Hello everyone .. I would like to ask if the adwaremedic program is the safest way to remove adware from the mac. Lately I m having some pop up advertisements from a specific site called mac keeper. I have no idea how this ad came up since I am not downloading torrents nor visiting any suspicious site .
So is this the only way to permanently remove the adware? Is it safe , since this is a third party program? Thanks in advance everyone
AggelakasK wrote:
Thomas you said before that if I want to remove completely the app I had to do it only manually?
I'm not sure I understand the question... what app?
If you're referring to whatever adware you may have, then manual removal is using my Adware Removal Guide is one option, as I mentioned earlier. AdwareMedic is another. If you are not comfortable with directions like Linc's, you should give some consideration to using AdwareMedic, but only if you can satisfy yourself that it is legit. I can tell you that it is, but as its author, my opinion is biased.
If you are referring to removal of AdwareMedic after using it, you would simply need to drag it to the trash. It installs nothing that runs in the background, and will leave behind only a few small files (a log file, adware signature files and settings files) that I can tell you how to remove if you want to save a few K of hard drive space.
This is my the first time in Mac interface and typing in terminal makes me really nervous because there is always a possibility to make another mistake
That's fine, but I would like to point out a couple of things. First, the instructions I gave above don't require you to type anything in a Terminal window except your password, which is no different from typing it in a login window. Even that is optional. Second, running an unknown application is in general no safer than running a shell script; in fact, it's less safe, because there is inherently no way of knowing what an application is going to do. I have no opinion as to whether you should run "adwaremedic," but I do have an opinion about running any software merely because strangers on a public website tell you to: you shouldn't. You must do your own research to satisfy yourself that the advice they are giving you is valid. At a minimum, that would involve searching this site for discussions in which others have followed the advice you're being given now, and making sure that there are no reports of harm done. Don't just blithely assume that because someone on this site tells you to do something, it must be a good idea.
Linc Davis wrote:
in fact, it's less safe, because there is inherently no way of knowing what an application is going to do.
From a practical standpoint, there's also no way of knowing what your highly obfuscated shell script will do. Either way, the average user is reliant on reports from other users who have tried it as to whether or not the program can be trusted.
You have been told that my shell script is "obfuscated," meaning that I am trying to conceal something in it. That's false, and it wouldn't be too strong to call the statement a lie. The truth is that the person who made that statement lacks the ability to understand the script. Although he lacks that ability, others among the millions of registered users of this site do not, and as I wrote earlier, any one of them could raise the alarm if the script was harmful.
On the other hand, apart from its developers, not a single person anywhere knows what "adwaremedic" does, or has any way of knowing without thoroughly testing it, which would not be an easy task. It is truly obfuscated, because the developer has not released the source code. He has chosen not to release the code because he does not want anyone else to know how the program works. He is falsely accusing me of doing what he himself has done.
Linc Davis wrote:
You have been told that my shell script is "obfuscated," meaning that I am trying to conceal something in it. That's false, and it wouldn't be too strong to call the statement a lie.
I didn't say you were trying to conceal anything. I don't know whether you are or you aren't. What I do know is that your script uses some similar techniques as those used to "obfuscate" or "minify" a JavaScript to make it smaller or harder to read. This can be done for good or evil purposes, and I make no claims either way about the intentions of your script.
Thomas & AggelaskaK . . .
I have personally witnessed tons of happy reports that the adwaremedic app that Thomas developed, worked perfectly and easily.
For the people who understand Linc's advice, there are also happy reports. But some are very intimated by Linc's advice.
They both apparently work.
So choose the one you are more comfortable with, AggleaskaK.
I must admit that reading all of the above I feltEd a little embarrassment.. I would like to thank you all for the replies . I will be completly honest to both you . If I was more capable (at least for now) understanding Linc's guide I would follow his procedure because you don't have to install something in to the Mac ... Since I cant do anything like that and after I read several posts about Thomas's adwaremedic i will try and run the app to see if it does what it says . I'm finding more simple. Another think that I would like to share is , that if you 2 somehow could work together you could make a lot of Apple's consumers through the world very happy ! I understand that you approach with different ways and procedures the same problems but there is always space for new ones ! Thank you very much both of you !
