How do I delete flashmall application?
I have flashmall application that was accidentally installed. i can't drag it into trash? I can't find it in application folder in finder? Any help would be appreciated.
MacBook Pro, Mac OS X (10.7.3)
I have flashmall application that was accidentally installed. i can't drag it into trash? I can't find it in application folder in finder? Any help would be appreciated.
MacBook Pro, Mac OS X (10.7.3)
Click here and follow the instructions. If you're willing to use a tool to remove it(you don't need to, but may find it easier), you can instead run Adware Medic; this link is a direct download.
(126346)
Click here and follow the instructions. If you're willing to use a tool to remove it(you don't need to, but may find it easier), you can instead run Adware Medic; this link is a direct download.
(126346)
There is no need to download anything to solve this problem. You installed the "Flashmall" trojan. Take the steps below to disable it.
Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
Back up all data before continuing.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may be files with a name beginning in any of the following ways:
com.crossrider
com.extensions
com.flashmall
com.webhelper
com.webtools
flashmall
UpdateDownloader
WebSocketServerApp
Some of these files may be absent. Move any that you have to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.
3. Do as in Step 1 with this line:
~/Library/Application Support
A folder named "Application Support" will open. Inside it there may be a subfolder with this name:
webHelperApp
If so, move that subfolder—not the "Application Support" folder—to the Trash.
4. Open this folder in the same way as above:
~/Library/ScriptingAdditions
and remove an item named
BrowserHelper.osax
if present.
5. Open this folder:
~/Library
Look for subfolders with either of these names:
flashmall
WebTools
and move them to the Trash, if present.
6. Open the Applications folder. If it contains an item named "Flashmall" or "WebTools", move that to the Trash.
Empty the Trash.
7. From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall all extensions you don't know you need. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
Thank you for your amazing knowledge. Your directions helped. I had a whole lot of unnecessary files that made the vent on my MacBook Air Late 2010 keep running. I suppose there were many ad apps of all sorts running at the same time whenever Safari was open. Now the machine is cool and silent. I used a few more of your posts in addition to this one. Thank you for your knowledge, you clarity, and your generosity in sharing it.
Thanks Niel! I did the AdwareMedic and it seemed to clear things up significantly. I believe I will follow advice of next post too. Great help and I appreciate your quick response! Happy Wife is a happy life. Cheers!!!
I did run the Adware download but I also followed you very specific instructions. Thanks for helping and I think this was just an added measure against the malware and Adware crap! Awesome job Linc! Thanks again!
Hi Linc, I know you are probably bored having the same conversation over and over however I was hoping you could help me. I have followed your instructions to remove this flashmall app, and on the whole all of the folders I've gone into via finder have now been cleaned of the files/folders you'd suggested removing. The problem is that when I open LaunchPad the Flashmall app is still there and it doesn't let me drag it to trash.
