How to remove Offers4U malware

It's important to note that Offers4U is adware that was bundled with software you downloaded off the Internet, so in the future, be more mindful of what you're downloading and where you're downloading it from.

To start, go to your Applications folder. Look for any applications that say VidX, MacVX, MacCost, MacShop, MacDeals, MacGlobalDeals, and Mac4U. Move them to the trash, either by dragging them out of the folder and dropping them into the trash can, or by right-clicking and selecting "Move to Trash." Then, open up all the browsers you have on your computer. Go to each browser's Preferences pane and find whatever tab lists all the extensions that have been downloaded for that browser. When you find the Offers4U plugin, uninstall it. If you see any extensions that don't look right, or that you don't remember installing, uninstall them as well. Return to the tab that allows you to set your homepage and change it to whatever you want your homepage to be, or whatever it was before the adware took over. Quit all the browsers, then restart your computer if you want to be extra sure everything is gone.

You may have installed ad-injection malware ("adware").

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

Some of the most common types of adware can be removed by following Apple's instructions. If those instructions don't work for you, or if you have trouble following them, see below.

This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure that doesn't involve downloading anything.

Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.

Step 1

Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

Leave the folder open for now.

Step 2

Do as in Step 1 with this line:

/Library/LaunchAgents

The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

Step 3

Repeat with this line:

/Library/LaunchDaemons

This time the folder will be named "LaunchDaemons."

Step 4

Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

Step 5

If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

I tried to get rid of the annoying "offers4u" pop-ups for days and followed all kinds of instructions, that I researched online. NOTHING worked (incl. AdwareMedic, Malwarebytes, ClamXav, Sophos, etc. Neither on OS 10.9.x nor 10.6.8 (running both on different partitions). But it looks like, that I did find a SOLUTION, which I will describe with the following 6 steps:

1. Find out, on which websites the "offers4u" windows pop-up. In my case it was mostly on Amazon and on ebay, not immediately though, only after I was searching for some specific items. I tried to find out, to which domains or IPs the browser was connecting short before the "offers4u"-windows pop-up. As that happens so fast, it is nearly impossible to write down or memorize this info, so I recorded the screen with a screen recording program. I have uploaded the result here: http://vimeo.com/138000812 (PW = video). Going through the video you will see domains like cloudfront.net, mgicinsrc.org and mgicinsrc.info show up before the actual oofers4u-windows pop up. So here are the next steps I did:

2. Using the selectivecookiedelete-Extension for Firefox, I deleted all cookies, that contained “cloudfront” and “mgicin”. If you don't have this extension, I suggest, you delete all cookies.

3. Most important: I copied the file “hosts” (located in ~/private/etc/hosts) to my desktop, opened with a regular text program and added the following lines:

127.0.0.1 i.mgicinjs.info

127.0.0.1 f.mgicinjs.info

127.0.0.1 i.mgicinjs.org

127.0.0.1 mgicinjs.net

127.0.0.1 mgicinjs.com

127.0.0.1 dew9ckzjyt2gn.cloudfront.net

===> If OTHER domains show up in your browser, of course you need to paste those into the hosts-file <===

4. I deleted the original hosts-file and moved/copied the one created on the desktop to the etc-folder.

5. I ran “Repair Disk Permissions” with Disk Utility.

6. I restarted my iMac, ran Firefox and (until now) the offers4u annoyance did not reappear.

Theoretically this should also make offers4u disappear on all other browsers you are using (don't forget to delete the cookies there too).

Please respond to the above, if it worked for you too (or not). Best wishes, A.

Why do i need to upload the printscreens?

Mattstock

Solved the problem with your earlier post in another thread. Thanks alot Linc Davis!

Unsure why you needed the screenshots but it hasn't done anything to remove the popups/malware?

ZipCloud uninstall

Spotify Uninstall

MacKeeper – Do Not Install

MacKeeper – Do Not Install (2) See SDW2001’s post

MacKeeper Removal

MacKeeper Removal