Q: lucky leap

Uninstalling Software: The Basics

Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash.  Applications may create preference files that are stored in the /Home/Library/Preferences/ folder.  Although they do nothing once you delete the associated application, they do take up some disk space.  If you want you can look for them in the above location and delete them, too.

Some applications may install an uninstaller program that can be used to remove the application.  In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.

Some applications may install components in the /Home/Library/Applications Support/ folder.  You can also check there to see if the application has created a folder.  You can also delete the folder that's in the Applications Support folder.  Again, they don't do anything but take up disk space once the application is trashed.

Some applications may install a startupitem or a Log In item.  Startupitems are usually installed in the /Library/StartupItems/ folder and less often in the /Home/Library/StartupItems/ folder.  Log In Items are set in the Accounts preferences.  Open System Preferences, click on the Accounts icon, then click on the LogIn Items tab.  Locate the item in the list for the application you want to remove and click on the "-" button to delete it from the list.

Some software use startup daemons or agents that are a new feature of the OS.  Look for them in /Library/LaunchAgents/ and /Library/LaunchDaemons/ or in /Home/Library/LaunchAgents/.

If an application installs any other files the best way to track them down is to do a Finder search using the application name or the developer name as the search term.  Unfortunately Spotlight will not look in certain folders by default.  You can modify Spotlight's behavior or use a third-party search utility, EasyFind, instead.

Some applications install a receipt in the /Library/Receipts/ folder.  Usually with the same name as the program or the developer.  The item generally has a ".pkg" extension.  Be sure you also delete this item as some programs use it to determine if it's already installed.

There are many utilities that can uninstall applications.  Here is a selection:

    1. AppZapper

    2. AppDelete

    3. Automaton

    4. Hazel

    5. AppCleaner

    6. CleanApp

    7. iTrash

    8. Amnesia

    9. Uninstaller

  10. Spring Cleaning

For more information visit The XLab FAQs and read the FAQ on removing software.

That's some kind of malware. You will not be able to remove it easily. It would save a lot of time if you can post a link to the download.

If this is malware then see the following:

Helpful Links Regarding Malware Protection

An excellent link to read is Tom Reed's Mac Malware Guide.

Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.

See these Apple articles:

  Mac OS X Snow Leopard and malware detection

  OS X Lion- Protect your Mac from malware

  OS X Mountain Lion- Protect your Mac from malware

  About file quarantine in OS X

If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)

From user Joe Bailey comes this equally useful advice:

The facts are:

1. There is no anti-malware software that can detect 100% of the malware out there.

2. There is no anti-malware that can detect anything targeting the Mac because there

     is no Mac malware in the wild, and therefore, no "signatures" to detect.

3. The very best way to prevent the most attacks is for you as the user to be aware that

     the most successful malware attacks rely on very sophisticated social engineering

     techniques preying on human avarice, ****, and fear.

4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on

    your computer is intended to entice you to install their malware thinking it is a

    protection against malware.

5. Some of the anti-malware products on the market are worse than the malware

    from which they purport to protect you.

6. Be cautious where you go on the internet.

7. Only download anything from sites you know are safe.

8. Avoid links you receive in email, always be suspicious even if you get something

    you think is from a friend, but you were not expecting.

9. If there is any question in your mind, then assume it is malware.

It sounds like you have some kind of adware installed. The question is, are you seeing Lucky Leap ads because of some known adware, or has another Windows adware threat made the jump to the Mac?

If you know what your kids installed, and where they downloaded it from, that would allow us to give you more specific information. However, if you don't know, try working through my Adware Removal Guide. If the problem is being caused by some known adware, that will help you get rid of it.

If that doesn't help, you may have something new. If you can't figure out where we can find the download that infected you, then post back here for more instructions at this point.

Do not try to use anti-virus software to solve this problem! Anti-virus software probably won't detect whatever is installed, and if it does, it won't be able to completely remove it.

(Fair disclosure: The Safe Mac is my site, and contains a Donate button, so I may receive compensation for providing links to The Safe Mac. Donations are not required.)

this got installed by them installing Mvideo

Where did you find that?

Thanks all for your replies, i have managed to remove it finding all the files using easy find

What did you search for, and what files did you find?

If you found files with "lucky leap" in the name, you have found something new that I've never seen before. Unfortunately, since you have just waded in and deleted them, that poses some problems. First, you should be aware that adware often includes files that are not related by name to the ads being displayed, or even to the name of the adware. So it's possible - even likely - that you haven't fully removed it.

In addition, the lack of information makes it much more difficult for us to pin down what's going on, and to help other people who will suffer from the same problem.

Thus, it would be EXTREMELY helpful if you could find us the exact link where you downloaded this Mvideo app from.

There's plenty of Windows malware on that site, but I couldn't find any OS X malware. If you could describe exactly what steps you took to download it, that would help a lot.

You installed the "DownLite" trojan under a different name. Remove it as follows.

Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.

Back up all data.

Triple-click anywhere in the line below on this page to select it:

/Library/LaunchAgents/com.vsearch.agent.plist

Right-click or control-click the line and select

          Services ▹ Reveal in Finder (or just Reveal)

from the contextual menu.* A folder should open with an item named "VSearch" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.

Repeat with each of these lines:

/Library/LaunchDaemons/com.vsearch.daemon.plist
/Library/LaunchDaemons/com.vsearch.helper.plist
/Library/LaunchDaemons/Jack.plist

Restart the computer and empty the Trash. Then delete the following items in the same way:

/Library/Application Support/VSearch
/Library/PrivilegedHelperTools/Jack
/System/Library/Frameworks/VSearch.framework

Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.

From the Safari menu bar, select

          Safari ▹ Preferences... ▹ Extensions

Uninstall any extensions you don't know you need, including any that have the word "Spigot" or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.

This trojan is distributed on illegal websites that traffic in pirated movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.

You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the DownLite developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight is inexcusable and has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select

          Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

That site is illegal and unethical, and is absolutely overflowing with malware. Your kids need to stop going there immediately!

I was able to find MPlayerX on that site, with enough searching. That installs both Downlite, which Linc has given you instructions for removing, and Conduit. You'll find instructions for removing the latter in my Adware Removal Guide, or can use my Adware Removal Tool to scan for and remove everything all at once.

(Fair disclosure: The Safe Mac is my site, and contains a Donate button, so I may receive compensation for providing links to The Safe Mac. Donations are not required.)