Best way to remove Mackeeper from my macbook pro os x lion 10.7.5

Malware developers targeting MacKeeper settlement Web page

How to manually remove MacKeeper from your Mac

How to uninstall MacKeeper from your Mac | Macworld

Remove Browser Pop-up Problems

Malwarebytes Anti-Malware 1.0.1.7

Adblock Plus 1.8.9, GlimmerBlocker, or AdBlock

Remove adware that displays pop-up ads and graphics on your Mac

How to remove the FlashMall adware from OS X

Helpful Links Regarding Malware Problems

If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide, remove adware that displays pop-up ads and graphics on your Mac, and MalwareBytes for Mac. If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.) You might consider adding this Safari extensions: Adblock Plus 1.8.9.

Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.

The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.

Fix Some Browser Pop-ups That Take Over Safari.

Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.

Quit Safari

Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.

Relaunch Safari

If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.

This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.

A

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

You installed one or more variants of the "InstallMac" trojan. Take the steps below to disable it.

The criminal behind this attack tries to make the malware hard to remove by varying the names of the files it installs. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

Back up all data before continuing.

1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

2. Inside the folder you just opened, there may files with a name of the form

something.download.plist

something.ltvbit.plist

something.update.plist

where something is usually a meaningless string, such as any of the following:

InKeepr

InstallMac

Javeview

Leperdvil

Manroling

Otwexplain

These are examples, not a complete list. The string could be anything. The point is that the same string will appear in the name of three files.

You could have more than one copy of the malware, with different values of something.

Move all such items to the Trash. There may not be any other files in the LaunchAgents folder; in that case, you can delete the folder, but otherwise don't delete it. Other files in the folder are not necessarily malicious (though they could be, if you also installed some other kind of malware.)

Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

3. Open this folder in the same way as above:

~/Library/Application Support

and move to the Trash any subfolders named with the same something you found in Step 2.

Don't move the Application Support folder or anything else inside it.

4. Open the Applications folder. If there is an item with the same name as in Step 3, or any of the other names listed in Step 2, drag it to the Trash.

If in doubt, press the key combination option-command-4 to arrange the apps by date added. Look at the apps that have been added since you first noticed the problem. If there is one you don't recognize, drag it to the Trash.

Empty the Trash.

If you get an alert that the application is in use, force it to quit.

5. From the Safari menu bar, select

Safari ▹ Preferences... ▹ Extensions

Uninstall all extensions you don't know you need. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

6. Reset the home page in each of your browsers, if it was changed. In Safari, first load the home page you want, then select

Safari ▹ Preferences... ▹ General

and click

Set to Current Page

B

You may also have installed one or more variants of the "VSearch" ad-injection malware. Follow Apple Support's instructions to remove it.

If you have trouble following those instructions, see below.

Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

The VSearch malware tries to hide itself by varying the names of the files it installs. To remove it, you must first identify the naming pattern.

Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

/Library/LaunchDaemons

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

A folder named "LaunchDaemons" may open. Look inside it for two files with names of the form

com.something.daemon.plist

and

com.something.helper.plist

Here something is a variable string of characters, which can be different in each VSearch infection. So far it has always been an alphanumeric string without punctuation, such as "cloud," "dot," "highway," "submarine," or "trusteddownloads." Sometimes it's a meaningless string such as "e8dec5ae7fc75c28" rather than a word. Sometimes the string is "apple," and then you must be especially careful not to delete the wrong files, because many built-in OS X files have similar names.

You could have more than one copy of the malware, with different values of something.

If you find these files, leave the LaunchDaemons folder open, and open the following folder in the same way:

/Library/LaunchAgents

In this folder, there may be a file named

com.something.agent.plist

where the string something is the same as before.

If you feel confident that you've identified the above files, back up all data, then drag just those three files—nothing else—to the Trash. You may be prompted for your administrator login password. Close the Finder windows and restart the computer.

Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.

The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.

Open this folder:

/Library/Application Support

If it has a subfolder named just

something

where something is the same string you saw before, drag that subfolder to the Trash and close the window.

Don't delete the "Application Support" folder or anything else inside it.

Finally, in this folder:

/System/Library/Frameworks

there may be an item named exactly

v.framework

or else an item named

something.framework

Again, something is the same string as before.

