How do I delete flashmall application?

Click here and follow the instructions. If you're willing to use a tool to remove it(you don't need to, but may find it easier), you can instead run Adware Medic; this link is a direct download.

(126346)

There is no need to download anything to solve this problem. You installed the "Flashmall" trojan. Take the steps below to disable it.

Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

Back up all data before continuing.

1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

2. Inside the folder you just opened, there may be files with a name beginning in any of the following ways:

com.crossrider

com.extensions

com.flashmall

com.webhelper

com.webtools

flashmall

UpdateDownloader

WebSocketServerApp

Some of these files may be absent. Move any that you have to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

3. Do as in Step 1 with this line:

~/Library/Application Support

A folder named "Application Support" will open. Inside it there may be a subfolder with this name:

webHelperApp

If so, move that subfolder—not the "Application Support" folder—to the Trash.

4. Open this folder in the same way as above:

~/Library/ScriptingAdditions

and remove an item named

BrowserHelper.osax

if present.

5. Open this folder:

~/Library

Look for subfolders with either of these names:

flashmall

WebTools

and move them to the Trash, if present.

6. Open the Applications folder. If it contains an item named "Flashmall" or "WebTools", move that to the Trash.

Empty the Trash.

7. From the Safari menu bar, select

Safari ▹ Preferences... ▹ Extensions

Uninstall all extensions you don't know you need. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

Thank you for your amazing knowledge. Your directions helped. I had a whole lot of unnecessary files that made the vent on my MacBook Air Late 2010 keep running. I suppose there were many ad apps of all sorts running at the same time whenever Safari was open. Now the machine is cool and silent. I used a few more of your posts in addition to this one. Thank you for your knowledge, you clarity, and your generosity in sharing it.

Hi Linc, I know you are probably bored having the same conversation over and over however I was hoping you could help me. I have followed your instructions to remove this flashmall app, and on the whole all of the folders I've gone into via finder have now been cleaned of the files/folders you'd suggested removing. The problem is that when I open LaunchPad the Flashmall app is still there and it doesn't let me drag it to trash.

I have ran the diagnostic script as you suggest on a different post, and hope that after seeing it you can help me further by letting me know if there is anything I can / should do to remove anything that shouldn't be there? Thanks in advance for your time and help.. Best regards Andrew

Start time: 19:24:30 05/23/15

Revision: 1166

Model Identifier: iMac15,1

System Version: OS X 10.10.3 (14D136)

Kernel Version: Darwin 14.3.0

Time since boot: 11 minutes

Bluetooth

Apple Magic Mouse

Apple Wireless Keyboard

Log

May 23 19:14:01 ARPT: 5.742170: Failed to set AWDL Sync Enabled state (0), error code -25

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.S peechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc/Contents/MacOS/DataDetectorsDynamicData error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc/Contents/MacOS/DataDetectorsDynamicData error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeSta mpingService.xpc/Contents/MacOS/XPCTimeStampingService error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Diction aryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.x pc/Contents/MacOS/com.apple.DictionaryServiceHelper error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychai nSandboxCheck.xpc/Contents/MacOS/XPCKeychainSandboxCheck error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuth orizeAgent.xpc/Contents/MacOS/IOServiceAuthorizeAgent error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.S peechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeSta mpingService.xpc, error = 1: Operation not permitted

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Failed to bootstrap path: path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc, error = 1: Operation not permitted

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Failed to bootstrap path: path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc, error = 1: Operation not permitted

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Failed to bootstrap path: path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc, error = 1: Operation not permitted

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Failed to bootstrap path: path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Diction aryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.x pc, error = 1: Operation not permitted

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Failed to bootstrap path: path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuth orizeAgent.xpc, error = 1: Operation not permitted

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychai nSandboxCheck.xpc, error = 1: Operation not permitted

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.S peechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc/Contents/MacOS/DataDetectorsDynamicData error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/ com.apple.geod.xpc/Contents/MacOS/com.apple.geod error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

