I can't get rid of Cinema Plus malware.

You may have installed the "CinemaPlus" ad-injection malware. I suggest the procedure below to disable it. This procedure may leave a few small files behind, but it will permanently deactivate the malware (as long as you never reinstall it.)

Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.

Back up all data before proceeding.

Step 1

From the Safari menu bar, select

Safari ▹ Preferences... ▹ Extensions

Uninstall any extensions you don't know you need, including one called "Cinema-Plus." If in doubt, uninstall all extensions. Do the equivalent in the Chrome browser, if you use it.

Step 2

Triple-click anywhere in the line below on this page to select it:

~/Library/Application Support/Mozilla/Extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/144ee21a-8997-41ab-96a6-b13f40648ffd@1ab45825-655a-4789-a375-a283ea7ca5c5.com

Right-click or control-click the line and select

Services ▹ Reveal in Finder (or just Reveal)

from the contextual menu.

If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

A folder may open with an item selected. It will have a long name ending in ".com". Move it to the Trash.

Reveal this folder in the same way:

~/Library/LaunchAgents

There may be files in the folder with a name beginning in either of the following ways:

cinemas-+-plus

cinema-plus

Move them to the Trash too.

Log out or restart the computer and empty the Trash.

This malware is sometimes distributed with another kind of ad-injection malware called "SearchProtect" or "Trovi." If applicable, follow the instructions on this Apple Support page to remove it.

Hello Hackee,

By far the best way to remove malware is with AdwareMedic: http://www.adwaremedic.com/index.php

AdwareMedic is free, safe, easy-to-use, and written by our very own thomas_r., a long-time member of Apple Support Communities.

You are never more vulnerable to exploitation than when you ask for help with a malware infection from strangers on the Internet. Any advice to run an unknown application must be regarded with caution. Never take anyone's word for it that the application is safe. Whether it's safe or not is something to be determined by your own research.

You are never more vulnerable to exploitation than when you ask for help with a malware infection from strangers on the Internet.

How true, and this advice also applies to the person who is giving it, he is no more trustworthy than anyone else, proceed with caution, if you don't understand his advice it is potentially harmful.

Linc Davis wrote:

You are never more vulnerable to exploitation than when you ask for help with a malware infection from strangers on the Internet. Any advice to run an unknown application must be regarded with caution. Never take anyone's word for it that the application is safe. Whether it's safe or not is something to be determined by your own research.

Where is all of that research supposed to come from Linc? Are you saying that people shouldn't trust the advice of the consensus of the medical community? They should instead do their own internet research about medical issues and do all procedures themselves?

Apple Support Communities is a hospital for sick Apple products. Why shouldn't the same rules apply here?