Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

websocket server

I was just prompted to allow or deny internet access for the app - web socket server app -


I have not been prompted for this previously. It appears that this is new and related to HTML5.


Is it a good idea to permit this access?

MacBook Pro with Retina display, OS X Yosemite (10.10.1)

Posted on Feb 17, 2015 8:31 AM

Reply
Question marked as Best reply

Posted on Feb 17, 2015 1:01 PM

You installed the "Crossrider" trojan. Take the steps below to disable it.

Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

Back up all data before continuing.

1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

2. Inside the folder you just opened, there may be files with any of the following names:

com.crossrider.wss*.agent.plist

com.webhelper.plist

com.webtools.update.agent.plist

flashmall_updater.plist

flashmall_updater.sh

WebSocketServerApp

Here * stands for a variable six-digit number. Some of these files may be absent. Move any that you have to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

3. Do as in Step 1 with this line:

~/Library/Application Support

A folder named "Application Support" will open. Inside it there may be a subfolder with this name:

webHelperApp

If so, move that subfolder—not the "Application Support" folder—to the Trash.

4. Finally, open this folder in the same way as above:

~/Library

Look for a subfolder with this name:

WebTools

and move it to the Trash, if present. Finally, empty the Trash.

3 replies
Question marked as Best reply

Feb 17, 2015 1:01 PM in response to wfuson

You installed the "Crossrider" trojan. Take the steps below to disable it.

Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

Back up all data before continuing.

1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

2. Inside the folder you just opened, there may be files with any of the following names:

com.crossrider.wss*.agent.plist

com.webhelper.plist

com.webtools.update.agent.plist

flashmall_updater.plist

flashmall_updater.sh

WebSocketServerApp

Here * stands for a variable six-digit number. Some of these files may be absent. Move any that you have to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

3. Do as in Step 1 with this line:

~/Library/Application Support

A folder named "Application Support" will open. Inside it there may be a subfolder with this name:

webHelperApp

If so, move that subfolder—not the "Application Support" folder—to the Trash.

4. Finally, open this folder in the same way as above:

~/Library

Look for a subfolder with this name:

WebTools

and move it to the Trash, if present. Finally, empty the Trash.

Feb 17, 2015 2:39 PM in response to Linc Davis

Thanks for the advice Linc. All the files and folders you mentioned were there and none of the malware detectors I have installed trapped them.


One update though - I moved all to the Trash, and was able to empty the Trash except for the WebSocketServerApp and the WebTools sub-folder since they were active.


Had to empty the trash, restart, and then empty again to get these final two out.


Argggh!


Thanks again!

websocket server

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.