May 23 19:14:27 pci pause: SDXC

May 23 19:15:16 com.apple.xpc.launchd.domain.pid.om.apple.photostream-agent.323: Path not allowed in target domain: type = pid, path = /Applications/iPhoto.app/Contents/Frameworks/PhotoFoundation.framework/Versions /A/XPCServices/com.apple.PhotoApps.DevicePropertyReader.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app

May 23 19:15:16 com.apple.xpc.launchd.domain.pid.om.apple.photostream-agent.323: Path not allowed in target domain: type = pid, path = /Applications/iPhoto.app/Contents/Frameworks/PhotoFoundation.framework/Versions /A/XPCServices/com.apple.PhotoApps.DevicePropertyReader.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app

Daemons

com.adobe.fpsaud

Agents

com.apple.AirPortBaseStationAgent

com.apple.photostream-agent

com.google.keystone.user.agent

com.kodak.BonjourAgent

com.kodak.KODAK

com.kodak.KODAK

com.kodak.KODAK

com.kodak.StatisticCollection

Applications

/Applications/Google Chrome.app

- com.google.Chrome

/Applications/Minecraft.app

- N/A

/Applications/Steam.app

- com.valvesoftware.steam

/Applications/Utilities/Adobe Flash Player Install Manager.app

- com.adobe.flashplayer.installmanager

/Library/Application Support/Microsoft/Silverlight/OutOfBrowser/SLLauncher.app

- com.microsoft.silverlight.sllauncher

/Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app

- com.apple.ScriptEditor.id.cocoa-applet-template

/Library/Application Support/Script Editor/Templates/Droplets/Droplet with Settable Properties.app

- com.apple.ScriptEditor.id.droplet-with-settable-properties-template

/Library/Application Support/Script Editor/Templates/Droplets/Recursive File Processing Droplet.app

- com.apple.ScriptEditor.id.file-processing-droplet-template

/Library/Application Support/Script Editor/Templates/Droplets/Recursive Image File Processing Droplet.app