Start time: 16:21:00 11/18/14
Model Identifier: MacBookPro11,1
System Version: OS X 10.9.5 (13F34)
Kernel Version: Darwin 13.4.0
Time since boot: 3 minutes
Diagnostic reports
2014-11-01 Finder hang
2014-11-01 iTunes hang
Log
Nov 18 16:19:08 unlink of file /Users/USER/Library/Caches/com.apple.Safari/fsCachedData/UUID failed. Errno=2
Nov 18 16:19:08 unlink of file /Users/USER/Library/Caches/com.apple.Safari/fsCachedData/UUID failed. Errno=2
Nov 18 16:19:08 unlink of file /Users/USER/Library/Caches/com.apple.Safari/fsCachedData/UUID failed. Errno=2
Nov 18 16:19:08 unlink of file /Users/USER/Library/Caches/com.apple.Safari/fsCachedData/UUID failed. Errno=2
Nov 18 16:19:08 unlink of file /Users/USER/Library/Caches/com.apple.Safari/fsCachedData/UUID failed. Errno=2
Nov 18 16:19:08 unlink of file /Users/USER/Library/Caches/com.apple.Safari/fsCachedData/UUID failed. Errno=2
Nov 18 16:19:08 ERROR: __CFURLCache:CreateTablesAndIndexes version create - database is locked. ErrCode: 5.
Nov 18 16:19:08 __CFURLCache:RecreateEmptyPersistentStoreOnDiskAndOpen: create tables and index failed.
Nov 18 16:19:12 CoreText CopyFontsForRequest received mig IPC error (FFFFFFFFFFFFFECC) from font server
Nov 18 16:19:12 BUG in libdispatch client: dispatch_mig_server: mach_msg() failed (ipc/send) invalid memory - 0x1000000c
Nov 18 16:19:12 CoreText CopyFontsForRequest received mig IPC error (FFFFFFFFFFFFFECC) from font server
Nov 18 16:19:13 Could not load x-msg URL
Nov 18 16:19:13 CoreText CopyFontsForRequest received mig IPC error (FFFFFFFFFFFFFECC) from font server
Nov 18 16:19:13 CoreText CopyFontsForRequest received mig IPC error (FFFFFFFFFFFFFECC) from font server
Nov 18 16:19:16 The USB device Apple Internal Keyboard / Trackpad (Port 5 of Hub at 0x14000000) may have caused a wake by issuing a remote wakeup (2)
Nov 18 16:19:44 USER_PROCESS: 277 ttys000
Nov 18 16:19:57 **** globally delaying apps from syncing, next sync will be in 28s
Nov 18 16:20:02 The USB device Apple Internal Keyboard / Trackpad (Port 5 of Hub at 0x14000000) may have caused a wake by issuing a remote wakeup (2)
Nov 18 16:20:11 The USB device Apple Internal Keyboard / Trackpad (Port 5 of Hub at 0x14000000) may have caused a wake by issuing a remote wakeup (2)
Nov 18 16:20:18 Session 100018 created
Nov 18 16:20:44 considerRebuildOfPrelinkedKernel com.apple.driver.AppleHWSensor triggered rebuild
Nov 18 16:20:51 The USB device Apple Internal Keyboard / Trackpad (Port 5 of Hub at 0x14000000) may have caused a wake by issuing a remote wakeup (2)
Nov 18 16:21:00 costadinosaggelakis : TTY=ttys000 ; PWD=/Users/USER ; USER=root ; COMMAND=/usr/bin/true
Nov 18 16:21:02 costadinosaggelakis : TTY=ttys000 ; PWD=/Users/USER ; USER=root ; COMMAND=/usr/libexec/smcDiagnose
Nov 18 16:21:02 SMC::smcReadKeyAction ERROR MACR kSMCKeyNotReadable(0x85) fKeyHashTable=0x0xffffff80de21e000
Daemons
com.adobe.fpsaud
Agents
com.apple.photostream-agent
com.paragon.ntfs.upd
com.paragon.ntfs.trial
com.apple.AirPortBaseStationAgent
Bundles
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/NTFSforMacOSX.prefPane
- com.paragon-software.filesystems.ntfs.prefpanel
dylibs
/usr/lib/libUFSDNTFS.dylib
Contents of /System/Library/LaunchAgents/com.paragon.NTFS.trial.plist (checksum 3466880614)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.paragon.ntfs.trial</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Paragon NTFS for Mac OS X/NTFS for Mac OS X.app/Contents/MacOS/NTFS for Mac OS X</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
</dict>
</plist>
