Totiteck software

Hi Linc,

"Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less."

Can you explain "there is never a need for it" ? Macs have viruses and malware, too.

Can you explain how AV/AM makes a Mac more vulnerable? I agree that installing AV software and then never paying attention again is a bad thing, but how is having it a bad idea?

However Macs are susceptible to viruses/malware, too. Your troubleshooting steps are basically what most programs will do for people, without that person having to do anything remotely technical. See how many people below have simple problems with the simplest instruction. What's wrong with an AV program that just does that all for you? That is a much more complex procedure, prone to much more technical failure, than just using a program. Happy to be educated here but can't really understand the advice of "don't use AV"

Please do not listen to this advice.

You need antivirus and anti malware/spam for all types of all computers.

Antivirus and anti-malware do not put you more at risk unless you have several all running at once.

We are on a thread about malware on a Mac, so saying that it anti-malware isn't needed is not correct.

I am happy to be educated but unless anyone can provide technical reasons not to get anti-malware, this advice should not be repeated.

It's malware ... You need to contact your school administrator to remove the malware.

Force quit Safari using the Command + Option + Esc keyboard shortcut.

Then download and run Malwarebyyes Anti-Malware for Mac formerly known as AdwareMedic. It's free.

Make sure Mac App Store and identified developers is selected in System Preferences > Security & Privacy > General

If you would rather not download Malwarebytes Anti-Malware, you can remove the malware manually following the instructions here > Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support

Others finding this thread, please see below.

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

You installed one or more variants of the "InstallMac" trojan. Take the steps below to disable it.

The criminal behind this attack tries to make the malware hard to remove by varying the names of the files it installs. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

Back up all data before continuing.

1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

2. Inside the folder you just opened, there may files with a name of the form

something.download.plist

something.ltvbit.plist

something.update.plist

where something is usually a meaningless string, such as any of the following:

InKeepr

InstallMac

Javeview

Leperdvil

Listchack

Oliverto

Texiday

These are examples, not a complete list. The string could be anything. The point is that the same string will appear in the name of three files.

You could have more than one copy of the malware, with different values of something. In this case, one of the values was "Totiteck".

Move all such items to the Trash. There may not be any other files in the LaunchAgents folder; in that case, you can delete the folder, but otherwise don't delete it. Other files in the folder are not necessarily malicious (though they could be, if you also installed some other kind of malware.)

Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

3. Open this folder in the same way as above:

~/Library/Application Support

and move to the Trash any subfolders named with the same something you found in Step 2.

Don't move the Application Support folder or anything else inside it.

4. Open the Applications folder. If there is an item with the same name as in Step 3, or any of the other names listed in Step 2, drag it to the Trash.

If in doubt, press the key combination option-command-4 to arrange the apps by date added. Look at the apps that have been added since you first noticed the problem. If there is one you don't recognize, drag it to the Trash.

Empty the Trash.

If you get an alert that the application is in use, force it to quit.

5. From the Safari menu bar, select

Safari ▹ Preferences... ▹ Extensions

Uninstall all extensions you don't know you need. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

6. Reset the home page in each of your browsers, if it was changed. In Safari, first load the home page you want, then select

Safari ▹ Preferences... ▹ General

and click

Set to Current Page

Thanks Linc,

I really appreciate your informed help.

Hi Linc

I have this issue and your input is much appreciated - however - I'm not getting the

In the Finder, select

Go ▹ Go to Folder...

i have triple clicked and CMD C and pasted in thesearch bar to no avail - what am i doing wrong ?

thanks in advance

Someone at work just did this... for IT folks and those not afraid of Terminal

This worked for this variant:

rm -rf ~/Library/LaunchAgents/Totiteck*

rm -rf ~/Library/Safari/Extensions/Totiteck*

rm -rf ~/Library/Application\ Support/Totiteck

Thanks Linc, for your great advice and clear instructions - it worked!

Thank you so much for taking the time to share this fix. It worked for me 30 days later.

I was able to use the Spotlight tool to search for "Totiteck"

There was an "Uninstall_Readme.txt" file which said to use the Unistall Totiteck application. I simply double clicked the application and it went through the process of uninstalling everything. I then went into the Applications folder, scrolled down to "Totiteck" and removed the entire folder.

Everything seemed to work and back to normal.

Thanks, same problem here, also had one called feelbegin, found and removed it the same way

thank you very much for the help

Hi Chris, Did you work with Elaine and Robyn? Thanks for this, I just did it but need to do some testing before I give you the usual accolades.

Cheers,

Robyn

Much thanks to LInc Davis for this solution! For benefit of other newbies, instead of triple clicking, I painted and did a Copy. I did find bad stuff in all three locations (launch, support, and extensions), so check 'em all.

F. Horne

Linc, thank you so much!

I just used your instructions to successfully remove 4 separate problems. I discovered Totiteck as well as Keka and Feelbegin and Javeview.

I followed all of these steps exactly and unfortunately search.totiteck is still overriding me when I launch chrome. I got rid of everything in steps 1, 2, and 3, which I was very thankful for, but for some reason the error persists. I restarted every time. I tried to force remove through the terminal based on the one users comment. I went as far as deleting chrome and reinstalling out of desperation. Can anyone offer any insight?