Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: ANNOYING MACKEEPER TABS AND POPUP ADS

Hi there,


I bought a new macbook air 2 weeks ago, all has been well and good (new to mac products, always for android, still am).


Safari has also been good, as well as chrome, but as of recently, this whole "MacKeeper", "Zeobit.com" **** is completely taking over my search engines etc, problems including:


- Clean up mac ads everywhere, as well as the typical "Get a new iPhone 5' rubbish

- When clicking on links, my top sites tab shows up as well as the typical "MacKeeper" download page in another. I can only open links by pressing command to open in new tabs, however my top sites tab opens as well as the Mackeeper download page, along with it's fling annoying ads

- Ads as well before relevant google search links, like "Pages related to...." With zeobit.com on every inch of my ******* screen


Note that:


- I HAVE NOT downloaded anything to do with mackeeper, so uninstalling programs etc is unnecessary information - purely mackeeper tab and popup annoyances

- I have TRIED to 'restart' safari and remove cache, nothing works

- I have done the whole system preferences, privacy, remove all website data (which this zeobit.com **** is listed), and I remove zeobit.com but it just goes back on the list when I go through this process again

- Yes I have 'block popup ads' ticked


Can someone give me a solution to removing these popups with anything to do with zeobit.com and fling mackeeper which doesn't require me to read a long page of information? I'm about to smash my screen in here.

Posted on

Reply
Question marked as Helpful

Sep 3, 2014 8:23 PM in response to Linc Davis In response to Linc Davis

I've got the same problem here. Tried Linc Davis' solution but got caught up in the 'Reveal In Finder' instruction. Unfortunately, when I click that option, nothing happens. No 'contextual menu' appears and I'm at a loss as to what to do next.


How do I fix that or how do I get around it?


Thanks, in advance, for your help.

Question marked as Helpful

Jul 10, 2014 8:22 AM in response to chickashnaz In response to chickashnaz

You installed the "DownLite" trojan, perhaps under a different name. Remove it as follows.

Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.

Back up all data.

Triple-click anywhere in the line below on this page to select it:

/Library/LaunchAgents/com.vsearch.agent.plist

Right-click or control-click the line and select

Services Reveal in Finder (or just Reveal)

from the contextual menu.* A folder should open with an item named "VSearch" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.

Repeat with each of these lines:

/Library/LaunchDaemons/com.vsearch.daemon.plist
/Library/LaunchDaemons/com.vsearch.helper.plist
/Library/LaunchDaemons/Jack.plist

Restart the computer and empty the Trash. Then delete the following items in the same way:

/Library/Application Support/VSearch
/Library/PrivilegedHelperTools/Jack
/System/Library/Frameworks/VSearch.framework

Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.

From the Safari menu bar, select

Safari Preferences... Extensions

Uninstall any extensions you don't know you need, including any that have the word "Spigot" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.

This trojan is distributed on illegal websites that traffic in pirated movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.

You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the DownLite developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight is inexcusable and has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

There’s more to the conversation

Read all replies

Page content loaded

Jul 10, 2014 4:58 AM in response to Carolyn Samit In response to Carolyn Samit

Hiya,


I'm on my way to downloading the removal tool, however I'm faced with "Your security preferences allow installation of only apps from the Mac App Store and identified developers".



Apologies for sounding dense, however where do I go to change this preference so I can download?

Jul 10, 2014 4:58 AM

Reply Helpful
Question marked as Helpful

Jul 10, 2014 8:22 AM in response to chickashnaz In response to chickashnaz

You installed the "DownLite" trojan, perhaps under a different name. Remove it as follows.

Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.

Back up all data.

Triple-click anywhere in the line below on this page to select it:

/Library/LaunchAgents/com.vsearch.agent.plist

Right-click or control-click the line and select

Services Reveal in Finder (or just Reveal)

from the contextual menu.* A folder should open with an item named "VSearch" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.

Repeat with each of these lines:

/Library/LaunchDaemons/com.vsearch.daemon.plist
/Library/LaunchDaemons/com.vsearch.helper.plist
/Library/LaunchDaemons/Jack.plist

Restart the computer and empty the Trash. Then delete the following items in the same way:

/Library/Application Support/VSearch
/Library/PrivilegedHelperTools/Jack
/System/Library/Frameworks/VSearch.framework

Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.

From the Safari menu bar, select

Safari Preferences... Extensions

Uninstall any extensions you don't know you need, including any that have the word "Spigot" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.

This trojan is distributed on illegal websites that traffic in pirated movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.

You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the DownLite developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight is inexcusable and has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

Jul 10, 2014 8:22 AM

Reply Helpful (28)

Jul 13, 2014 6:54 AM in response to chickashnaz In response to chickashnaz

chickashnaz wrote:


Hiya,


I'm on my way to downloading the removal tool, however I'm faced with "Your security preferences allow installation of only apps from the Mac App Store and identified developers".



Apologies for sounding dense, however where do I go to change this preference so I can download?


Go re-download it and try again. I finally got a developer ID and signed the app yesterday.

Jul 13, 2014 6:54 AM

Reply Helpful

Aug 17, 2014 10:32 PM in response to Linc Davis In response to Linc Davis

Thank you so very much! I didn't download anything, so when I got popups from zeobit, I searched it up and found this. I followed your instructions, went back to my page, and found that no more pop-up lines were under any words! It was beautiful! 😀 You're awesome. Just plain awesome. 🙂 Thank you so so SO much!

Aug 17, 2014 10:32 PM

Reply Helpful
Question marked as Helpful

Sep 3, 2014 8:23 PM in response to Linc Davis In response to Linc Davis

I've got the same problem here. Tried Linc Davis' solution but got caught up in the 'Reveal In Finder' instruction. Unfortunately, when I click that option, nothing happens. No 'contextual menu' appears and I'm at a loss as to what to do next.


How do I fix that or how do I get around it?


Thanks, in advance, for your help.

Sep 3, 2014 8:23 PM

Reply Helpful (65)
User profile for user: chickashnaz

Question: ANNOYING MACKEEPER TABS AND POPUP ADS