You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
Hello everyone .. I would like to ask if the adwaremedic program is the safest way to remove adware from the mac. Lately I m having some pop up advertisements from a specific site called mac keeper. I have no idea how this ad came up since I am not downloading torrents nor visiting any suspicious site .
So is this the only way to permanently remove the adware? Is it safe , since this is a third party program? Thanks in advance everyone
jfras311
The title of this thread is "AdwareMedic is it safe?" - the answer is unequivocally yes. Before taking drastic measures, run it (links abound here and elsewhere throughout ASC - even been reviewed and recommended by a MacWorld Senior Editor)
for your convenience:
The Safe Mac » Adware Removal Guide
Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support
Csound1 wrote:
Linc Davis wrote:
You haven't asked a question, but I assume you ran that now long-obsolete script because of an adware problem.
One of your scripts?
I think, perhaps, that your subtle point may be that Thomas keeps AdwareMedic updated for new variants?
Easy as pie for those not inclined to take risky steps behind the system file level curtain?
[thanks Thomas!]
Of course, the best medicine is the preventative kind -
" Let’s be careful out there. "
[close of every roll call]
- Michael Conrad as Sgt. Phil Esterhaus – NYPD Blue
I have a point? that's news to me.
EXTRA! Extra! Read all about it! You do!
Is there anyone who can help me fix this mess I've caused?
Start time: 21:08:21 07/18/15
Model Identifier: MacBookAir6,2
System Version: OS X 10.10.4 (14E46)
Kernel Version: Darwin 14.4.0
Time since boot: 3 days 4:34
System load
combined level = Bad
- battery level = Bad
FileVault: On
Diagnostic reports
2015-04-17 UserKernel crash
2015-06-29 AppAS crash
2015-07-03 AppAS crash
2015-07-11 com.apple.WebKit.Plugin.64 crash
2015-07-18 AppAS crash x3
2015-07-18 com.apple.WebKit.Plugin.64 crash
Log
Jul 16 19:22:30 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 16 19:22:30 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 16 19:22:30 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 16 19:22:30 com.apple.WebKit.Plugin.32.UUID: Service exited with abnormal code: 1
Jul 16 19:22:30 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 16 19:22:30 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 16 19:28:14 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 16 19:28:14 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 16 19:29:07 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 16 19:29:07 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 16 19:38:58 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 17 07:29:33 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 17 07:29:33 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 17 08:02:24 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 111
Jul 18 17:39:38 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 18 17:39:38 com.apple.iTunesHelper.58820: Service exited with abnormal code: 1
Jul 18 17:40:20 utun_start: ifnet_disable_output returned error 12
Jul 18 17:40:22 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 111
Jul 18 17:41:05 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 18 18:16:19 process com.apple.WebKit[8460] caught causing excessive wakeups. Observed wakeups rate (per sec): 206; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 158688
Jul 18 19:00:33 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 18 19:49:49 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 18 20:31:56 process com.apple.WebKit[8460] caught causing excessive wakeups. Observed wakeups rate (per sec): 206; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 744358
Jul 18 20:58:38 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 18 21:02:21 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Swap (MiB): 81602
Daemons
com.v.daemon
com.v.helper
com.adobe.ARMDC.Communicator
com.apple.installer.osmessagetracing
com.adobe.fpsaud
com.adobe.ARMDC.SMJobBlessHelper
Agents
Listchack.update
Otwexplain.update
com.Wondershare.TunesGoWatchDemo
Manroling.update
com.v.agent
com.bittorrent.uTorrent
com.apple.photostream-agent
Listchack.download
Listchack.ltvbit
com.adobe.ARMDCHelper.UUID
Otwexplain.download
Otwexplain.ltvbit
com.google.keystone.user.agent
com.apple.AirPortBaseStationAgent
com.spigot.ApplicationManager
Bundles
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
- com.adobe.acrobat.pdfviewerNPAPI
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
Contents of /etc/hosts (checksum 2113027887)
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
127.0.0.1 www.secureopensoftware.com
127.0.0.1 www.mackeeperapp3.mackeeper.com
127.0.0.1 www.mackeeperapp3.mackeeper.com/landings/123.1/?affid=mzb_263.5777651.143579969 4.2.mzb&utm_source=tared&utm_medium=cpi&utm_campaign=mk_tared_nt_cpi_us_sp160_34 10jcysff_1jun&utm_term=&utm_content=&userDefiner=mzb_2351&trt=29_3410456611&aler t=10&tid_ext=TR_02D50SRzz2K500CG
Contents of /Library/LaunchAgents/com.6d094b283f1dbf9e.agent.plist (checksum 116527040)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.v.agent</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/6d094b283f1dbf9e/Agent/agent.app/Contents/MacOS/agent</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.adobe.ARMDCHelper.UUID.plist (checksum 2197523146)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARMDCHelper.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/ARMDC/Application/Acrobat Update Helper.app/Contents/MacOS/Acrobat Update Helper</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.6d094b283f1dbf9e.daemon.plist (checksum 2523588330)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.v.daemon</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/6d094b283f1dbf9e/Agent/agent.app/Contents/MacOS/agent</string>
<string>-update</string>
