Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Malware OSX/Vsearch-A

I have some nonsense on my computer called OSX/Vsearch-A it was like an installer or something. Sophos picked it up. Don't know much about it or how to remove it. Need some help. Thanks.

MacBook Pro, OS X Mavericks (10.9.4)

Posted on Jul 24, 2014 1:36 PM

Reply
Question marked as Best reply

Posted on Jul 24, 2014 1:53 PM

Uninstalling Software: The Basics


Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash. Applications may create preference files that are stored in the /Home/Library/Preferences/ folder. Although they do nothing once you delete the associated application, they do take up some disk space. If you want you can look for them in the above location and delete them, too.


Some applications may install an uninstaller program that can be used to remove the application. In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.


Some applications may install components in the /Home/Library/Applications Support/ folder. You can also check there to see if the application has created a folder. You can also delete the folder that's in the Applications Support folder. Again, they don't do anything but take up disk space once the application is trashed.


Some applications may install a startupitem or a Log In item. Startupitems are usually installed in the /Library/StartupItems/ folder and less often in the /Home/Library/StartupItems/ folder. Log In Items are set in the Accounts preferences. Open System Preferences, click on the Accounts icon, then click on the LogIn Items tab. Locate the item in the list for the application you want to remove and click on the "-" button to delete it from the list.


Some software use startup daemons or agents that are a new feature of the OS. Look for them in /Library/LaunchAgents/ and /Library/LaunchDaemons/ or in /Home/Library/LaunchAgents/.


If an application installs any other files the best way to track them down is to do a Finder search using the application name or the developer name as the search term. Unfortunately Spotlight will not look in certain folders by default. You can modify Spotlight's behavior or use a third-party search utility, EasyFind, instead.


Some applications install a receipt in the /Library/Receipts/ folder. Usually with the same name as the program or the developer. The item generally has a ".pkg" extension. Be sure you also delete this item as some programs use it to determine if it's already installed.


There are many utilities that can uninstall applications. Here is a selection:


1. AppZapper

2. AppDelete

3. Automaton

4. Hazel

5. AppCleaner

6. CleanApp

7. iTrash

8. Amnesia

9. Uninstaller

10. Spring Cleaning


For more information visit The XLab FAQs and read the FAQ on removing software.


And, see the following:


Helpful Links Regarding Malware Protection


An excellent link to read is Tom Reed's Mac Malware Guide.

Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.

See these Apple articles:


Mac OS X Snow Leopard and malware detection

OS X Lion- Protect your Mac from malware

OS X Mountain Lion- Protect your Mac from malware

About file quarantine in OS X


If you require anti-virus protection Thomas Reed recommends using Dr.Web Light from the App Store. It's free, and since it's from the App Store, it won't destabilize the system. If you prefer one of the better known commercial products, then Thomas recommends using Sophos.(Thank you to Thomas Reed for these recommendations.) If you already use Sophos, then be aware of this if you are using Mavericks: OS X Mavericks- Sophos Anti-Virus on-access scanner versions 8.0 - 9.1 may cause unexpected restarts


From user Joe Bailey comes this equally useful advice:


The facts are:


1. There is no anti-malware software that can detect 100% of the malware out there.

2. There is no anti-malware that can detect anything targeting the Mac because there

is no Mac malware in the wild, and therefore, no "signatures" to detect.

3. The very best way to prevent the most attacks is for you as the user to be aware that

the most successful malware attacks rely on very sophisticated social engineering

techniques preying on human avarice, ****, and fear.

4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on

your computer is intended to entice you to install their malware thinking it is a

protection against malware.

5. Some of the anti-malware products on the market are worse than the malware

from which they purport to protect you.

6. Be cautious where you go on the internet.

7. Only download anything from sites you know are safe.

8. Avoid links you receive in email, always be suspicious even if you get something

you think is from a friend, but you were not expecting.

9. If there is any question in your mind, then assume it is malware.

7 replies
Question marked as Best reply

Jul 24, 2014 1:53 PM in response to fadeslow

Uninstalling Software: The Basics


Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash. Applications may create preference files that are stored in the /Home/Library/Preferences/ folder. Although they do nothing once you delete the associated application, they do take up some disk space. If you want you can look for them in the above location and delete them, too.


Some applications may install an uninstaller program that can be used to remove the application. In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.


Some applications may install components in the /Home/Library/Applications Support/ folder. You can also check there to see if the application has created a folder. You can also delete the folder that's in the Applications Support folder. Again, they don't do anything but take up disk space once the application is trashed.


Some applications may install a startupitem or a Log In item. Startupitems are usually installed in the /Library/StartupItems/ folder and less often in the /Home/Library/StartupItems/ folder. Log In Items are set in the Accounts preferences. Open System Preferences, click on the Accounts icon, then click on the LogIn Items tab. Locate the item in the list for the application you want to remove and click on the "-" button to delete it from the list.