Contents of /System/Library/LaunchAgents/com.paragon.NTFS.upd.plist (checksum 1029391047)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.paragon.ntfs.upd</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Paragon NTFS for Mac OS X/ParagonUpdateChecker.app/Contents/MacOS/ParagonUpdateChecker</string>
<string>service</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
</dict>
</plist>
Firewall: On
Wi-Fi
link auth: wpa-psk
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
NIHardwareAgent
- /Library/Application Support/Native Instruments/Hardware/NIHardwareAgent.app
Restricted files: 77
Lockfiles: 1
High file counts
Desktop: 53
Elapsed time (s): 159
Linc !! did I manage the hole idea?
Sorry Thomas I had to worked internal first without installing something new..
AggelakasK wrote:
Sorry Thomas I had to worked internal first without installing something new..
Not a problem at all, you have to do what makes you most comfortable.
From the output generated, I don't see anything AdwareMedic would have removed anyway. It does not look like your problem is due to adware installed on your computer. Another alternative is that you may be on a network that has been compromised in some way. See:
http://www.adwaremedic.com/kb/baddns.php
http://www.adwaremedic.com/kb/hackedrouter.php
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com, in the form of buttons allowing for donations. Donations are not required to use my site or software.)
You don't have adware. Probably you're just seeing normal web content; the "MacKeeper" scam is promoted very aggressively. Ad-blocking software such as "GlimmerBlocker" will help, but it can sometimes have unintended effects.
I doubt that your router has been compromised, but it is using the obsolete and insecure WPA encryption standard. You should change the encryption setting on the router to "WPA 2 Personal." I can't give you specific instructions, because all routers are different. If it doesn't support that standard, it should be replaced.
It wasn't so difficult at last!!! i had to read your instructions very carefully over and over again to understand exactly the procedure. I was really felt that i was infected by this adware cause it is always pops up in different languages in different spots all the time whatever site i am visiting !!! I am very careful with what i am doing with the mac ..Thanks a lot for your useful advises and keep up the good work!
greetings from Greece and i have to apologize for my english ..
Thanks for the kind words, and there is no need to apologize for your English. But I'm confused. Do you mean that you did remove VSearch? I ask because, if you did not have VSearch, but you have started to see ads on websites where you did not see them before, then maybe your router really is compromised, or (more likely) the DNS servers of your ISP have been compromised by a cache-poisoning attack.
Linc Davis wrote:
You have been told that my shell script is "obfuscated," meaning that I am trying to conceal something in it. That's false, and it wouldn't be too strong to call the statement a lie. The truth is that the person who made that statement lacks the ability to understand the script.
As do the majority of people who will read it and Thomas's post.
There is no reason (lacking knowledge) to trust you any more than anyone else.
Heads or Tails?
i didn't found Vsearch at all or i didn't search well enough? ...i thought that you said to me that i don't have an adware ! I am looking the possibility that its router's matter, since i see the same ads at my iPad ..
Adwaremedic is it safe ?
