Q: what is kuklorest? Something seems to be taking over my browser and setting it to bing

It is adware.

How to remove adware from MacBookair

To remove:

First try

Stop pop-up ads and adware in Safari

Remove unwanted adware that displays pop-up ads and graphics on your Mac

Next:                                               

Malwarebytes for Mac (was Adwaremedic)

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

You installed one or more variants of the "InstallMac" trojan. Take the steps below to disable it.

The criminal behind this attack tries to make the malware hard to remove by varying the names of the files it installs. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

Back up all data before continuing.

1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

          Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

2. Inside the folder you just opened, there may files with a name of the form

          something.download.plist

          something.ltvbit.plist

          something.update.plist

where something is usually a meaningless string, such as any of the following:

          InKeepr

          InstallMac

          Javeview

          Kuklorest

          Manroling

          Otwexplain

These are examples, not a complete list. The string could be anything. The point is that the same string will appear in the name of three files.

You could have more than one copy of the malware, with different values of something.

Move all such items to the Trash. There may not be any other files in the LaunchAgents folder; in that case, you can delete the folder, but otherwise don't delete it. Other files in the folder are not necessarily malicious (though they could be, if you also installed some other kind of malware.)

Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

3. Open this folder in the same way as above:

~/Library/Application Support

and move to the Trash any subfolders named with the same something you found in Step 2.

Don't move the Application Support folder or anything else inside it.

4. Open the Applications folder. If there is an item with the same name as in Step 3, or any of the other names listed in Step 2, drag it to the Trash.

If in doubt, press the key combination option-command-4 to arrange the apps by date added. Look at the apps that have been added since you first noticed the problem. If there is one you don't recognize, drag it to the Trash.

Empty the Trash.

If you get an alert that the application is in use, force it to quit.

5. From the Safari menu bar, select

          Safari ▹ Preferences... ▹ Extensions

Uninstall all extensions you don't know you need. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

6. Reset the home page in each of your browsers, if it was changed. In Safari, first load the home page you want, then select

          Safari ▹ Preferences... ▹ General

and click

          Set to Current Page

Hello Linc Davis,

Thanks!!! I just cleaned kuklorest from my system. I really appreciate your taking the time to explain, step by step, how to do it. It worked!!!!

Thank you! Thank you! Thank you! Your instructions worked great!

Hi, thank you so much for posting this - your step by step instructions were easy to follow. Unfortunately though I still have kuklorest on my Mac after following these steps, please can you help? Many thanks

Thank you so much. Worked perfectly.

Thanks so much for your help. I believe I got rid of everything. I have only one problem remaining. I am using a browser-based software for a Spanish class called vhlcentral.com The text book is provided via a pop up window. Text acces now works in Firefox and in Chrome but not in Safari. All other components work fine. The VHL support just say-- use the other browsers, but I am concerned that something might be lurking on my computer that has caused this popup window error. The text popup window opens but is blank.

I found this very helpful. It seems to have worked!

Thank you so much!!! You just saved my bacon on a serious deadline night. This crazy adware was creating a memory leak and rendering my MBP useless. Thank you, thank you, thank you!!!  Happy clients are a good thing.

Thank you. It seems to be gone. What can I do to keep it from coming back?

natashajb15 wrote:

 

Hi, thank you so much for posting this - your step by step instructions were easy to follow. Unfortunately though I still have kuklorest on my Mac after following these steps, please can you help? Many thanks

Read through lllaass' post, even easier to follow.

What can I do to keep it from coming back?

Never run any software just because someone on a website tells you to. Never run any software you don't need (such as "anti-virus" or "anti-malware" software), no matter who tells you to. Only use software that you've personally researched as safe, and then only if it does something directly useful to you. For example, if you want to edit video, you need a video editor. If you want to write a book, you need a word processor. But you never need a "virus scanner." You didn't buy a computer so that you could scan for viruses.

You shouldn't go rummaging through system directories that you're not familiar with just because someone on a website tells you to, either.

God bless you for sharing this quick, and effective help, Mr. Davis!

Our machine is now clean thanks to you!