion in AppleMikeyI2C_TS3A8235 at line 335
Apr 28 15:11:11 Sound assertion in AppleMikeyDevice at line 842
Apr 28 15:11:11 Sound assertion in AppleMikeyDevice at line 818
Apr 28 16:58:41 Previous Shutdown Cause: -60
Apr 28 18:46:09 wl0: Roamed or switched channel, reason #4, bssid 00:13:33:d6:20:63
--- last message repeated 1 time ---
Apr 28 19:31:17 wl0: Roamed or switched channel, reason #8, bssid 00:13:33:d6:20:63
--- last message repeated 1 time ---
Apr 29 09:48:23 MacAuthEvent en0 Auth result for: 00:13:33:d6:20:63 Auth timed out
Apr 29 10:24:22 Sound assertion in AppleMikeyI2C at line 267
Apr 29 10:24:22 Sound assertion in AppleMikeyI2C_TS3A8235 at line 249
Apr 29 10:24:22 Sound assertion in AppleMikeyI2C_TS3A8235 at line 335
Apr 29 10:24:22 Sound assertion in AppleMikeyDevice at line 842
Apr 29 10:24:22 Sound assertion in AppleMikeyDevice at line 818
Apr 29 10:45:58 wl0: Roamed or switched channel, reason #8, bssid 00:13:33:d6:20:63
Pageouts (MiB): 3171
Total CPU usage: user 23%, system 16%
CPU usage by process "clamscan" with UID 501: 90.6%
Extrinsic daemons
com.oracle.java.JavaUpdateHelper
com.oracle.java.Helper-Tool
com.microsoft.office.licensing.helper
com.adobe.fpsaud
com.v.helper
Extrinsic agents
com.oracle.java.Java-Updater
com.epson.eventmanager.agent
com.epson.esua.launcher
com.adobe.CS5ServiceManager
com.v.agent
com.bittorrent.uTorrent
com.adobe.ARM.UUID
launchd items
/Library/LaunchAgents/com.6610e59f1038e6de.agent.plist
(com.v.agent)
/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist
(com.adobe.AAM.Startup-1.0)
/Library/LaunchAgents/com.adobe.CS5ServiceManager.plist
(com.adobe.CS5ServiceManager)
/Library/LaunchAgents/com.epson.esua.launcher.plist
(com.epson.esua.launcher)
/Library/LaunchAgents/com.epson.eventmanager.agent.plist
(com.epson.eventmanager.agent)
/Library/LaunchAgents/com.oracle.java.Java-Updater.plist
(com.oracle.java.Java-Updater)
/Library/LaunchDaemons/com.6610e59f1038e6de.daemon.plist
(com.v.daemon)
/Library/LaunchDaemons/com.6610e59f1038e6de.helper.plist
(com.v.helper)
/Library/LaunchDaemons/com.adobe.fpsaud.plist
(com.adobe.fpsaud)
/Library/LaunchDaemons/com.adobe.SwitchBoard.plist
(com.adobe.SwitchBoard)
/Library/LaunchDaemons/com.apple.remotepairtool.plist
(com.apple.RemotePairTool)
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
(com.microsoft.office.licensing.helper)
/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
(com.oracle.java.Helper-Tool)
/Library/LaunchDaemons/com.oracle.java.JavaUpdateHelper.plist
(com.oracle.java.JavaUpdateHelper)
Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist
(com.adobe.AAM.Scheduler-1.0)
Library/LaunchAgents/com.adobe.ARM.UUID.plist
(com.adobe.ARM.UUID)
Library/LaunchAgents/com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.UUID. plist
(com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.UUID)
Library/LaunchAgents/com.bittorrent.uTorrent.plist
(com.bittorrent.uTorrent)
Startup items
/Library/StartupItems/HW_CreateNetwork/CreateNetwork
/Library/StartupItems/HW_CreateNetwork/HW_CreateNetwork
/Library/StartupItems/HW_CreateNetwork/StartupParameters.plist
/Library/StartupItems/HWPortDetect_driver/HWPortCfg_driver
/Library/StartupItems/HWPortDetect_driver/HWPortDetect_driver
/Library/StartupItems/HWPortDetect_driver/StartupParameters.plist
Extrinsic loadable bundles
/System/Library/Extensions/HuaweiDataCardDriver.kext
(com.huawei.driver.HuaweiDataCardDriver)
/System/Library/Extensions/USBExpressCardCantWake_Huawei.kext
(com.apple.dts.driver.USBExpressCardCantWake)
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
(com.adobe.acrobat.pdfviewer)
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
(com.adobe.acrobat.pdfviewerNPAPI)
/Library/Internet Plug-Ins/Flash Player.plugin
(com.macromedia.Flash Player.plugin)
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
(com.oracle.java.JavaAppletPlugin)
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
(com.microsoft.sharepoint.browserplugin)
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
(com.microsoft.sharepoint.webkitplugin)
/Library/Internet Plug-Ins/Silverlight.plugin
(com.microsoft.SilverlightPlugin)
/Library/PreferencePanes/Flash Player.prefPane
(com.adobe.flashplayerpreferences)
/Library/PreferencePanes/Growl.prefPane
(com.growl.prefpanel)
/Library/PreferencePanes/JavaControlPanel.prefPane
(com.oracle.java.JavaControlPanel)
/Library/ScriptingAdditions/Adobe Unit Types.osax
(No bundle ID)
Library/Address Book Plug-Ins/SkypeABDialer.bundle
(com.skype.skypeabdialer)
Library/Address Book Plug-Ins/SkypeABSMS.bundle
(com.skype.skypeabsms)
Library/Address Book Plug-Ins/YMsgrCallABPlugin.bundle
(com.yahoo.YMsgrCallABPlugin)
Library/Address Book Plug-Ins/YMsgrMsnABPlugin.bundle
(com.yahoo.YMsgrMsnABPlugin)
Library/Address Book Plug-Ins/YMsgrSmsABPlugin.bundle
(com.yahoo.YMsgrSmsABPlugin)