I have ran the diagnostic script as you suggest on a different post, and hope that after seeing it you can help me further by letting me know if there is anything I can / should do to remove anything that shouldn't be there? Thanks in advance for your time and help.. Best regards Andrew
Start time: 19:24:30 05/23/15
Revision: 1166
Model Identifier: iMac15,1
System Version: OS X 10.10.3 (14D136)
Kernel Version: Darwin 14.3.0
Time since boot: 11 minutes
Bluetooth
Apple Magic Mouse
Apple Wireless Keyboard
Log
May 23 19:14:01 ARPT: 5.742170: Failed to set AWDL Sync Enabled state (0), error code -25
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.S peechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc/Contents/MacOS/DataDetectorsDynamicData error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc/Contents/MacOS/DataDetectorsDynamicData error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeSta mpingService.xpc/Contents/MacOS/XPCTimeStampingService error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Diction aryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.x pc/Contents/MacOS/com.apple.DictionaryServiceHelper error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychai nSandboxCheck.xpc/Contents/MacOS/XPCKeychainSandboxCheck error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuth orizeAgent.xpc/Contents/MacOS/IOServiceAuthorizeAgent error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.S peechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeSta mpingService.xpc, error = 1: Operation not permitted
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Failed to bootstrap path: path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc, error = 1: Operation not permitted
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Failed to bootstrap path: path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc, error = 1: Operation not permitted
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Failed to bootstrap path: path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc, error = 1: Operation not permitted
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Failed to bootstrap path: path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Diction aryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.x pc, error = 1: Operation not permitted
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Failed to bootstrap path: path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuth orizeAgent.xpc, error = 1: Operation not permitted
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychai nSandboxCheck.xpc, error = 1: Operation not permitted
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.S peechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc/Contents/MacOS/DataDetectorsDynamicData error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
May 23 19:14:02 com.apple.xpc.launchd.domain.pid.SecurityAgent.216: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/ com.apple.geod.xpc/Contents/MacOS/com.apple.geod error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc
May 23 19:14:27 pci pause: SDXC
May 23 19:15:16 com.apple.xpc.launchd.domain.pid.om.apple.photostream-agent.323: Path not allowed in target domain: type = pid, path = /Applications/iPhoto.app/Contents/Frameworks/PhotoFoundation.framework/Versions /A/XPCServices/com.apple.PhotoApps.DevicePropertyReader.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app
May 23 19:15:16 com.apple.xpc.launchd.domain.pid.om.apple.photostream-agent.323: Path not allowed in target domain: type = pid, path = /Applications/iPhoto.app/Contents/Frameworks/PhotoFoundation.framework/Versions /A/XPCServices/com.apple.PhotoApps.DevicePropertyReader.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app
Daemons
com.adobe.fpsaud
Agents
com.apple.AirPortBaseStationAgent
com.apple.photostream-agent
com.google.keystone.user.agent
com.kodak.BonjourAgent
com.kodak.KODAK
com.kodak.KODAK
com.kodak.KODAK
com.kodak.StatisticCollection
Applications
/Applications/Google Chrome.app
- com.google.Chrome
/Applications/Minecraft.app
- N/A
/Applications/Steam.app
- com.valvesoftware.steam
/Applications/Utilities/Adobe Flash Player Install Manager.app
- com.adobe.flashplayer.installmanager
/Library/Application Support/Microsoft/Silverlight/OutOfBrowser/SLLauncher.app
