what is kuklorest? Something seems to be taking over my browser and setting it to bing

Are you unwilling to try the other recommendations in this thread? They were outlined before the post with the long and apparently incomplete instructions.

You may have installed ad-injection malware ("adware").

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

Some of the most common types of adware can be removed by following Apple's instructions.

If you're not already running the latest version of OS X ("El Capitan"), updating or upgrading in the App Store may cause the adware to be removed automatically. Back up all data before taking that step. If you're already running the latest version of El Capitan, you can nevertheless download the current updater from the Apple Support Downloads page and run it. Again, some kinds of malware will be removed. That may be all you need to do as far as removal is concerned, but you'll still need to make changes to the way you use the computer to protect yourself from further attacks.

If the above steps don't work for you, see below.

This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.

Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.

Step 1

Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

Leave the folder open for now.

Step 2

Do as in Step 1 with this line:

/Library/LaunchAgents

The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

Step 3

Repeat with this line:

/Library/LaunchDaemons

This time the folder will be named "LaunchDaemons."

Step 4

Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

Step 5

If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

Every time I open Chrome it defaults to search.kulorest.com even though the default searches are all set to Google in Chrome.

Please create a new Chrome user profile. Note that Chrome can sync your account settings between devices, so if you enable that feature, malicious profile data can spread from one to another in a virus-like way.

Thank you so much. That has resolved the issue with Chrome. Can you point me to any information to clean up Firefox? I continue to be directed to dev.search.strtpoint.com when searching from within the address bar on that browser.

Update: I was able to resolve the Firefox issue by doing a complete refresh of the browser via its about:support troubleshooting page.

If Safari is not affected, you may have installed a malicious Firefox extension.

First follow the instructions on this page. If there's a Firefox extension you can't remove in the Extensions manager, see below.

Back up all data before proceeding.

Triple-click anywhere in the line below on this page to select it:

~/Library/Application Support/Mozilla

Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return.

A folder should open with an item named "Mozilla" selected. Quit Firefox if it's running. Move the selected item to the Trash. Relaunch the browser and test.

If the extension is still present, repeat with this line:

/Library/Application Support/Mozilla

If this folder exists, you may be prompted for your administrator login password when making changes to it.

Some kinds of malware may insert code into the Firefox application itself. If the above steps don't solve the problem, quit Firefox, delete it from the Applications folder, and download a fresh copy directly from mozilla.org.

Thanks again. I also implemented the steps you outlined and all appears to be working fine.

Below are all the screenshots. Nothing looks suspicious (I had deleted malware stuff the last time I went through some of these steps), except that the Kuklorest extension appeared this time, though not the last time I checked. Should I uninstall that extension? Delete it? Something else? Thanks!!

ten

Interesting - last time i went through the steps (similar, but not exactly the same as your steps), my extensions folder did not include Kuklorest. Not sure if I should uninstall it or delete it or what, so doing nothing right now.

I don't usually use Chrome, but I do have it, so did the screenshot of Extensions.

Should I uninstall that extension?

Yes.

Thank you! Finally, success. I really appreciate your help.

Thanks Linc Davis -- I appreciate your easy-to-follow explanation that solved the problem.

This worked for me. Many thanks.

Thanks so much!!!

All done!!!

Linc,

Thank you so much for the info on removing kuklorest. The Apple support on removal of adware and malware was helpful and thankfully i didn't have any of those on my Mac, but i did recently find that kuklorest had made it onto my Mac. I followed all your instructions and appear to be clean now with one exception. I still show a kuklorest uninstall icon in my Applications. When I try to move it to the trash, I am told I do not have permission to do so. How can I remove this last piece of kuklorest?

I am told I do not have permission to do so.

Did you log out or restart after removing the rest of the malware? What version of OS X are you running? What is the exact, complete text of the error message?