</array>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.6d094b283f1dbf9e.helper.plist (checksum 3387579532)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.v.helper</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/6d094b283f1dbf9e/Agent/agent.app/Contents/MacOS/agent</string>
<string>-helper</string>
</array>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.adobe.ARMDC.Communicator.plist (checksum 3887726299)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARMDC.Communicator</string>
<key>MachServices</key>
<dict>
<key>com.adobe.ARMDC.Communicator</key>
<true/>
</dict>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/com.adobe.ARMDC.Communicator</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.adobe.ARMDC.SMJobBlessHelper.plist (checksum 930028549)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARMDC.SMJobBlessHelper</string>
<key>MachServices</key>
<dict>
<key>com.adobe.ARMDC.SMJobBlessHelper</key>
<true/>
</dict>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/com.adobe.ARMDC.SMJobBlessHelper</string >
</array>
</dict>
</plist>
Contents of Library/LaunchAgents/Listchack.download.plist (checksum 2152440803)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.download</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>download</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Downloads</string>
</array>
<key>isAllowToSuggest</key>
...and 3 more line(s)
Contents of Library/LaunchAgents/Listchack.ltvbit.plist (checksum 2698371100)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.ltvbit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>ltvbit</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>4</integer>
<key>Minute</key>
...and 4 more line(s)
Contents of Library/LaunchAgents/Listchack.update.plist (checksum 1931991178)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
...and 6 more line(s)
Contents of Library/LaunchAgents/Manroling.update.plist (checksum 2684355723)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Manroling.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Manroling/Manroling.app/Contents/MacOS/AppNOS</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>1434976216979282</string>
<string>-identity</string>
<string>Manroling</string>
<string>-sig</string>
<string>NOSIGNATURE_SIGNATURE</string>
<string>-agentUpdate</string>
<string>2</string>
</array>
<key>RunAtLoad</key>
...and 10 more line(s)
Contents of Library/LaunchAgents/Otwexplain.download.plist (checksum 1906304841)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Otwexplain.download</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Otwexplain/Otwexplain.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>download</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Otwexplain</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Downloads</string>
</array>
<key>isAllowToSuggest</key>
...and 3 more line(s)
Contents of Library/LaunchAgents/Otwexplain.ltvbit.plist (checksum 1218373212)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Otwexplain.ltvbit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Otwexplain/Otwexplain.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>ltvbit</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Otwexplain</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>4</integer>
<key>Minute</key>
...and 4 more line(s)
Contents of Library/LaunchAgents/Otwexplain.update.plist (checksum 2826203092)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Otwexplain.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Otwexplain/Otwexplain.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Otwexplain</string>
<string>-sig</string>
<string>ASSAF_SIGNATURE</string>
<string>-agentUpdate</string>
<string>0</string>
</array>
<key>RunAtLoad</key>
...and 10 more line(s)
Contents of Library/LaunchAgents/com.Wondershare.TunesGoWatchDemo.plist (checksum 3260814556)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.Wondershare.TunesGoWatchDemo</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Wondershare TunesGo/TunesGoWatch.app</string>
</array>
</dict>
</plist>
Contents of Library/LaunchAgents/com.bittorrent.uTorrent.plist (checksum 68136511)
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC -//Apple Computer//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd> <plist version="1.0"> <dict> <key>Label</key> <string>com.bittorrent.uTorrent</string> <key>ProgramArguments</key> <array> <string>/usr/bin/open</string> <string>-W</string> <string>-a</string> <string>/Applications/uTorrent.app</string> </array> <key>KeepAlive</key> <false/> <key>LaunchOnlyOnce</key> <true/> </dict> </plist>
Contents of Library/LaunchAgents/com.google.keystone.agent.plist (checksum 1735178792)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.google.keystone.user.agent</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>
<string>-runMode</string>
<string>ifneeded</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>3523</integer>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Contents of Library/LaunchAgents/com.spigot.ApplicationManager.plist (checksum 3609818847)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.spigot.ApplicationManager</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Spigot/ApplicationManager</string>
<string>--protect</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
User login items
Steam
- missing value
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
uTorrent
- missing value
Dropbox
- /Applications/Dropbox.app
Restricted files: 68
Lockfiles: 9
Elapsed time (s): 270
The instructions for removing "InstallMac" variants (of which you've installed four, a new world record) are on page 10 of this thread. The instructions for removing "VSearch," which you've also installed, are on page 11. Not to be outdone, you also have yet another kind of malware, "Spigot," for which the removal instructions are below.
