Malware help for a novice?

The prompt to download Adobe Flash Player was probably fraudulent. Only obtain software from authorized sources, never from a random popup, never from following the results of a Google search, and never from any download aggregator website such as "C net", "Mac Update", "Soft onic" or any other website whose revenue primarily relies upon advertisements for garbage products. Adobe Flash Player can be obtained here: https://get.adobe.com/flashplayer/.

You inadvertently installed adware. You do not need to download or install anything to fix it.

For a description of how this may have occurred, how to avoid it in the future, and for Apple's recommended actions read How to install adware. Apple's instructions are linked in the Recovery Procedure near the end of that document. Read and follow them carefully. Pay particular attention to the easily overlooked passages directing you to restart your Mac when required.

Review your Gatekeeper settings: OS X : About Gatekeeper - Apple Support. Gatekeeper is designed to help prevent you from inadvertently installing garbage software.

You may have installed ad-injection malware ("adware").

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

Some of the most common types of adware can be removed by following Apple's instructions.

If you're not already running the latest version of OS X ("El Capitan"), updating or upgrading in the App Store may cause the adware to be removed automatically. Back up all data before taking that step. If you're already running the latest version of El Capitan, you can nevertheless download the current updater from the Apple Support Downloads page and run it. Again, some kinds of malware will be removed. That may be all you need to do as far as removal is concerned, but you'll still need to make changes to the way you use the computer to protect yourself from further attacks.

If the above steps don't work for you, see below.

This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.

Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.

Step 1

Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

Leave the folder open for now.

Step 2

Do as in Step 1 with this line:

/Library/LaunchAgents

The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

Step 3

Repeat with this line:

/Library/LaunchDaemons

This time the folder will be named "LaunchDaemons."

Step 4

Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

Step 5

If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

For information about the Other category in the Storage display, see this support article. If the display seems to be inaccurate, try rebuilding the Spotlight index.

Empty the Trash if you haven't already done so. If you use iPhoto, empty its internal Trash first:

iPhoto ▹ Empty Trash

In Photos:

File ▹ Show Recently Deleted ▹ Delete All

Do the same in other applications, such as Aperture, that have an internal Trash feature. Then restart the computer. That will temporarily free up some space.

According to Apple documentation, you need at least 9 GB of available space on the startup volume (as shown in the Finder Info window) for normal operation—not the mythical 10%, 15%, or any other percentage. You also need enough space left over to allow for growth of the data. There is little or no performance advantage to having more available space than the minimum Apple recommends. Available storage space that you'll never use is wasted space.

When Time Machine backs up a portable Mac, some of the free space will be used to make local snapshots, which are backup copies of recently deleted files. The space occupied by local snapshots is reported as available by the Finder, and should be considered as such. In the Storage display of System Information, local snapshots are shown as Backups. The snapshots are automatically deleted when they expire or when free space falls below a certain level. You ordinarily don't need to, and should not, delete local snapshots yourself. If you followed bad advice to disable local snapshots by running a shell command, you may have ended up with a lot of data in the Other category. Ask for instructions in that case.

See this support article for some simple ways to free up storage space. A common waste of space is old iTunes backups of mobile devices. As illustrated in this support article, select the Devices tab in the iTunes preferences window, select the backups you want to delete, and click Delete Backups. Keep at least one backup of each device that you still use.

You can more effectively use a tool such as OmniDiskSweeper (ODS) or GrandPerspective (GP) to explore the volume and find out what's taking up the space. You can also delete files with it, but don't do that unless you're sure that you know what you're deleting and that all data is safely backed up. That means you have multiple backups, not just one. Note that ODS only works with OS X 10.8 or later. If you're running an older OS version, use GP.

Deleting files inside a photo or iTunes library will corrupt the library. Changes to such a library must be made from within the application that created it. The same goes for Mail files.

Proceed further only if the problem isn't solved by the above steps.

ODS or GP can't see the whole filesystem when you run it just by double-clicking; it only sees files that you have permission to read. To see everything, you have to run it as root.

Back up all data now.

Install the app in the Applications folder as usual. Quit it if it's running.

Triple-click anywhere in the corresponding line of text below on this page to select it, then copy the selected text to the Clipboard by pressing the key combination command-C.

For ODS:

security execute-with-privileges /A*/OmniDiskSweeper.app/*/M*/* 2>&-

For GP:

security execute-with-privileges /A*/GrandPerspective.app/*/M*/* 2>&-

Launch the built-in Terminal application in any of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad and start typing the name.

Paste into the Terminal window by pressing command-V. You'll be prompted for your login password.

The application window will open behind other open windows. When you scan a volume, the window will eventually show all files in all folders, sorted by size. It may take a few minutes for the app to finish scanning.

I don't recommend that you make a habit of doing this. Don't delete anything as root. If something needs to be deleted, make sure you know what it is and how it got there, and then delete it by other, safer, means. When in doubt, leave it alone or ask for guidance.

When you're done with the app, quit it and also quit Terminal.

Rougelatete wrote:

-- I have gone through all of the instructions you provided but none of those adware folders were found on my computer.

I'm not quite sure which folders you're referring to.