Does anyone know what Eliaho, Montageobox and Nariabox applications do?

You may have installed one or more variants of the "InstallMac" trojan. Take the steps below to disable it.

The criminal behind this attack tries to make the malware hard to remove by varying the names of the files it installs. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

Back up all data before continuing.

1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

2. Inside the folder you just opened, there may files with a name of the form

something.download.plist

something.ltvbit.plist

something.update.plist

where something is usually a meaningless string, such as any of the following:

InKeepr

InstallMac

Javeview

Leperdvil

Manroling

Otwexplain

These are examples, not a complete list. The string could be anything. The point is that the same string will appear in the name of three files.

You could have more than one copy of the malware, with different values of something.

Move all such items to the Trash. There may not be any other files in the LaunchAgents folder; in that case, you can delete the folder, but otherwise don't delete it. Other files in the folder are not necessarily malicious (though they could be, if you also installed some other kind of malware.)

Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

3. Open this folder in the same way as above:

~/Library/Application Support

and move to the Trash any subfolders named with the same something you found in Step 2.

Don't move the Application Support folder or anything else inside it.

4. Open the Applications folder. If there is an item with the same name as in Step 3, or any of the other names listed in Step 2, drag it to the Trash.

If in doubt, press the key combination option-command-4 to arrange the apps by date added. Look at the apps that have been added since you first noticed the problem. If there is one you don't recognize, drag it to the Trash.

Empty the Trash.

If you get an alert that the application is in use, force it to quit.

5. From the Safari menu bar, select

Safari ▹ Preferences... ▹ Extensions

Uninstall all extensions you don't know you need. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

6. Reset the home page in each of your browsers, if it was changed. In Safari, first load the home page you want, then select

Safari ▹ Preferences... ▹ General

and click

Set to Current Page

thanks a lot for this. I'm malware free for now 🙂

Thx - worked great for Montageobox.....

Sept 19th, 2015

Thank you very much, Linc. Very helpful; it worked! I was plagued by all the above names a month ago; was able to rid them thanks to Apple support named Richard. Sadly this virus returned a few days ago under the name "jakecares", appearing in my Applications folder. This virus is very insidious. Although I moved the files to trash and securely emptied trash I found more of the **** things hiding out in other folders within the Application folder. That they have returned is of concern. Do you have any idea where I (or others) could be picking this up from?

Blessings to You!

Do you have an ad blocker extension installed on your browser? Have you downloaded anything recently, and if so, where did you get it from? One thing I'd recommend you do is download and run Malwarebytes Anti-Malware for Mac. It is a wonderful program, one that comes highly recommended by people here, not to mention people at the Genius Bar. If there's any adware on your computer that you can't find and you don't know what it's called, it'll find it and get rid of it for you.

First, never use any kind of "anti-virus" or "anti-malware" software on a Mac. That's how you create problems, not how you solve them.

You get infected with malware by running unknown software just because somebody on a web page tells you it's wonderful. As long as you keep making that mistake, you'll be victimized again and again, and nothing will save you from the consequences. Do you think you're infected now?

No one ever got infected with malware by running Malwarebytes Anti-Malware for Mac. It doesn't create any problems, it solves them. It is completely safe and effective. I have used it and know exactly what files it installs, and what it does. Have you? Until you do, you should stop trying to discourage people from using it, which is what you do in one way or another whenever it is mentioned. And if you did install it and run it, you would see that your discouragement of its use is groundless.

Jakecares is yet another variant of the Genieo adware, as are Eliaho, Montageobox and Nariabox. You'll want to remove it, and all component of it, as well.

Then you need to start thinking very carefully about what you're downloading. If you've managed to get infected with four different variants of Genieo, you've been downloading carelessly. What have you been trying to download, and from where?

Hello everyone,

I am cleaning a computer hard drive up on a computer that I recently purchased. I would rather not do a factory reset for multiple reasons. I found an application called Eliaho that is appearing with an icon that is locked. I also found two folders: Montagebox and Nariabox. I have already tried CleanMyMac2,Malwarebytes Anti-Malware for Mac, and I have gone through and followed the steps on these two pages entirely:

Does anyone know what Eliaho, Montageobox and Nariabox applications do?

http://malwarefixes.com/how-to-remove-eliaho/

I was able to remove the Montagebox and the Nariabox folder. However, no matter what I do I cannot remove the Eliaho icon that is locked. It will not be deleted in the trash and it does not allow it to go into the trash. I am including the screen shots. When you click on the Eliaho link it shows the uninstall option as Locked, the other file is script that tells you how to uninstall it and is completely useless.

Do any of you have any ideas? This is very concerning for me. Thanks so much for your time. It should be noted that I am using OSX El Capitan 10.11.3. I posted here because of the on going thread. Thanks.

Ok everyone, the way I finally deleted it was by doing this:

1. First open up your terminal.

2. then put in this command: sudo rm -rfd

sudo rm -rfd /yourfolder/

NOTE: BE VERY CAREFUL WHEN DOING THIS IT WILL PERMANENTLY DELETE THE DIRECTORY! You can just type in: sudo rm -rfd

then you can just drag the Eliaho icon into the terminal.

Once you do hit enter. It will prompt you for your user password. IF YOU DO NOT HAVE A USER PASSWORD YOU NEED TO MAKE ONE TO UTILIZE THIS COMMAND FUNCTION.

Once you hit enter the application directory and all the files within it will disappear.

For any questions about the procedure view this: http://forums.macrumors.com/threads/terminal-command-to-delete-a-folder-filed-wi th-locked-files.320568/

Thanks for your time.