How do I remove "MegaBackup" malware?

CleanMyMac - Uninstall

CleanMyMac2 Un-install

CleanMyMac 3 Uninstall

After un-installing, use this program to make sure you got all the pieces.

EasyFind – Spotlight Replacement

MacKeeper – Do Not Install

MacKeeper – Do Not Install (2) See SDW2001’s post

Remove the scam MacKeeper product. Instructions are in Eric's post, right above yours.

You installed the "Flashmall" trojan. Take the steps below to disable it.

Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

Back up all data before continuing.

1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

2. Inside the folder you just opened, there may be files with a name beginning in any of the following ways:

com.crossrider

com.extensions

com.flashmall

com.Installer.completer

com.webhelper

com.webtools

flashmall

UpdateDownloader

WebSocketServerApp

Move any such files to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

3. Do as in Step 1 with this line:

~/Library/Application Support

A folder named "Application Support" will open. Inside it there may be subfolders with any of these names:

IM.Installer

webHelperApp

WebTools

If so, move those subfolders—not the "Application Support" folder—to the Trash.

4. Open this folder in the same way as above:

~/Library/ScriptingAdditions

and remove an item named

BrowserHelper.osax

if present.

5. Open this folder:

~/Library

Look for subfolders with either of these names:

flashmall

WebTools

and move them to the Trash, if present. Don't remove the subfolder named "WebKit".

6. Open the Applications folder. Move to the Trash items with any of these names:

Flashmall

mediaDownloader

WebTools

Important: You can't delete applications by trying to drag them from the Dock or the LaunchPad. Open the Applications folder in the Finder.

7. Open this folder in the same way as above:

~/Applications

This is not the usual Applications folder, but a different one inside your home folder. Look for an application with a name like this:

flashmall

and move it to the Trash, if present. Also remove anything else in that folder that you don't recognize.

Empty the Trash.

8. From the Safari menu bar, select

Safari ▹ Preferences... ▹ Extensions

Uninstall all extensions you don't know you need, including one called "GoldenBoy," if it's present. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

These jerks ought to go to jail!! I got rid of their crap by downloading and running "Malwarebytes ANTI-MALWARE for Mac". I think (unless there is some hidden catch) this is a far simpler solution than previous posts, especially for novices like me...

Indeed, it is. Why anyone would want to go through the laborious process of removing this manually, I don't know.

thank you.

this was the only thing that worked

Brilliant! Thank you for your help...sanity restored!

Hi, try with this,

Install AdwareMedic http://www.adwaremedic.com/index.php

restart the computer in safe mode

and execute adware medic software, and follow the instructions

PS: AdwareMedic changed the name, now is Malwarebytes

This comment is for others looking for help with an adware problem and finding this thread. Please start your own discussion. A thread with more than one problem quickly becomes unmanageable. Thanks.