Library/Address Book Plug-Ins/YMsgrYimABPlugin.bundle
(com.yahoo.YMsgrYimABPlugin)
Library/Services/ENService.app
(com.ThomsonResearchSoft.EndNote.ENService)
Library/Spotlight/EndNote.mdimporter
(com.ThomsonResearchSoft.EndNote)
hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 hl2rcv.adobe.com
Restricted user files: 86
Font problems: 40
Bad plists
Library/Preferences/com.apple.Safari.plist.plist
Library/Preferences/com.easeus.mac_drw.plist
Library/Preferences/com.solidstatenetworks.awkhost.plist
Library/Preferences/com.solidstatenetworks.host.plist
Library/Preferences/ooVoo.plist
Elapsed time (s): 124
Hi there,
I was having the same problem and was fed up was thinking to reinstall the OS , was so annoying and i cant hardly do anything. I tried couple of softwares, resetting the browsers, removes all unwanted files and softwares but NO GOOD at all. today i was checking again and i found out the reason of this. In the extensions there was one Silverlight extension which was not the original one and it seems quite different from the original one in the terms of the logo. I removed that. and i have no add wares any more 😉 try doing this and check your extensions.
regards,
Malik
I ran your script last night, can you look at it and tell me whats wrong? I checked my activity monitor and i saw that mc keeper and vagent was on i was able to force quit both of them but i can't seem to empty vsearch out of my trash. It said that the app is in use even though i already forced quit.
Start time: 14:28:27 07/15/15
Model Identifier: MacBookPro9,2
System Version: OS X 10.10.4 (14E46)
Kernel Version: Darwin 14.4.0
Time since boot: 2 days 12:35
USB
USB Receiver (Logitech Inc.)
Diagnostic reports
2015-06-26 LoLPatcher crash
2015-06-26 UserKernel crash
2015-07-03 UserKernel crash
2015-07-04 UserKernel crash
2015-07-05 UserKernel crash
2015-07-07 UserKernel crash
2015-07-09 UserKernel crash
2015-07-10 UserKernel crash x3
2015-07-11 UserKernel crash x3
2015-07-12 UserKernel crash
2015-07-13 LolClient crash
2015-07-13 Preview hang
2015-07-13 UserKernel crash x3
2015-07-15 Google Chrome hang
2015-07-15 Safari hang
2015-07-15 UserKernel crash x2
Log
Jul 15 03:22:32 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 03:23:09 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 03:23:54 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 03:27:27 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 03:27:34 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 03:27:48 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 03:28:05 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 03:28:12 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 03:28:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 03:28:33 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 03:28:36 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 03:29:08 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 13:43:58 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 13:44:05 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 13:44:13 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 15 13:46:53 process LoLPatcher[4931] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback
Jul 15 13:55:39 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 15 13:59:41 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 15 14:01:30 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 15 14:01:52 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 15 14:02:33 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 15 14:03:55 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 15 14:03:58 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 15 14:04:22 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 15 14:09:31 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Swap (MiB): 2654
Activity
CPU: user 20%, system 8%
Net: 45 in, 38 out (KiB/s)
CPU per process: com.apple.WebKit (UID 501) is using 178.8 %
I/O per process: kernel_task (UID 0) is using 2 MB/s
Memory: com.apple.WebKit (UID 501) is using 1135 MB
Daemons
com.vsearch.helper
com.vsearch.daemon
com.skype.skypeinstaller
com.BlueStacks.AppPlayer.bstservice_helper
com.apple.installer.osmessagetracing
com.microsoft.office.licensing.helper
com.google.keystone.daemon
com.zeobit.MacKeeper.plugin.AntiTheft.daemon
com.ConformablyPurpurite.helper
com.adobe.fpsaud
Agents
com.brother.LOGINserver
com.ConformablyPurpurite.agent
com.google.keystone.system.agent
com.apple.photostream-agent
com.blizzard.starcraft2switcher.4860.UUID
com.zeobit.MacKeeper.Helper
com.apple.AirPortBaseStationAgent
com.vsearch.agent
Bundles
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin
- com.google.googletalkbrowserplugin
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.apple.java.JavaAppletPlugin
/Library/Internet Plug-Ins/o1dbrowserplugin.plugin
- com.google.o1dbrowserplugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