- com.microsoft.silverlight.sllauncher
/Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app
- com.apple.ScriptEditor.id.cocoa-applet-template
/Library/Application Support/Script Editor/Templates/Droplets/Droplet with Settable Properties.app
- com.apple.ScriptEditor.id.droplet-with-settable-properties-template
/Library/Application Support/Script Editor/Templates/Droplets/Recursive File Processing Droplet.app
- com.apple.ScriptEditor.id.file-processing-droplet-template
/Library/Application Support/Script Editor/Templates/Droplets/Recursive Image File Processing Droplet.app
- com.apple.ScriptEditor.id.image-file-processing-droplet-template
/Library/Image Capture/Devices/Canon IJScanner2.app
- jp.co.canon.ijscanner2.scanner.ica
/Library/Image Capture/Devices/Canon IJScanner4.app
- jp.co.canon.ij.ica.scanner4
/Library/Image Capture/Devices/EPSON Scanner.app
- com.epson.scanner.ica
/Library/Image Capture/Devices/KODAK AiO Scan Driver.app
- com.kodak.KodakAiOScanDriver
/Library/Image Capture/Devices/Kodak AiO2 Scan Driver.app
- N/A
/Library/Printers/EPSON/Fax/AutoSetupTool/EPFaxAutoSetupTool.app
- com.epson.ijfax.app.EPFaxAutoSetupTool
/Library/Printers/EPSON/Fax/FaxIOSupport/epsonfax.app
- com.epson.ijfax.app.epsonfax
/Library/Printers/EPSON/Fax/Filter/commandFilter.app
- com.epson.ijfax.filter.commandFilter
/Library/Printers/EPSON/Fax/Filter/rastertoepfax.app
- com.epson.ijfax.filter.rastertoepfax
/Library/Printers/EPSON/Fax/Utility/FAX Utility.app
- com.epson.ijfax.utility.FAXUtility
/Library/Printers/EPSON/Fax/Utility/Fax Receive Monitor.app
- com.epson.ijfax.app.FaxReceiveMonitor
/Library/Printers/Kodak/AiO_Printers/AiOFirmwareUpdater.app
- N/A
/Library/Printers/Kodak/AiO_Printers/KODAK AiO Home Center.app
- N/A
/Library/Printers/Kodak/AiO_Printers/KODAK AiO Scan.app
- N/A
/Library/Printers/Kodak/AiO_Printers/KODAK AiO Software Updater.app
- N/A
/Library/Printers/Kodak/AiO_Printers/KODAK AiO Uninstall.app
- com.kodak.EasyShareAiOSeriesUninstaller
/Library/Printers/Kodak/AiO_Printers/Kodak ESP 3 Camera Connection.app
- com.kodak.AiOPictbridgeMgr
/Library/Printers/Kodak/AiO_Printers/KodakAiOBonjourAgent.app
- N/A
/Library/Printers/Kodak/AiO_Printers/Registration.app
- com.kodak.Registration
/Library/Printers/Kodak/AiO_Printers/Tron/AiO2Driver.app
- com.kodak.aioprinter.cupsfilter
/Library/Printers/Kodak/AiO_Printers/Tron/Commander.app
- com.aioprinter.commander
/Library/Printers/Kodak/AiO_Printers/Utilities/ICA Scan To.app
- com.kodak.AiOscanning
/Library/Printers/Kodak/AiO_Printers/Utilities/Twain Scan To.app
- com.Kodak.AiOscan
/Users/USER/Applications/Chrome Apps.localized/Default apdfllckaahabafndbhieahigkjlhalf.app
- com.google.Chrome.app.Default-apdfllckaahabafndbhieahigkjlhalf
/Users/USER/Applications/Chrome Apps.localized/Default blpcfgokakmgnkcojhhkbfbldkacnbeo.app
- com.google.Chrome.app.Default-blpcfgokakmgnkcojhhkbfbldkacnbeo
/Users/USER/Applications/Chrome Apps.localized/Default coobgpohoikkiipiblmjeljniedjpjpf.app
- com.google.Chrome.app.Default-coobgpohoikkiipiblmjeljniedjpjpf
/Users/USER/Applications/Chrome Apps.localized/Default pjkljhegncpnkpknbcohdijeoejaedia.app
- com.google.Chrome.app.Default-pjkljhegncpnkpknbcohdijeoejaedia
/Users/USER/Applications/flashmall.app
- com.flashmall.AppHelper
/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_aohghmighlieiainnegkcijnfilokake/Default aohghmighlieiainnegkcijnfilokake.app
- com.google.Chrome.app.Default-aohghmighlieiainnegkcijnfilokake-internal
/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_apdfllckaahabafndbhieahigkjlhalf/Default apdfllckaahabafndbhieahigkjlhalf.app
- com.google.Chrome.app.Default-apdfllckaahabafndbhieahigkjlhalf-internal
/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo/Default blpcfgokakmgnkcojhhkbfbldkacnbeo.app
- com.google.Chrome.app.Default-blpcfgokakmgnkcojhhkbfbldkacnbeo-internal
/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_coobgpohoikkiipiblmjeljniedjpjpf/Default coobgpohoikkiipiblmjeljniedjpjpf.app
- com.google.Chrome.app.Default-coobgpohoikkiipiblmjeljniedjpjpf-internal
/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_pjkljhegncpnkpknbcohdijeoejaedia/Default pjkljhegncpnkpknbcohdijeoejaedia.app
- com.google.Chrome.app.Default-pjkljhegncpnkpknbcohdijeoejaedia-internal
Frameworks
- N/A
PrefPane
