Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Tesla735
Tesla735 Author
User level: Level 1
1 points

MPlayerX Malware Removal

I was recently approched by a friend who had accidentally downloaded and run the installer for what appears to be a trojan. The installer says it is "MPlayerX" which appears to be a legitimate application, however the installer bears no resemblence to the one of the actual application.

Virus total link

Here is a screenshot:

User uploaded file

He followed through the install process, and entered his password. I did a lot of googling but could not find any information. I then decided to give it a crack mysef and opened up the install binary in a disassembler. Unfortunatley, this was way above my level and I could not make sense of it. Here are the details of his computer:

User uploaded file

As he supplied his password, it is possible that it may have installed a rootkit as well.

Has anyone ever encountered this before, or do you know how to remove it?

MacBook Pro, OS X Mavericks (10.9.1)

Posted on May 19, 2014 9:36 AM

Reply
Question marked as Best reply
User profile for user: Tesla735
Tesla735 Author
User level: Level 1
1 points

Posted on May 19, 2014 10:56 AM

After looking at the launch agents loaded on his computer (launchctl list) I found several plists that seemed out of order:


  • /Library/LaunchAgents/com.vsearch.agent.plist
  • /Library/LaunchDaemons/com.vsearch.daemon.plist
  • /Library/LaunchDaemons/com.vsearch.helper.plist
  • /Library/LaunchDaemons/Jack.plist


After googling these I ended up finding an article explaining how to remove it
View in context
46 replies

MPlayerX Malware Removal

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up