Contents of /etc/hosts (checksum 4112523587)
[N/A]
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (checksum 3012644940)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.brother.LOGINserver.plist (checksum 1383871077)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>OnDemand</key>
<false/>
<key>Label</key>
<string>com.brother.LOGINserver</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Printers/Brother/Utilities/Server/LOGINserver.app/Contents/Mac OS/LOGINserver</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.conformablypurpurite.agent.plist (checksum 3870365102)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.ConformablyPurpurite.agent</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/ConformablyPurpurite/Agent/agent.app/Contents/MacOS/agent</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.vsearch.agent.plist (checksum 4056175004)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.vsearch.agent</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/VSearch/Agent/VSearchAgent.app/Contents/MacOS/VSearchAgent</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.BlueStacks.AppPlayer.bstservice_helper.plist (checksum 910297615)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.BlueStacks.AppPlayer.bstservice_helper</string>
<key>MachServices</key>
<dict>
<key>com.BlueStacks.AppPlayer.bstservice_helper</key>
<true/>
</dict>
<key>Program</key>
<string>/Library/PrivilegedHelperTools/com.BlueStacks.AppPlayer.bstservice_help er</string>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/com.BlueStacks.AppPlayer.bstservice_help er</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.conformablypurpurite.daemon.plist (checksum 465626006)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.ConformablyPurpurite.daemon</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/ConformablyPurpurite/Agent/agent.app/Contents/MacOS/agent</string>
<string>-update</string>
</array>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.conformablypurpurite.helper.plist (checksum 1575597572)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.ConformablyPurpurite.helper</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/ConformablyPurpurite/Agent/agent.app/Contents/MacOS/agent</string>
<string>-helper</string>
</array>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.skype.skypeinstaller.plist (checksum 354022165)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.skype.skypeinstaller</string>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/com.skype.skypeinstaller</string>
</array>
<key>Sockets</key>
<dict>
<key>com.skype.skypeinstaller.socket</key>
<dict>
<key>SockFamily</key>
<string>Unix</string>
<key>SockPathMode</key>
<integer>438</integer>
<key>SockPathName</key>
<string>/var/run/com.skype.skypeinstaller.socket</string>
<key>SockType</key>
<string>Stream</string>
</dict>
</dict>
</dict>
...and 1 more line(s)
Contents of /Library/LaunchDaemons/com.vsearch.daemon.plist (checksum 1776938436)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.vsearch.daemon</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/VSearch/Agent/VSearchAgent.app/Contents/MacOS/VSearchAgent</string>
<string>-update</string>
</array>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.vsearch.helper.plist (checksum 1006763623)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.vsearch.helper</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/VSearch/Agent/VSearchAgent.app/Contents/MacOS/VSearchAgent</string>
<string>-helper</string>
</array>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.zeobit.MacKeeper.plugin.AntiTheft.daemon.plist (checksum 3798729423)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<false/>
<key>Label</key>
<string>com.zeobit.MacKeeper.plugin.AntiTheft.daemon</string>
<key>Program</key>
<string>/Library/Application Support/MacKeeper/MacKeeperATd</string>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.zeobit.MacKeeper.Helper.plist (checksum 4152898479)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<false/>
<key>EnvironmentVariables</key>
<dict>
<key>ZBTimeStamp</key>
<string>20140702060136</string>
</dict>
<key>Label</key>
<string>com.zeobit.MacKeeper.Helper</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/Applications/MacKeeper.app/Contents/Resources/MacKeeper Helper.app/Contents/MacOS/MacKeeper Helper</string>
</dict>
</plist>
Firewall: On
DNS: 75.75.76.76
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
League of Legends
- /Applications/League of Legends.app
Restricted files: 47
Lockfiles: 9
Elapsed time (s): 353
Plz help me as soon as possible! i am a student and i really need it for school :/ these adwares are really slowing me down. THANK YOU!
I doubt that Linc is still monitoring this very old discussion and he rarely responds to "me too" requests.
