-
All replies
-
Helpful answers
-
May 17, 2015 7:21 AM in response to Linc Davisby ladyhdrider2000,Linc,
I ran the diagnostic and posted it. Would appreciate any feedback. I can not get rid of the Flashmall nor it's widget that is in my Launch pad. Help!
-
May 17, 2015 9:32 AM in response to Linc Davisby Linc Davis,These are updated instructions for removing the "Crossrider" or "Flashmall" trojan.
Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
Back up all data before continuing.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may be files with a name beginning in any of the following ways:
com.crossrider
com.extensions
com.flashmall
com.webhelper
com.webtools
flashmall
UpdateDownloader
WebSocketServerApp
Move any such files to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.
3. Do as in Step 1 with this line:
~/Library/Application Support
A folder named "Application Support" will open. Inside it there may be a subfolder with either of these names:
webHelperApp
IM.Installer
If so, move that subfolder—not the "Application Support" folder—to the Trash.
4. Open this folder in the same way as above:
~/Library/ScriptingAdditions
and remove an item named
BrowserHelper.osax
if present.
5. Open this folder:
~/Library
Look for subfolders with either of these names:
flashmall
WebTools
and move them to the Trash, if present.
6. Open the Applications folder. If it contains an item named "Flashmall" or "WebTools", move that to the Trash.
7. Open this folder in the same way as above:
~/Applications
This is not the usual Applications folder, but a different one inside your home folder. Look for an application with a name like this:
flashmall
and move it to the Trash, if present.
Empty the Trash.
8. From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall all extensions you don't know you need, including one called "GoldenBoy," if it's present. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
-
May 17, 2015 11:11 AM in response to Linc Davisby ladyhdrider2000,THANK YOU! This helped and my computer is free (for now) of FlashMall
-
Jun 2, 2015 11:42 PM in response to Linc Davisby alakhras,Excellent, thank you so much, it was very helpful. AA
-
Jun 4, 2015 9:10 AM in response to Linc Davisby shornig,I am using iMac 10.6.8 with OSX Snow Leopard. When I use Finder and Go to Folder, it tells me the folder is not found. Can you help?
-
Jul 8, 2015 9:58 PM in response to Linc Davisby JDP63,You don't know me. But it's 1 a.m. and I've been trying to remove those annoying ads all night. And your instructions worked perfectly. So, thanks. Really appreciate it.
-
Jul 18, 2015 3:03 PM in response to Linc Davisby davemish8,Thank you so much. Had trouble deleting the web helper app; said launch in use. Just rebooted again and made sure safari was closed. (I had it open again to follow second link) Then worked. Such a relief!
-
Aug 16, 2015 8:39 AM in response to Linc Davisby sinnylong,In response to the original answer:
In my LaunchAgents folder, I have the following:
com.adobe.AAM.Updater-1.0.plist
com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist
com.WebTools.oiuqw343sQ9a.helpd.plist
com.WebTools.oiuqw343sQ9a.plist
Qamails.download.plist
Qamails.ltvbit.plist
Qamails.update.plist
Should I delete any of these? All of them? Are there some I should leave?
Thanks for any help! This stuff is annoying.
-
Aug 16, 2015 10:03 AM in response to sinnylongby sinnylong,Never mind. Figured it out (at least it looks that way so far). I deleted the WebTools-related stuff and that seems to have done the trick. Still not sure what the Qamails ones are, but I left them in there for now.
Thanks for the help!
-
Aug 17, 2015 3:23 PM in response to sinnylongby thomas_r.,The Qamails items are from a variant of Genieo, and also should be deleted.
-
-
Aug 27, 2015 11:40 AM in response to wine4uby JuBee7,I also have this question. I am using Google Chrome because I am still working with OS X 10.6.8
Is there a way to get rid of ads from FlashMall? Linc Davis I have tried your suggestion but when I tried to open the folder it said "No folder exists". I didn't have this issue with ads before. Is it because I'm working with an older (vintage) model late 2006 and working on OS X 10.6.8?
-
Aug 27, 2015 12:39 PM in response to JuBee7by ChitlinsCC,Malwarebytes Anti-Malware for Mac (formerly AdwareMedic)
The Safe Mac » Adware Removal Guide
The Safe Mac » Eliminating browser redirects and advertisements
How [NOT} to install adware | Apple Support Communities
Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support
"Ransomware" web pages | Apple Support Communities
Viruses, Trojans, Malware - and other aspects o... | Apple Support Communities
John Galt on a "Ransomware" Intrusion
Kappy on MalWare - how to delet mailwere? | Apple Support Communities
"On Internet Security" by John Galt - 'Keep Calm and Repair Permissions'
Safari Xtns - ScamZapper - Apple Club
P.U.K a rude PopUp/Under Killer :: Add-ons for Firefox
-
Aug 28, 2015 8:20 AM in response to Linc Davisby JuBee7,I'm coming to you Linc Davis
I have an older MacBook (late 2006 model) am working with OS X 10.6.8 I had to uninstall Safari because it was not compatible with most sites and I don't have the means to update to the latest OS X. I then installed Google Chrome, but now I have a new tab opening up every time I (for example....when I click to log-in to my hotmail account....a new window opens up for "Clean PC" "Warning your computer is at risk call this number now") happens on every site I visit. I was told to install Ad Block Plus so I did. The icon for ABP says it's blocking so many ads but I still have a bunch from FlashMall and those annoying ads that pop-up. I also, right now clicked inside this message box and a new tab claiming it's "Apple Help" opened up, I know that's not really Apple. I keep exiting those tabs but they keep opening.
How do I get the new tab scams to stop opening up every time I use Chrome? How do I get rid of all ads, pop-ups, FlashMall, etc.?
I'm not tech savvy so step by step instructions would help me very much.
Thanks Linc
-
Aug 28, 2015 9:43 AM in response to JuBee7by thomas_r.,You'll find step-by-step instructions here:
http://www.thesafemac.com/arg-bundlore/
(Fair disclosure: I am affiliated with Malwarebytes, whose site I am linking to above.)