- com.apple.ScriptEditor.id.image-file-processing-droplet-template

/Library/Image Capture/Devices/Canon IJScanner2.app

- jp.co.canon.ijscanner2.scanner.ica

/Library/Image Capture/Devices/Canon IJScanner4.app

- jp.co.canon.ij.ica.scanner4

/Library/Image Capture/Devices/EPSON Scanner.app

- com.epson.scanner.ica

/Library/Image Capture/Devices/KODAK AiO Scan Driver.app

- com.kodak.KodakAiOScanDriver

/Library/Image Capture/Devices/Kodak AiO2 Scan Driver.app

- N/A

/Library/Printers/EPSON/Fax/AutoSetupTool/EPFaxAutoSetupTool.app

- com.epson.ijfax.app.EPFaxAutoSetupTool

/Library/Printers/EPSON/Fax/FaxIOSupport/epsonfax.app

- com.epson.ijfax.app.epsonfax

/Library/Printers/EPSON/Fax/Filter/commandFilter.app

- com.epson.ijfax.filter.commandFilter

/Library/Printers/EPSON/Fax/Filter/rastertoepfax.app

- com.epson.ijfax.filter.rastertoepfax

/Library/Printers/EPSON/Fax/Utility/FAX Utility.app

- com.epson.ijfax.utility.FAXUtility

/Library/Printers/EPSON/Fax/Utility/Fax Receive Monitor.app

- com.epson.ijfax.app.FaxReceiveMonitor

/Library/Printers/Kodak/AiO_Printers/AiOFirmwareUpdater.app

- N/A

/Library/Printers/Kodak/AiO_Printers/KODAK AiO Home Center.app

- N/A

/Library/Printers/Kodak/AiO_Printers/KODAK AiO Scan.app

- N/A

/Library/Printers/Kodak/AiO_Printers/KODAK AiO Software Updater.app

- N/A

/Library/Printers/Kodak/AiO_Printers/KODAK AiO Uninstall.app

- com.kodak.EasyShareAiOSeriesUninstaller

/Library/Printers/Kodak/AiO_Printers/Kodak ESP 3 Camera Connection.app

- com.kodak.AiOPictbridgeMgr

/Library/Printers/Kodak/AiO_Printers/KodakAiOBonjourAgent.app

- N/A

/Library/Printers/Kodak/AiO_Printers/Registration.app

- com.kodak.Registration

/Library/Printers/Kodak/AiO_Printers/Tron/AiO2Driver.app

- com.kodak.aioprinter.cupsfilter

/Library/Printers/Kodak/AiO_Printers/Tron/Commander.app

- com.aioprinter.commander

/Library/Printers/Kodak/AiO_Printers/Utilities/ICA Scan To.app

- com.kodak.AiOscanning

/Library/Printers/Kodak/AiO_Printers/Utilities/Twain Scan To.app

- com.Kodak.AiOscan

/Users/USER/Applications/Chrome Apps.localized/Default apdfllckaahabafndbhieahigkjlhalf.app

- com.google.Chrome.app.Default-apdfllckaahabafndbhieahigkjlhalf

/Users/USER/Applications/Chrome Apps.localized/Default blpcfgokakmgnkcojhhkbfbldkacnbeo.app

- com.google.Chrome.app.Default-blpcfgokakmgnkcojhhkbfbldkacnbeo

/Users/USER/Applications/Chrome Apps.localized/Default coobgpohoikkiipiblmjeljniedjpjpf.app

- com.google.Chrome.app.Default-coobgpohoikkiipiblmjeljniedjpjpf

/Users/USER/Applications/Chrome Apps.localized/Default pjkljhegncpnkpknbcohdijeoejaedia.app

- com.google.Chrome.app.Default-pjkljhegncpnkpknbcohdijeoejaedia

/Users/USER/Applications/flashmall.app

- com.flashmall.AppHelper

/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_aohghmighlieiainnegkcijnfilokake/Default aohghmighlieiainnegkcijnfilokake.app

- com.google.Chrome.app.Default-aohghmighlieiainnegkcijnfilokake-internal

/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_apdfllckaahabafndbhieahigkjlhalf/Default apdfllckaahabafndbhieahigkjlhalf.app

- com.google.Chrome.app.Default-apdfllckaahabafndbhieahigkjlhalf-internal

/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo/Default blpcfgokakmgnkcojhhkbfbldkacnbeo.app

- com.google.Chrome.app.Default-blpcfgokakmgnkcojhhkbfbldkacnbeo-internal

/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_coobgpohoikkiipiblmjeljniedjpjpf/Default coobgpohoikkiipiblmjeljniedjpjpf.app

- com.google.Chrome.app.Default-coobgpohoikkiipiblmjeljniedjpjpf-internal

/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_pjkljhegncpnkpknbcohdijeoejaedia/Default pjkljhegncpnkpknbcohdijeoejaedia.app

- com.google.Chrome.app.Default-pjkljhegncpnkpknbcohdijeoejaedia-internal

Frameworks

- N/A

PrefPane

/Library/PreferencePanes/Flash Player.prefPane

- com.adobe.flashplayerpreferences

Bundles

/Library/Internet Plug-Ins/Flash Player.plugin

- com.macromedia.Flash

/Library/Internet Plug-Ins/Silverlight.plugin

- com.microsoft.SilverlightPlugin

/Library/Printers/Kodak/AiO_Printers/AIO2IO.plugin

- com.kodak.printer.3x00aio.io-plugin

/Library/Printers/Kodak/AiO_Printers/AIOIO.plugin

- com.kodak.printer.3x00aio.io-plugin

/Library/Printers/Kodak/AiO_Printers/PrinterOptionsCombo.plugin

- com.kodak.printer.5x00aio.printeroptionscombo

/Library/Printers/Kodak/AiO_Printers/Tron/AiO2PrinterOptions.plugin

- com.kodak.aioprinter.printeroptions

dylibs

/Users/USER/Library/Application Support/Google/Chrome/WidevineCDM/1.4.8.823/_platform_specific/mac_x64/libwidev inecdm.dylib