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
Bundles
/Library/Internet Plug-Ins/Flash Player.plugin
- com.macromedia.Flash
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Printers/Kodak/AiO_Printers/AIO2IO.plugin
- com.kodak.printer.3x00aio.io-plugin
/Library/Printers/Kodak/AiO_Printers/AIOIO.plugin
- com.kodak.printer.3x00aio.io-plugin
/Library/Printers/Kodak/AiO_Printers/PrinterOptionsCombo.plugin
- com.kodak.printer.5x00aio.printeroptionscombo
/Library/Printers/Kodak/AiO_Printers/Tron/AiO2PrinterOptions.plugin
- com.kodak.aioprinter.printeroptions
dylibs
/Users/USER/Library/Application Support/Google/Chrome/WidevineCDM/1.4.8.823/_platform_specific/mac_x64/libwidev inecdm.dylib
Contents of /Library/LaunchAgents/com.kodak.BonjourAgent.plist
- mod date: Sep 21 07:39:00 2012
- checksum: 2625351456
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Kodak Version</key>
<string>7.1.6.10</string>
<key>Label</key>
<string>com.kodak.BonjourAgent</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Printers/Kodak/AiO_Printers/KodakAiOBonjourAgent.app/Contents/ MacOS/KodakAiOBonjourAgent</string>
</array>
<key>ServiceIPC</key>
<true/>
</dict>
</plist>
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist
- mod date: Apr 19 10:53:44 2015
- checksum: 3012644940
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.google.keystone.agent.plist
- mod date: May 23 14:29:34 2015
- checksum: 3988617596
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.google.keystone.user.agent</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>
<string>-runMode</string>
<string>ifneeded</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>3523</integer>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Contents of Library/LaunchAgents/com.kodak.StatisticCollection.plist
- mod date: Mar 12 20:01:23 2015
- checksum: 3132310684
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.kodak.StatisticCollection</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Printers/Kodak/AiO_Printers/KodakStatisticsCollection</string>
<string>-s</string>
</array>
</dict>
</plist>
DNS: 194.168.4.100
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
iCloud errors
Finder: 5
Spotlight: 1
cloudd: 11
Restricted files: 7
Elapsed time (sec): 178
These are slightly updated instructions for deleting the "Flashmall" trojan.
Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
Back up all data before continuing.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may be files with a name beginning in any of the following ways:
com.crossrider
com.extensions
com.flashmall
com.Installer.completer
com.webhelper
com.webtools
flashmall
UpdateDownloader
WebSocketServerApp
Move any such files to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.
3. Do as in Step 1 with this line:
~/Library/Application Support
A folder named "Application Support" will open. Inside it there may be a subfolder with either of these names:
webHelperApp
IM.Installer
If so, move that subfolder—not the "Application Support" folder—to the Trash.
4. Open this folder in the same way as above:
~/Library/ScriptingAdditions
and remove an item named
BrowserHelper.osax
if present.
5. Open this folder:
~/Library
Look for subfolders with either of these names:
flashmall
WebTools
and move them to the Trash, if present.
6. Open the Applications folder. If it contains an item named "Flashmall" or "WebTools", move that to the Trash.
Important: You can't delete applications by trying to drag them from the Dock or the LaunchPad. Open the Applications folder in the Finder.
7. Open this folder in the same way as above:
~/Applications
This is not the usual Applications folder, but a different one inside your home folder. Look for an application with a name like this:
flashmall
and move it to the Trash, if present.
Empty the Trash.
8. From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall all extensions you don't know you need, including one called "GoldenBoy," if it's present. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
thank you very much... that's me flashmall free once more... I appreciate your help!
Thank you, thank you, thank you, IcefishingGuy! Oh, man, was that flash whatever it was all over my screen horrific! And I did everything you said, so clearly, and it's gone. Thank you!!!!!!
How do I delete flashmall application?