This item is actually a folder, though it has a different icon than usual. Drag it to the Trash and close the window.

Don't delete the "Frameworks" folder or anything else inside it.

If you didn't find the files or you're not sure about the identification, post what you found.

If in doubt, or if you have no backups, change nothing at all.

The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it. I don't recommend that you install the genuine "MPlayerX," because it's hosted on the rogue "SourceForge" website and is bundled with other malware.

This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.

In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.

Then, still in System Preferences, open the App Store or Software Update pane and check the box marked

Install system data files and security updates (OS X 10.10 or later)

or

Download updates automatically (OS X 10.9 or earlier)

if it's not already checked.

C

"MacKeeper" is a scam with only one useful feature: it deletes itself.

First, back up all data.

Note: These instructions apply to the version of the product that I downloaded and tested in early 2012. I can't be sure that they apply to other versions.

If you have incompletely removed MacKeeper—for example, by dragging the application to the Trash and immediately emptying—then you'll have to reinstall it and start over.

IMPORTANT: "MacKeeper" has what the developer calls an “encryption” feature. In my tests, I didn't try to verify what this feature really does. If you used it to “encrypt” any of your files, “decrypt” them before you uninstall, or (preferably) restore the files from backups made before they were “encrypted.” As the developer is not trustworthy, you should assume that the "decrypted" files are corrupt unless proven otherwise.

In the Finder, select

Go ▹ Applications

from the menu bar, or press the key combination shift-command-A. The "MacKeeper" application is in the folder that opens. Quit it if it's running, then drag it to the Trash. You'll be prompted for your login password. Click the Uninstall MacKeeper button in the dialog that appears. All the other functional components of the software will be deleted. Restart the computer and empty the Trash.

☞ Quit MacKeeper before dragging it to the Trash.

☞ Let MacKeeper delete its other components before you empty the Trash.

☞ Don't try to drag MacKeeper from the Dock or the Launchpad to the Trash.

☞ Don't try to remove MacKeeper while running in safe mode.

For uninstalling software read the following. In particular I'm a fond user of EasyFind to search for and remove files not usually accessible by Spotlight nor easily found by the user.

Uninstalling Software: The Basics

Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash. Applications may create preference files that are stored in the /Home/Library/Preferences/ folder. Although they do nothing once you delete the associated application, they do take up some disk space. If you want you can look for them in the above location and delete them, too.

Some applications may install an uninstaller program that can be used to remove the application. In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.

Some applications may install components in the /Home/Library/Applications Support/ folder. You can also check there to see if the application has created a folder. You can also delete the folder that's in the Applications Support folder. Again, they don't do anything but take up disk space once the application is trashed.

Some applications may install a startupitem or a Log In item. Startupitems are usually installed in the /Library/StartupItems/ folder and less often in the /Home/Library/StartupItems/ folder. Log In Items are set in the Accounts preferences. Open System Preferences, click on the Accounts icon, then click on the LogIn Items tab. Locate the item in the list for the application you want to remove and click on the "-" button to delete it from the list.

Some software use startup daemons or agents that are a new feature of the OS. Look for them in /Library/LaunchAgents/ and /Library/LaunchDaemons/ or in /Home/Library/LaunchAgents/.

If an application installs any other files the best way to track them down is to do a Finder search using the application name or the developer name as the search term. Unfortunately Spotlight will not look in certain folders by default. You can modify Spotlight's behavior or use a third-party search utility, EasyFind, instead.

Some applications install a receipt in the /Library/Receipts/ folder. Usually with the same name as the program or the developer. The item generally has a ".pkg" extension. Be sure you also delete this item as some programs use it to determine if it's already installed.

There are many utilities that can uninstall applications. Here is a selection:

1. AppZapper

2. AppDelete

3. Automaton

4. Hazel

5. AppCleaner

6. CleanApp

7. iTrash

8. Amnesia

9. Uninstaller

10. Spring Cleaning

For more information visit The XLab FAQs and read the FAQ on removing software.

can I identify and delete difficult to find items in the library or under my applications by the "date added" or "date modified" ?

That may help to group related items together, but if you're in doubt about what to delete, ask.

I just came across some of the following that looks suspicous

Not malware.

MegaBackup

Scam. Delete.