The larger issue is that you're a setup for Internet crime. Unless you change the way you use the computer, you're going to be reinfected immediately with yet more adware, and worse to follow. In that case, you might as well not bother to remove the malware you have now. No one and nothing can protect you from the consequences of unsafe computing practices such as torrenting software.
You installed the "Spigot" ad-injection malware. Take the steps below to disable it.
Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
Back up all data before continuing.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may be one or more files with a name beginning as follows:
com.spigot
Move all such items to the Trash.
Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.
3. Do as in Step 1 with this line:
~/Library/Application Support
and remove an item named
Spigot
If it's present.
Empty the Trash.
4. From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall all extensions you don't know you need, including any with the word "Spigot" in the description. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
Make sure you don't repeat the mistake that led you to install the malware. Chances are you got it from an Internet cesspit such as "Softonic," "CNET Download," or "SourceForge." Never visit any of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Still in System Preferences, open the App Store or Software Update pane and check the box marked
Install system data files and security updates (OS X 10.10 or later)
or
Download updates automatically (OS X 10.9 or earlier)
if it's not already checked.
My computer is running extremely well compared to what it was before I followed your instructions to delete all the trash. I won't be visiting anymore of those websites; I didn't even realize what I was doing...obviously. Is there anything else you can see that still needs to be wiped clean?
Thanks for all your help. You saved my computer.
Also, is every file with something.plist, bad?
ex:
Start time: 09:25:35 07/20/15
Model Identifier: MacBookAir6,2
System Version: OS X 10.10.4 (14E46)
Kernel Version: Darwin 14.4.0
Time since boot: 13 minutes
FileVault: On
Diagnostic reports
2015-04-17 UserKernel crash
2015-06-29 AppAS crash
2015-07-03 AppAS crash
2015-07-11 com.apple.WebKit.Plugin.64 crash
2015-07-18 AppAS crash
2015-07-18 com.apple.WebKit.Plugin.64 crash
2015-07-19 AppAS crash x2
Log
Jul 18 23:25:30 com.apple.spindump: Service exited with abnormal code: 75
Jul 18 23:25:40 com.apple.spindump: Service exited with abnormal code: 75
Jul 18 23:25:50 com.apple.spindump: Service exited with abnormal code: 75
Jul 18 23:26:00 com.apple.spindump: Service exited with abnormal code: 75
Jul 18 23:26:10 com.apple.spindump: Service exited with abnormal code: 75
Jul 18 23:26:20 com.apple.spindump: Service exited with abnormal code: 75
Jul 18 23:34:57 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 18 23:35:40 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 18 23:36:13 com.apple.iTunesHelper.58820: Service exited with abnormal code: 1
Jul 19 10:33:54 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 111
Jul 19 14:50:46 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 20 09:11:51 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 20 09:11:52 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 20 09:12:00 com.apple.iTunesHelper.58820: Service exited with abnormal code: 1
Jul 20 09:12:56 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 111
Jul 20 09:13:00 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:13:10 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:13:20 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:13:30 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:13:40 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:13:40 com.apple.iTunesHelper.58820: Service exited with abnormal code: 1
Jul 20 09:13:50 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:14:00 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:14:10 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:14:20 com.apple.spindump: Service exited with abnormal code: 75
Daemons
com.apple.installer.osmessagetracing
Agents
com.apple.photostream-agent
com.adobe.ARMDCHelper.UUID
com.apple.AirPortBaseStationAgent
Bundles
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
- com.adobe.acrobat.pdfviewerNPAPI
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
Contents of /etc/hosts (checksum 2113027887)
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
