an adware app was installed on my computer after I selected "no thanks"...does anyone know how to remove a program called duckokong?
Mac mini, OS X Mountain Lion (10.8.5)
Simply clear the cache of your browser, close it, and then reopen it.
See the following but only use the manual method. Do not use Bit Defender
http://junkwareremoval.com/adware/remove-search-duckokong-com-redirect/
You may have installed ad-injection malware ("adware").
Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.
Some of the most common types of adware can be removed by following Apple's instructions.
If you're not already running the latest version of OS X ("El Capitan"), updating or upgrading in the App Store may cause the adware to be removed automatically. Back up all data before taking that step. If you're already running the latest version of El Capitan, you can nevertheless download the current updater from the Apple Support Downloads page and run it. Again, some kinds of malware will be removed. That may be all you need to do as far as removal is concerned, but you'll still need to make changes to the way you use the computer to protect yourself from further attacks.
If the above steps don't work for you, see below.
This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.
Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.
If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.
Step 1
Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.
If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.
There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.
Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.
Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.
Leave the folder open for now.
Step 2
Do as in Step 1 with this line:
/Library/LaunchAgents
The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.
Step 3
Repeat with this line:
/Library/LaunchDaemons
This time the folder will be named "LaunchDaemons."
Step 4
Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.
Step 5
If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.
A
Please back up all data before making any changes.
Below is a suggested procedure to inactivate the malware you installed.
The numbers refer to the items in the screenshots, in the order shown. Use the screenshots as a guide. #1 would be the topmost item, #2 the one below, and so on.
The names in quotes refer to malware types, not to the names of the files. Don't expect the files to have similar names. For example, if you installed the "VSearch" malware, usually none of the files will have the word "VSearch" in the name. Malware attackers don't make it that easy for you.
In the first folder arranged as shown in the screenshots, delete these items:
#10 through #14 ("InstallMac")
In the second folder:
None
In the third folder:
None
Restart the computer. Until you've done that, the malware will still be active, even after you delete the files.
Uninstall any Safari extensions you don't know you need. If in doubt, remove all of them. None is needed for normal operation.
Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
Reset the Safari home page, if it was changed. You may need to do the same in the other browsers.
From the Applications folder (not shown in the screenshots), delete items with any of the following names:
Duckokong
InstallMac
ZipDevil
These steps will permanently inactivate the malware, as long as you never reinstall it. A few small files may remain in hidden folders, but they have no effect.
The instructions above apply only to you. I'm including more general—and complete—self-contained removal instructions below for the benefit of others who may find this discussion. You can skip the remaining steps, but you should read them.
B (optional)
You installed one or more variants of the "InstallMac" trojan. Please take the steps below to disable it.
The criminal behind this attack tries to make the malware hard to remove by varying the names of the files it installs. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
Back up all data before continuing.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may be files with a name of any of these forms:
something.AppRemoval.plist
something.download.plist
something.ltvbit.plist
something.update.plist
Here something is usually a meaningless string, such as any of the following:
Epolife
InstallMac
Javeview
Kuklorest
Manroling
Otwexplain
These are examples, not a complete list. The string could be anything. The point is that the same string will usually appear in the name of three or four files.
Lately, the "InstallMac" attacker has been scrambling the strings "AppRemoval," "download," "ltvbit," and "update" in the names of his files. For example, you might see file names such as these, instead of the above:
something.AppVemoral.plist
something.dolnwoad.plist
something.btvlit.plist
something.uadpte.plist
You could have more than one copy of the malware, with different values of something.
Move all such items to the Trash. If there are any other files with a name that begins with something, move those to the Trash also. After you've done that, there may not be anything left in the LaunchAgents folder; in that case, you can delete the folder, but otherwise don't delete it. Other files in the folder are not necessarily malicious (though they could be, if you also installed some other kind of malware.)
Log out or restart the computer. The trojan should now be inactive.
3. This step is optional. Open the following folder as in Step 1:
~/Library/Application Support
and move to the Trash any subfolders with the name something that you found in Step 2.
Don't move the Application Support folder or anything else inside it.
4. Open the Applications folder. If there is an item named something, or "Zip Devil," or with any of the other names listed in Step 2, drag it to the Trash.
If in doubt, press the key combination option-command-4 to arrange the apps by date added. Look at the apps that have been added since you first noticed the problem. If there is one you don't recognize, drag it to the Trash.
You may get an alert that the item is locked. Confirm that you want to move it to the Trash.
Empty the Trash.
If you get an alert that the application is in use, force it to quit.
5. From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall all extensions you don't know you need. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
If the Preference window won't open, restart the computer in safe mode. Certain caches maintained by the system will be rebuilt.
6. Reset the home page in each of your browsers, if it was changed. In Safari, first load the home page you want, then select
Safari ▹ Preferences... ▹ General
and click
Set to Current Page
You might want to consider starting a new discussion. Since this one is marked solved, less people are likely to look at it. A new post would be much more visible. You can link to this one.
There are 3 Duckokong .plists in your 1st screen shot. Delete them.
Hi,
here are the screenshots, hope they are readable as on my mac.
There are no extensions listed, but I remember removed them some days ago, and I remember they were carrying Duckokong as well.
You might want to consider starting a new discussion. Since this one is marked solved, less people are likely to look at it. A new post would be much more visible. You can link to this one.
There are 4 Duckokong .plists in your 1st screen shot. Delete them.
how can I remove the adware Duckokong from my computer?