Contents of /Library/LaunchAgents/com.kodak.BonjourAgent.plist

- mod date: Sep 21 07:39:00 2012

- checksum: 2625351456

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Kodak Version</key>

<string>7.1.6.10</string>

<key>Label</key>

<string>com.kodak.BonjourAgent</string>

<key>OnDemand</key>

<false/>

<key>ProgramArguments</key>

<array>

<string>/Library/Printers/Kodak/AiO_Printers/KodakAiOBonjourAgent.app/Contents/ MacOS/KodakAiOBonjourAgent</string>

</array>

<key>ServiceIPC</key>

<true/>

</dict>

</plist>

Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist

- mod date: Apr 19 10:53:44 2015

- checksum: 3012644940

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Disabled</key>

<true/>

<key>Label</key>

<string>org.apache.httpd</string>

<key>EnvironmentVariables</key>

<dict>

<key>XPC_SERVICES_UNAVAILABLE</key>

<string>1</string>

</dict>

<key>ProgramArguments</key>

<array>

<string>/usr/sbin/httpd-wrapper</string>

<string>-D</string>

<string>FOREGROUND</string>

</array>

<key>OnDemand</key>

<false/>

</dict>

</plist>

Contents of Library/LaunchAgents/com.google.keystone.agent.plist

- mod date: May 23 14:29:34 2015

- checksum: 3988617596

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.google.keystone.user.agent</string>

<key>LimitLoadToSessionType</key>

<string>Aqua</string>

<key>ProgramArguments</key>

<array>

<string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>

<string>-runMode</string>

<string>ifneeded</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>StartInterval</key>

<integer>3523</integer>

<key>StandardErrorPath</key>

<string>/dev/null</string>

<key>StandardOutPath</key>

<string>/dev/null</string>

</dict>

</plist>

Contents of Library/LaunchAgents/com.kodak.StatisticCollection.plist

- mod date: Mar 12 20:01:23 2015

- checksum: 3132310684

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.kodak.StatisticCollection</string>

<key>OnDemand</key>

<false/>

<key>ProgramArguments</key>

<array>

<string>/Library/Printers/Kodak/AiO_Printers/KodakStatisticsCollection</string>

<string>-s</string>

</array>

</dict>

</plist>

DNS: 194.168.4.100

User login items

iTunesHelper

- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

iCloud errors

Finder: 5

Spotlight: 1

cloudd: 11

Restricted files: 7

Elapsed time (sec): 178

These are slightly updated instructions for deleting the "Flashmall" trojan.

Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

Back up all data before continuing.

1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

2. Inside the folder you just opened, there may be files with a name beginning in any of the following ways:

com.crossrider

com.extensions

com.flashmall

com.Installer.completer

com.webhelper

com.webtools

flashmall

UpdateDownloader

WebSocketServerApp

Move any such files to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

3. Do as in Step 1 with this line:

~/Library/Application Support

A folder named "Application Support" will open. Inside it there may be a subfolder with either of these names:

webHelperApp

IM.Installer

If so, move that subfolder—not the "Application Support" folder—to the Trash.

4. Open this folder in the same way as above:

~/Library/ScriptingAdditions

and remove an item named

BrowserHelper.osax

if present.

5. Open this folder:

~/Library

Look for subfolders with either of these names:

flashmall

WebTools

and move them to the Trash, if present.

6. Open the Applications folder. If it contains an item named "Flashmall" or "WebTools", move that to the Trash.

Important: You can't delete applications by trying to drag them from the Dock or the LaunchPad. Open the Applications folder in the Finder.

7. Open this folder in the same way as above:

~/Applications

This is not the usual Applications folder, but a different one inside your home folder. Look for an application with a name like this:

flashmall

and move it to the Trash, if present.

Empty the Trash.

8. From the Safari menu bar, select

Safari ▹ Preferences... ▹ Extensions

Uninstall all extensions you don't know you need, including one called "GoldenBoy," if it's present. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

thank you very much... that's me flashmall free once more... I appreciate your help!

Thank you, thank you, thank you, IcefishingGuy! Oh, man, was that flash whatever it was all over my screen horrific! And I did everything you said, so clearly, and it's gone. Thank you!!!!!!