Utorrent wont open

You may have installed ad-injection malware ("adware").

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

Some of the most common types of adware can be removed by following Apple's instructions. If those instructions don't work for you, or if you have trouble following them, see below.

This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure that doesn't involve downloading anything.

Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.

Step 1

Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

Leave the folder open for now.

Step 2

Do as in Step 1 with this line:

/Library/LaunchAgents

The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

Step 3

Repeat with this line:

/Library/LaunchDaemons

This time the folder will be named "LaunchDaemons."

Step 4

Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

Step 5

If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

A

Back up all data before making any changes.

In the folder arranged as shown in the first screenshot, please delete these items:

#3 through #6 ("Flashmall")

#2 and #7 ("ZipCloud")

In the second folder:

None

Restart the computer.

Uninstall any Safari extensions you don't know you need. If in doubt, remove all of them. None is needed for normal operation.

Reset the Safari home page, if it was changed. You may need to do the same in the other browsers.

From the Applications folder (not shown in the screenshots), delete items with any of the following names:

Flashmall

InstallMac

mediaDownloader

WebTools

ZipCloud

Open your home folder by clicking the house icon with your name in the sidebar of a Finder window. If there is a subfolder named "Applications" (different from the main Applications folder), remove anything in it that you don't recognize.

These steps will permanently inactivate the malware, as long as you never reinstall it. A few small files may remain in hidden folders, but they have no effect.

The instructions above apply only to you. I'm including more general—and complete—self-contained removal instructions below for the benefit of others who may find this discussion. You can skip the remaining steps, but you should read them.

B (optional)

You installed the "Flashmall" trojan. Take the steps below to disable it.

Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

Back up all data before continuing.

1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

2. Inside the folder you just opened, there may be files with a name beginning in any of the following ways:

com.crossrider

com.extensions

com.flashmall

com.Installer.completer

com.webhelper

com.webtools

flashmall

UpdateDownloader

WebSocketServerApp

Move any such files to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

3. Do as in Step 1 with this line:

~/Library/Application Support

A folder named "Application Support" will open. Inside it there may be subfolders with any of these names:

IM.Installer

webHelperApp

WebTools

If so, move those subfolders—not the "Application Support" folder—to the Trash.

4. Open this folder in the same way as above:

~/Library/ScriptingAdditions

and remove an item named

BrowserHelper.osax

if present.

5. Open this folder:

~/Library

Look for subfolders with either of these names:

flashmall

WebTools

and move them to the Trash, if present. Don't remove the subfolder named "WebKit".

6. Open the Applications folder. Move to the Trash items with any of these names:

Flashmall

mediaDownloader

WebTools

Important: You can't delete applications by trying to drag them from the Dock or the LaunchPad. Open the Applications folder in the Finder.

7. Open this folder in the same way as above:

~/Applications

This is not the usual Applications folder, but a different one inside your home folder. Look for an application with a name like this:

flashmall

and move it to the Trash, if present. Also remove anything else in that folder that you don't recognize.

Empty the Trash.

8. From the Safari menu bar, select

Safari ▹ Preferences... ▹ Extensions

Uninstall all extensions you don't know you need, including one called "GoldenBoy," if it's present. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

C (optional)

"ZipCloud," sometimes named "JustCloud," is a cloud-storage service with a doubtful reputation. The OS X client is sometimes distributed along with malware. Although ZipCloud may not be malicious itself, it should be suspected by virtue of the company it keeps.

To remove ZipCloud, start by backing up all data (not with ZipCloud itself, of course.)

Quit the "ZipCloud" or "JustCloud" application, if it's running, and drag it from the Applications folder to the Trash. Don't try to empty yet.

Triple-click anywhere in the line below on this page to select it:

~/Library/LaunchAgents

Right-click or control-click the highlighted line and select

Services ▹ Open

from the contextual menu.* A folder named "LaunchAgents" should open.

In the folder, there may be one or more files with a name beginning as follows:

com.jdibackup.

Move all such files to the Trash.

Log out or restart the computer and empty the Trash.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

Torrents are an excellent way of introducing malware on your MBA. I strongly suggest that you rid your Mac of same. The final decision of course is yours.

Ciao.

Where did you download it from?

It sounds like what you downloaded has been loaded with malware which has now infected your Mac.