accidentally installed malware/adware (myppes.com)

You may have installed ad-injection malware ("adware").

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

Some of the most common types of adware can be removed by following Apple's instructions. If those instructions don't work for you, or if you have trouble following them, see below.

This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure that doesn't involve downloading anything.

Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.

Step 1

Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

Leave the folder open for now.

Step 2

Do as in Step 1 with this line:

/Library/LaunchAgents

The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

Step 3

Repeat with this line:

/Library/LaunchDaemons

This time the folder will be named "LaunchDaemons."

Step 4

Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

Step 5

If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

antivirus software is actually good to have. theres free ones on the app store. bit defender can remove the adware from myppes. i know cause i did the same thing... if bit defender has trouble even running, try deleting what you can find of the adware files then run a deep system scan. don't know if it still works with 10.6.

one place to look is Users/ [myusername] /Library/Application Support/Myppes

delete the whole file.

the rest of LD's advice is good...

Hi,

Attached is a screenshot of what is in my /launchagent folder. Can you help me remove these? Thank you for your post it was very useful.

- Nik

You installed several variants of the "InstallMac" trojan. Please take the steps below to disable it.

The criminal behind this attack tries to make the malware hard to remove by varying the names of the files it installs. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

Back up all data before continuing.

1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

2. Inside the folder you just opened, there may be files with a name of the form

something.AppRemoval.plist

something.download.plist

something.ltvbit.plist

something.update.plist

where something is usually a meaningless string, such as any of the following:

Epolife

InstallMac

Javeview

Kuklorest

Manroling

Otwexplain

These are examples, not a complete list. The string could be anything. The point is that the same string will usually appear in the name of three or four files.

You could have more than one copy of the malware, with different values of something.

Move all such items to the Trash. If there are any other files with a name that begin with something, move them to the Trash also. After you've done that, there may not be anything left in the LaunchAgents folder; in that case, you can delete the folder, but otherwise don't delete it. Other files in the folder are not necessarily malicious (though they could be, if you also installed some other kind of malware.)

Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

3. Open this folder in the same way as above:

~/Library/Application Support

and move to the Trash any subfolders named with the same something you found in Step 2.

Don't move the Application Support folder or anything else inside it.

4. Open the Applications folder. If there is an item with the same name as in Step 3, or any of the other names listed in Step 2, or with the name "Zip Devil," drag it to the Trash.

If in doubt, press the key combination option-command-4 to arrange the apps by date added. Look at the apps that have been added since you first noticed the problem. If there is one you don't recognize, drag it to the Trash.

Empty the Trash.

If you get an alert that the application is in use, force it to quit.

5. From the Safari menu bar, select

Safari ▹ Preferences... ▹ Extensions

Uninstall all extensions you don't know you need. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

6. Reset the home page in each of your browsers, if it was changed. In Safari, first load the home page you want, then select

Safari ▹ Preferences... ▹ General

and click

Set to Current Page

I know this is an old post, but maybe you can help. Myppes has ended up on my mac. I've tried your suggestions, but the javeview.update.plist, Myppes.AppVemoral.plist, Myppes.btvlit.plist, Myppes.dolnwoad.plist, and Myppes.uadpte.plist files will not go to trash. They were locked so I unlocked them, but I still get the message "...unexpected error has occurred (error code -50)" after trying to move them to trash. I'm running Yosemite. The issues I'm having are: Chrome will not open, photos will not open, nor iTunes, nor Amazon music. Safari will open, but will not open every website I try to visit. I had to use another mac to open this thread.

Thanks!

Please read this whole message before doing anything.

This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.

Step 1

The purpose of this step is to determine whether the problem is localized to your user account.

Enable guest logins* and log in as Guest. Don't use the Safari-only “Guest User” login created by “Find My Mac.”

While logged in as Guest, you won’t have access to any of your documents or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this behavior; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.

Test while logged in as Guest. Same problems?

After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.

*Note: If you’ve activated “Find My Mac” or FileVault, then you can’t enable the Guest account. The “Guest User” login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.

Step 2

The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.

Please take this step regardless of the results of Step 1.

Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem.

Note: If FileVault is enabled in OS X 10.9 or earlier, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.

Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.

The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.

Test while in safe mode. Same problems?

After testing, restart as usual (not in safe mode) and verify that you still have the problem. Post the results of Steps 1 and 2.

Ok. I went through both steps and was able to get rid of myppes in safe mode the second time. Maybe I was doing something wrong the first time I tried. But now everything is working fine.

Thanks for your help!