Some software use startup daemons or agents that are a new feature of the OS. Look for them in /Library/LaunchAgents/ and /Library/LaunchDaemons/ or in /Home/Library/LaunchAgents/.


If an application installs any other files the best way to track them down is to do a Finder search using the application name or the developer name as the search term. Unfortunately Spotlight will not look in certain folders by default. You can modify Spotlight's behavior or use a third-party search utility, EasyFind, instead.


Some applications install a receipt in the /Library/Receipts/ folder. Usually with the same name as the program or the developer. The item generally has a ".pkg" extension. Be sure you also delete this item as some programs use it to determine if it's already installed.


There are many utilities that can uninstall applications. Here is a selection:


1. AppZapper

2. AppDelete

3. Automaton

4. Hazel

5. AppCleaner

6. CleanApp

7. iTrash

8. Amnesia

9. Uninstaller

10. Spring Cleaning


For more information visit The XLab FAQs and read the FAQ on removing software.


And, see the following:


Helpful Links Regarding Malware Protection


An excellent link to read is Tom Reed's Mac Malware Guide.

Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.

See these Apple articles:


Mac OS X Snow Leopard and malware detection

OS X Lion- Protect your Mac from malware

OS X Mountain Lion- Protect your Mac from malware

About file quarantine in OS X


If you require anti-virus protection Thomas Reed recommends using Dr.Web Light from the App Store. It's free, and since it's from the App Store, it won't destabilize the system. If you prefer one of the better known commercial products, then Thomas recommends using Sophos.(Thank you to Thomas Reed for these recommendations.) If you already use Sophos, then be aware of this if you are using Mavericks: OS X Mavericks- Sophos Anti-Virus on-access scanner versions 8.0 - 9.1 may cause unexpected restarts


From user Joe Bailey comes this equally useful advice:


The facts are:


1. There is no anti-malware software that can detect 100% of the malware out there.

2. There is no anti-malware that can detect anything targeting the Mac because there

is no Mac malware in the wild, and therefore, no "signatures" to detect.

3. The very best way to prevent the most attacks is for you as the user to be aware that

the most successful malware attacks rely on very sophisticated social engineering

techniques preying on human avarice, ****, and fear.

4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on

your computer is intended to entice you to install their malware thinking it is a

protection against malware.

5. Some of the anti-malware products on the market are worse than the malware

from which they purport to protect you.

6. Be cautious where you go on the internet.

7. Only download anything from sites you know are safe.

8. Avoid links you receive in email, always be suspicious even if you get something

you think is from a friend, but you were not expecting.

9. If there is any question in your mind, then assume it is malware.

Jul 24, 2014 4:19 PM in response to fadeslow

You installed the "DownLite" trojan, perhaps under a different name. Remove it as follows.

Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.

Back up all data.

Triple-click anywhere in the line below on this page to select it:

/Library/LaunchAgents/com.vsearch.agent.plist

Right-click or control-click the line and select

Services â–¹ Reveal in Finder (or just Reveal)

from the contextual menu.* A folder should open with an item named "VSearch" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.

Repeat with each of these lines:

/Library/LaunchDaemons/com.vsearch.daemon.plist
/Library/LaunchDaemons/com.vsearch.helper.plist
/Library/LaunchDaemons/Jack.plist

Restart the computer and empty the Trash. Then delete the following items in the same way:

/Library/Application Support/VSearch
/Library/PrivilegedHelperTools/Jack
/System/Library/Frameworks/VSearch.framework
~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin

Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.

From the Safari menu bar, select

Safari â–¹ Preferences... â–¹ Extensions

Uninstall any extensions you don't know you need, including any that have the word "Spigot" or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.

This trojan is distributed on illegal websites that traffic in pirated movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.

You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the DownLite developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight is inexcusable and has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go â–¹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

May 2, 2016 5:04 PM in response to Linc Davis

Until recently, the link below was a fantastic comprehensive list of a whole huge laundry list of files to look for and trash (and where to look for them) on OS X if you're having a malware problem.


Now it is a completely different page that doesn't provide any of the same information/lists it used to and I'm upset that I didn't save it as a PDF before Apple changed it.


Stop pop-up ads in Safari - Apple Support


Can anyone who knows what I'm talking about point me to a link to the old version of this page?

May 2, 2016 6:17 PM in response to DigitalDuderino

DigitalDuderino wrote:


Until recently, the link below was a fantastic comprehensive list of a whole huge laundry list of files to look for and trash (and where to look for them) on OS X if you're having a malware problem.


Now it is a completely different page that doesn't provide any of the same information/lists it used to and I'm upset that I didn't save it as a PDF before Apple changed it.


Stop pop-up ads in Safari - Apple Support


Can anyone who knows what I'm talking about point me to a link to the old version of this page?


Rummage around in the Wayback Machine...

Malware OSX/Vsearch-A

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.