127.0.0.1 www.secureopensoftware.com
127.0.0.1 www.mackeeperapp3.mackeeper.com
127.0.0.1 www.mackeeperapp3.mackeeper.com/landings/123.1/?affid=mzb_263.5777651.143579969 4.2.mzb&utm_source=tared&utm_medium=cpi&utm_campaign=mk_tared_nt_cpi_us_sp160_34 10jcysff_1jun&utm_term=&utm_content=&userDefiner=mzb_2351&trt=29_3410456611&aler t=10&tid_ext=TR_02D50SRzz2K500CG
Contents of /Library/LaunchAgents/com.adobe.ARMDCHelper.UUID.plist (checksum 2197523146)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARMDCHelper.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/ARMDC/Application/Acrobat Update Helper.app/Contents/MacOS/Acrobat Update Helper</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
User login items
Steam
- missing value
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
uTorrent
- missing value
Dropbox
- /Applications/Dropbox.app
Restricted files: 68
Lockfiles: 9
Elapsed time (s): 240
Jules --
This thread has too many add-on reports, other than the Original Poster's. However, in addition to other good advice here, You really need to uninstall and quit using uTorrent! All kinds of really serious stuff can be left on your wide open Mac using Torrents. Also you've got MacKeeper on there as well? Do you know what AppAS would stand for in your reports? It keeps crashing.
Hi Bee,
You mentioned I need to uninstall and quit using uTorrent. I don't even know what that is. I tried to find that on my computer, but couldn't. I admit that I tried to download an audiobook from the internet, which is how this whole mess began. But it happened once, and I've certainly learned my lesson. If there is still some application on my computer that I need to uninstall, please tell me how to find it if you can. And I don't have a clue what AppAS is. I will play around on here and see if I can find it. Thanks.
Jules237 wrote:
I don't have a clue what AppAS is.
That's a component of the Genieo adware. I'm not sure if you had already tried removing it or not, or if you did, how you did it... if you're not sure whether it was completely removed, try the free Malwarebytes Anti-Malware for Mac, which has now replaced AdwareMedic.
(Fair disclosure: I am affiliated with Malwarebytes.)
The instructions for removing "InstallMac" variants (of which you've installed at least one) are on page 10 of this thread. You should never use any kind of "anti-virus" or "anti-malware" software, even though it may be advertised on this site.
Linc Davis wrote:
You should never use any kind of "anti-virus" or "anti-malware" software, even though it may be advertised on this site.
If anyone is uncertain what to do at this point, discuss it with an Apple support tech. They will steer you in the right direction, whether that is Apple's adware removal document, my company's Malwarebytes Anti-Malware for Mac app or something else entirely. Apple techs are seeing a lot of problems like these right now, and know how to handle them. They should be considered the authorities in the case of conflicting advice from strangers on a forum like this one.
By the time I read Linc's post, I could have use AdwareMedic to checkmand remove and Malware from our Studio Macs as I have done so successfully in the past. I personally endorse it, even though I know that a small minority don't.
Cheers
Pete
Linc Davis wrote:
The instructions for removing "InstallMac" variants (of which you've installed at least one) are on page 10 of this thread. You should never use any kind of "anti-virus" or "anti-malware" software, even though it may be advertised on this site.
How come your post was edited after the 15 minutes yet not marked as 'Edited' by the hosts?
That's odd!
Pete
Hi Link,
I was Just online using google chrome, looking for a baby accessory, clicked on a link and now I cannot access the internet via google chrome browser.
Every time you refresh or use another tab, or type an address in the tool bar, a blue page loads up with a square sad face and this sentence:-
"Aw Snap ... something went wrong while displaying this webpage, To continue reload or go to another page. If your seeing this frequently try these suggestions"
I immediately any through your instructions re:- /Library/LaunchDaemons - Go-Go to folder etc. there was nothing inside this folder
I also scanned using Adware medic - nothing came up.
I am using safari for this and that seemed fine - possible one pop up.
Looking forward to receiving your advice to solve this problem
best
Jon
Adwaremedic is it safe ?
