I am not 100% sure how I actually got this issue but its really bothering me. I have some adware on my mac that is causing random text in any browser I use to turn into spam links and ads. I have tried to use the methods posted on thesafemac.com but that didnt solve the issue. I have now removed all extensions in the browsers I use as well as ran CleanMyMac and ClamXav, neither have removed the issue. Can someone help me get rid of this junk?
MacBook Pro, iOS 6.1.4
You installed the "DownLite" trojan, perhaps under a different name. Remove it as follows.
Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
Back up all data.
Triple-click anywhere in the line below on this page to select it:
/Library/Application Support/VSearch
Right-click or control-click the line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.* A folder should open with an item named "VSearch" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
Repeat with each of these lines:
/Library/LaunchAgents/com.vsearch.agent.plist /Library/LaunchDaemons/com.vsearch.daemon.plist /Library/LaunchDaemons/com.vsearch.helper.plist /Library/LaunchDaemons/Jack.plist /Library/PrivilegedHelperTools/Jack /System/Library/Frameworks/VSearch.framework
Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
Restart and empty the Trash. Don't try to empty the Trash until you have restarted.
From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall any extensions you don't know you need, including any that have the word "Spigot" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
This trojan is distributed on illegal websites that traffic in pirated movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the DownLite developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. It must be said that this failure of oversight is inexcusable and has seriously compromised the value of Gatekeeper and the Developer ID program. You cannot rely on Gatekeeper alone to protect you from harmful software.
*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
You installed the "DownLite" trojan, perhaps under a different name. Remove it as follows.
Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
Back up all data.
Triple-click anywhere in the line below on this page to select it:
/Library/Application Support/VSearch
Right-click or control-click the line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.* A folder should open with an item named "VSearch" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
Repeat with each of these lines:
/Library/LaunchAgents/com.vsearch.agent.plist /Library/LaunchDaemons/com.vsearch.daemon.plist /Library/LaunchDaemons/com.vsearch.helper.plist /Library/LaunchDaemons/Jack.plist /Library/PrivilegedHelperTools/Jack /System/Library/Frameworks/VSearch.framework
Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
Restart and empty the Trash. Don't try to empty the Trash until you have restarted.
From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall any extensions you don't know you need, including any that have the word "Spigot" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
This trojan is distributed on illegal websites that traffic in pirated movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the DownLite developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. It must be said that this failure of oversight is inexcusable and has seriously compromised the value of Gatekeeper and the Developer ID program. You cannot rely on Gatekeeper alone to protect you from harmful software.
*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
This seems to have solved my problem too. Thanks!
I had a big problem with pop ups and adware, I installed Free Avast Mac Security 2015, did a full scan, it detected 45 infections, deleted all of them and now everything is fine!!!!
Hope it didn't delete anything important. Although it seems to do a great job of finding infected files, it also has the highest rate of False Positives, including some OS X files. It also installs Adware if you aren't careful. Have a look at About the latest Avast false positive for the latest news and check it's history.
It deleted only the ones that I chose to delete, so nothing that was important was deleted. Thanks for your advice. It seems to work very well, I let you know if anything out of the ordinary happens.
I had a similar problem.
I downloaded AdWare Medic and it solve it all.
Let me say, I am not part of AdWare Medic or get paid from them. I am suspicious of these type of programs. But it worked.
And I wanted to share it with the community, as it helped me.
Link can you help me with this:
EtreCheck version: 2.4.2 (142)
Report generated 9/23/15, 5:08 PM
Download EtreCheck from http://etresoft.com/etrecheck
Click the [Click for support] links for help with non-Apple products.
Click the [Click for details] links for more information about that line.
Hardware Information: (What does this mean?)
MacBook Pro (13-inch, Late 2011) (Verified)
MacBook Pro - model: MacBookPro8,1
1 2.4 GHz Intel Core i5 CPU: 2-core
4 GB RAM Upgradeable
BANK 0/DIMM0
2 GB DDR3 1333 MHz ok
BANK 1/DIMM0
2 GB DDR3 1333 MHz ok
Bluetooth: Old - Handoff/Airdrop2 not supported
Wireless: en1: 802.11 a/b/g/n
Battery: Health = Check Battery - Cycle count = 820 - SN = W01514K8BD3LA
Video Information: (What does this mean?)