If you can't find the answer to your problem by reading all eleven pages here, then you need to start a new discussion outlining your problems in great detail and don't post the results of any scripts or other diagnostics until asked. That way Linc or one of the other troubleshooters here will see your posting, otherwise you are just talking to your self.
That's just the way these forums work.
Thanks, will you be able to help me?
Lama98989 wrote:
Thanks, will you be able to help me?
I'm primarily the ClamXav and Malware guy here, and could probably have helped some, but as you found there are many others more qualified than I.
I am a big fan of thomas_r.'s efforts here (he is a colleague of mine in the malware area) with TheSafeMac, AdwareMedic and now MalwareBytes for Mac. I don't think there is anybody in the world (not just this Forum) any smarter about Adware.
You've got adware that can easily be removed by Malwarebytes Anti-Malware for Mac. You've also got MacKeeper, which needs to be removed.
(Fair disclosure: I am affiliated with Malwarebytes, whose product I am recommending above.)
A
You don't need to, and should not, download anything to solve this problem. Never use any commercial "anti-virus" or "anti-malware" product that may be advertised on the Web.
You installed a variant of the "VSearch" ad-injection malware. Follow Apple Support's instructions to remove it.
If you have trouble following those instructions, see below.
Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
The VSearch malware tries to hide itself by varying the names of the files it installs. To remove it, you must first identify the naming pattern.
Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
/Library/LaunchDaemons
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder named "LaunchDaemons" may open. Look inside it for two files with names of the form
com.something.daemon.plist
and
com.something.helper.plist
Here something is a variable string of characters, which can be different in each VSearch infection. So far it has always been an alphanumeric string without punctuation, such as "cloud," "dot," "highway," "submarine," or "trusteddownloads." Sometimes it's a meaningless string such as "e8dec5ae7fc75c28" rather than a word. Sometimes the string is "apple," and then you must be especially careful not to delete the wrong files, because many built-in OS X files have similar names.
You managed to install two different versions of the malware. In your case, "something" is both "vsearch" and "ConformablyPurpurite".
If you find these files, leave the LaunchDaemons folder open, and open the following folder in the same way:
/Library/LaunchAgents
In this folder, there may be a file named
com.something.agent.plist
where the string something is the same as before.
If you feel confident that you've identified the above files, back up all data, then drag just those three files—nothing else—to the Trash. You may be prompted for your administrator login password. Close the Finder windows and restart the computer.
Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.
The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.
Open this folder:
/Library/Application Support
If it has a subfolder named just
something
where something is the same string you saw before, drag that subfolder to the Trash and close the window.
Don't delete the "Application Support" folder or anything else inside it.
Finally, in this folder:
/System/Library/Frameworks
there may be an item named exactly
v.framework
It's actually a folder, though it has a different icon than usual. This item always has the above name; it doesn't vary. Drag it to the Trash and close the window.
Don't delete the "Frameworks" folder or anything else inside it.
If you didn't find the files or you're not sure about the identification, post what you found.
If in doubt, or if you have no backups, change nothing at all.
The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it. I don't recommend that you install the genuine "MPlayerX," because it's hosted on the rogue "SourceForge" website and is bundled with other malware.
This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Then, still in System Preferences, open the App Store or Software Update pane and check the box marked
Install system data files and security updates (OS X 10.10 or later)
or
Download updates automatically (OS X 10.9 or earlier)
if it's not already checked.
B
"MacKeeper" is a scam with only one useful feature: it deletes itself.
First, back up all data.
Note: These instructions apply to the version of the product that I downloaded and tested in early 2012. I can't be sure that they apply to other versions.
If you have incompletely removed MacKeeper—for example, by dragging the application to the Trash and immediately emptying—then you'll have to reinstall it and start over.
IMPORTANT: "MacKeeper" has what the developer calls an “encryption” feature. In my tests, I didn't try to verify what this feature really does. If you used it to “encrypt” any of your files, “decrypt” them before you uninstall, or (preferably) restore the files from backups made before they were “encrypted.” As the developer is not trustworthy, you should assume that the "decrypted" files are corrupt unless proven otherwise.
In the Finder, select
Go ▹ Applications
from the menu bar, or press the key combination shift-command-A. The "MacKeeper" application is in the folder that opens. Quit it if it's running, then drag it to the Trash. You'll be prompted for your login password. Click the Uninstall MacKeeper button in the dialog that appears. All the other functional components of the software will be deleted. Restart the computer and empty the Trash.
☞ Quit MacKeeper before dragging it to the Trash.
☞ Let MacKeeper delete its other components before you empty the Trash.
☞ Don't try to drag MacKeeper from the Dock or the Launchpad to the Trash.
☞ Don't try to remove MacKeeper while running in safe mode.
How to remove Adware?
