Mackeeper help?

Why don't you give AdwareMedic a try:

http://www.adwaremedic.com/index.php

Ciao.

There is no need to download anything to solve this problem. You installed a variant of the "VSearch" trojan. Remove it as follows.

This malware has many variants. Anyone else finding this comment should not expect it to be applicable.

Back up all data before proceeding.

Triple-click anywhere in the line below on this page to select it:

/Library/LaunchAgents/com.star.agent.plist

Right-click or control-click the line and select

Services ▹ Reveal in Finder (or just Reveal)

from the contextual menu.* A folder should open with an item selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.

Repeat with each of these lines:

/Library/LaunchDaemons/com.star.daemon.plist
/Library/LaunchDaemons/com.star.helper.plist

Restart the computer and empty the Trash. Then delete the following items in the same way:

/Library/Application Support/star
/System/Library/Frameworks/v.framework

The problem may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.

This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.

In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.

Then, still in System Preferences, open the App Store or Software Update pane and check the box marked

Install system data files and security updates (OS X 10.10 or later)

or

Download updates automatically (OS X 10.9 or earlier)

if it's not already checked.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

If you take the advice of an anonymous stranger on a website to run an unknown application with unknown effects, I don't know what will happen—and neither does he, unless he has personally tested the advice on his own computer, as the terms of use of this site require. What I do know is that the habit of trusting strangers that way puts the safety of your data at risk, and no software is going to mitigate that risk. Skepticism is the only defense against malware attack in the long run.

I'm not asking you to download and run an application from my friend's website, or to do anything else that you can't easily undo.

If his argument 9LINS DAVIS) were brought to its logical conclusion, all responses, including his, would have to be challenged by an OP. Naturally a scenario such as that would make these forums totally unworkable. We do not and never will live in a perfect world, but In essence this is an argument looking for a problem that does not exist.

One is entitled to express ones thoughts on these subjects, but opinions do not by definition always equate to facts.

Ciao.

Linc Davis wrote:

If you take the advice of an anonymous stranger on a website to run an unknown application with unknown effects, I don't know what will happen—and neither does he, unless he has personally tested the advice on his own computer, as the terms of use of this site require. What I do know is that the habit of trusting strangers that way puts the safety of your data at risk, and no software is going to mitigate that risk. Skepticism is the only defense against malware attack in the long run.

I agree completely. People get into trouble by not being skeptical enough. Handing over their password to an installer or application gives the developer of that software complete control over their computer and all of their data. Handing over the password is key, because it could bypass any and all protections, including encryption, that Apple has put into place to protect people.

People get into trouble by not being skeptical enough. They are not skeptical of claims from disguised ads on websites that some "clean up" program (like MacKeeper or CleanMyMac). Nor are they skeptical of claims from disguised ads on websites that some new browser (like Chrome) is going to somehow speed up their web browsing. Nor are they skeptical of claims that some antivirus can protect their Mac by scanning for millions of Windows malware programs and ignoring adware that is plaguing Mac users all across the world. And they are also not skeptical of claims from Apple that some new OS upgrade is what they need. I'm not trying to trash any programs like MacKeeper, CleanMyMac, Norton, Chrome, or Yosemite. I want people to be skeptical of these claims so that software developers actually make an effort to prove them and provide meaningful value to their users. There are good parts to all of the software I have mentioned here, but their developers are focused more on profits and marketing rather than providing value.

I'm not asking you to download and run an application from my friend's website, or to do anything else that you can't easily undo.

Why not?

There is a missing piece here regarding skepticism. Most people don't have enough technical knowledge to make informed decisions. They can't read your scripts. They can't read the compiled code in AdwareMedic (or find the embedded plain text AppleScripts). My own little ASC tool is open source, but that really isn't going to help most people. I only made it open-source to boost my GitHub activity, not to demonstrate its trustworthiness 🙂. I'm not saying that people who aren't programmers or systems engineers are stupid or anything. They just haven't studied this stuff for decades. How are they supposed to know?

Well, one way is to ask for help from their friends. But how do they know if their friends know the right answers? Another way is to search the internet on their own. How do they know what is true and what is dangerous? Sadly, as everyone on these forums can attest, they usually can't tell the difference.

That is what this community is for. It is a place where there are lots of friendly people who are willing and able to give other people this kind of advice. If you know of useful downloads from your friend's websites that might help, people would like to know. There is a solid consensus that AdwareMedic is a safe, effective, and easy-to-use tool for removing adware. There is a solid consensus that Mac antivirus is damaging to Mac reliability and performance and ineffective at what it claims to do. Whether or not a program is open source is irrelevant to its trustworthiness. Open source political activists bash Apple for its closed source. But they are not claiming that Apple is publishing malware or that Apple software is unsafe, they are saying that use of close source is detrimental to technological freedom - and they are correct. We use Apple products because we are willing to give up some of our technological freedom in exchange for convenience. That is exactly the value that AdwareMedic provides and that is why a consensus of Mac users on ASC finds it trustworthy and effective.

Linc Davis wrote:

If you take the advice of an anonymous stranger on a website

Are you not just another anonymous stranger Mr Davis (is that really your name)

Good for the goose, and all that.

Csound1 wrote:

Are you not just another anonymous stranger Mr Davis (is that really your name)

I believe it is. Linc benefits from his reputation in exactly the same way that Thomas does. Both have been very active across the Internet for many years. It is perfectly safe to take the advice of either on technical topics - other than how to be anonymous on the Internet, of course. 🙂

I read your instructions and found them to be helpful. Not to the point as I got a variant so the filenames were different but the locations were the same so I got rid of that agent. Thanks a lot Linc Davis. I prefer to clean the mess I made myself, and more so to understand how and when I messed up as well as how I clean it thoroughly. Nothing against tools but the cleaning tooked me 1 minute and a restart... (can't be beaten by a tool). ;-)
Once again: Cheers

I prefer to clean the mess I made myself, and more so to understand how and when I messed up as well as how I clean it thoroughly. Nothing against tools but the cleaning tooked me 1 minute and a restart... (can't be beaten by a tool). ;-)

Thanks for your comment. That is precisely the point I'm trying to make, against vast resistance. Since you now know more about malware than nearly all of the people who give advice about it on this site, I hope you'll share your knowledge with others in the same predicament.