Intel HD Graphics 3000
Color LCD 1280 x 800
System Software: (What does this mean?)
OS X 10.10.5 (14F27) - Time since boot: less than an hour
Disk Information: (What does this mean?)
ST9250827AS disk0 : (250.06 GB) (Rotational)
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Fausto HD (disk1) / : 248.83 GB (130.59 GB free) - 16 errors
Drive failure!
Core Storage: disk0s2 249.20 GB Online
HL-DT-ST DVDRW GS31N ()
USB Information: (What does this mean?)
Apple Computer, Inc. IR Receiver
Apple Inc. FaceTime HD Camera (Built-in)
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Inc. BRCM2070 Hub
Apple Inc. Bluetooth USB Host Controller
Thunderbolt Information: (What does this mean?)
Apple Inc. thunderbolt_bus
Configuration files: (What does this mean?)
/etc/sudoers, File size 1312 but expected 1275
/etc/hosts - Count: 1
Gatekeeper: (What does this mean?)
Mac App Store and identified developers
Problem System Launch Daemons: (What does this mean?)
[failed] com.apple.systemstatsd.plist [Click for details]
User Login Items: (What does this mean?)
None
Internet Plug-ins: (What does this mean?)
JavaAppletPlugin: Version: Java 8 Update 60 build 27 Check version
FlashPlayer-10.6: Version: 19.0.0.185 - SDK 10.6 [Click for support]
QuickTime Plugin: Version: 7.7.3
Flash Player: Version: 19.0.0.185 - SDK 10.6 [Click for support]
Default Browser: Version: 600 - SDK 10.10
Unity Web Player: Version: UnityPlayer version 5.0.3f2 - SDK 10.6 [Click for support]
iPhotoPhotocast: Version: 7.0
3rd Party Preference Panes: (What does this mean?)
Flash Player [Click for support]
Java [Click for support]
Time Machine: (What does this mean?)
Time Machine not configured!
Top Processes by CPU: (What does this mean?)
23% installd
10% coreduetd
5% WindowServer
1% fontd
0% storedownloadd
Top Processes by Memory: (What does this mean?)
369 MB kernel_task
233 MB mdworker(13)
94 MB Safari
70 MB installd
53 MB storedownloadd
Virtual Memory Information: (What does this mean?)
525 MB Free RAM
3.49 GB Used RAM (664 MB Cached)
1 MB Swap Used
Diagnostics Information: (What does this mean?)
Sep 23, 2015, 04:37:36 PM Self test - passed
Sep 22, 2015, 02:53:17 PM /Library/Logs/DiagnosticReports/Mail_2015-09-22-145317_[redacted].hang
Sep 22, 2015, 08:25:18 AM /Library/Logs/DiagnosticReports/BitdefenderVirusScanner_2015-09-22-082518_[reda cted].hang
Sep 22, 2015, 08:22:44 AM /Library/Logs/DiagnosticReports/BitdefenderVirusScanner_2015-09-22-082244_[reda cted].hang
Sep 22, 2015, 06:46:06 AM /Library/Logs/DiagnosticReports/Safari_2015-09-22-064606_[redacted].hang
Sep 21, 2015, 09:36:09 PM /Library/Logs/DiagnosticReports/FaceTime_2015-09-21-213609_[redacted].hang
Linc does not normally respond to "Me Too" requests, is probably not monitoring this discussion any more and hates EtreCheck, so you need a different approach.
Start a new discussion and describe your problem completely without posting EtreCheck until asked for it or some other diagnostics. That way a lot more people will be able to respond more quickly.
BTW, there's no evidence of Adware/Malware so you should not jump to that conclusion.
That being said, it would appear that your hard drive is failing, so you need to deal with that ASAP since I see you aren't using Time Machine. Back up your drive and take it in to have it checked out/replaced.
Thank you MadMacs0, I appreciate your answer and did not know about "Me Too", so I appoligize for this and I will backup my HD and replace it.
Tis again.
Fausto
Adware/Malware Problem
