Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How do I get rid of search.plasticumbrella.com malware from my Mac Mini?

I've installed OS X El Capitan Version 10.11.3 on my Mac Mini. Yesterday I realized that the home page on both Safari and Firefox had been changed from Google to something called 'plasticumbrella.com'. In reading about it on-line, it appears to be some type of adware malware. Two sites give instructions on how to get rid of it from my computer, but I don't know if the sites are legitimate. They are malwarefixes.com and junkwareremoval.com. Are these safe sites for following their recommendations? Has anyone else had this malware show up on their Mac Mini?

Mac mini, OS X El Capital Version 10.11.3

Posted on Feb 6, 2016 1:55 PM

Reply
Question marked as Best reply

Posted on Feb 6, 2016 1:59 PM

I have not heard of and would not use those two sites

First try

How to install (Really remove) adware

Stop pop-up ads and adware in Safari

Adware Removal Guide : Identification

Next if necessary download and run, it is not a resident app. It just identifies and removed adware if you want the app to remove it.

Malwarebytes Anti-Malware for Mac

15 replies
Question marked as Best reply

Feb 6, 2016 1:59 PM in response to Desert Dweller 11

I have not heard of and would not use those two sites

First try

How to install (Really remove) adware

Stop pop-up ads and adware in Safari

Adware Removal Guide : Identification

Next if necessary download and run, it is not a resident app. It just identifies and removed adware if you want the app to remove it.

Malwarebytes Anti-Malware for Mac

Feb 6, 2016 4:56 PM in response to Desert Dweller 11

You may have installed ad-injection malware ("adware").

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

Back up all data first.

Some of the most common types of adware can be removed by following Apple's instructions. But before you follow those instructions, you can attempt an automatic removal.

If you're not already running the latest version of OS X ("El Capitan"), updating or upgrading in the App Store may cause the adware to be removed automatically. If you're already running the latest version of El Capitan, you can nevertheless download the current updater from the Apple Support Downloads page and run it. Again, some kinds of malware will be removed—not all. There is no such thing as automatic removal of all possible malware, either by OS X or by third-party software. That's why you can't rely on software to protect you.

If the malware is removed in your case, you'll still need to make changes to the way you use the computer to protect yourself from further attacks. Ask if you need guidance.

If the malware is not removed automatically, and you can't remove it yourself by following Apple's instructions, see below.

This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.

Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.

Step 1

Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go â–ą Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

Leave the folder open for now.

Step 2

Do as in Step 1 with this line:

/Library/LaunchAgents

The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

Step 3

Repeat with this line:

/Library/LaunchDaemons

This time the folder will be named "LaunchDaemons."

Step 4

Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

Step 5

If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

Feb 11, 2016 12:41 PM in response to pinkstones

pinkstones wrote:



Why not? How else do you think you're supposed to uninstall it?

I think I am supposed to follow Linc's advice as well as add the few other things I suggested to remove the rest of it.


Using a malware developers "Uninstaller" when it was NOT permitted to be installed in the first place doesn't sound like a recipe for success. But if that is how you would like to do it, I wish you good luck.

Feb 11, 2016 12:48 PM in response to sabdal1

sabdal1 wrote:


pinkstones wrote:



Why not? How else do you think you're supposed to uninstall it?

I think I am supposed to follow Linc's advice as well as add the few other things I suggested to remove the rest of it.


Using a malware developers "Uninstaller" when it was NOT permitted to be installed in the first place doesn't sound like a recipe for success. But if that is how you would like to do it, I wish you good luck.


What do you mean "not permitted to be installed"? You installed it. Therefore you permitted it. The malware/adware that affects Macs differs from Windows viruses in the sense that the latter gets installed onto the hard drive without you doing anything. With Macs, the only way it gets on your computer is if you allow it. That's why downloading things from aggregate download sites (Softonic, CNET, Download (dot) com, MacUpdate) and torrent sites are so dangerous. You're intentionally putting damaging software on your computer when you do it, and you have no one to blame but yourself when things go wrong. That's also why anti-virus programs at this point are completely ineffective; they can't stop you from downloading something you shouldn't from some place you shouldn't. It's up to you to use common sense and only download things from the App Store or the developer's website.


MacKeeper is considered as good as malware, and the only way to get rid of it is to use the uninstaller that came with the download, following the developer's instructions for removal.

Feb 11, 2016 1:12 PM in response to Desert Dweller 11

Illass (and others) pointed out the software AdwareMedic

http://www.adwaremedic.com/index.php

A post earlier today was cited by the Apple Community with this link as being at least part of the recommended (by Apple) course of action.

While there are those of us in this community who are reluctant to use AV and Malware tools (myself being one of them) I do believe that this tool is an exception to that concern. AFAIKT is not disguising itself as anything but a free and resourceful tool that will identify most mac malware and remove it sparing you from resorting to performing a series of steps in order to facilitate a fix. Adwaremedic for mac was developed by a frequent and knowledgeable contributor to these forums. Take this FWIW, it's simply an opinion a public forum like anything else here.

Feb 12, 2016 5:09 AM in response to Desert Dweller 11

My iMac running OS X El Capitan 10.11.3 became infected with plasticumbrella adware in Safari after I downloaded and unzipped an audio recoder app called "Free m4a-to-mp3-converter.exe" from CNET.com and also directly from the software developer's website (maniactools.com).


The symptoms of the infection included:

1. The audio app came in a ZIP file that required another app called "ZipDevil.dmg" to unpack it.

2. Plasticumbrella had changed my Safari homepage from Google to a search engine obviously associated with 'plasticumbrella.com'.

3. The tricky thing was that the malware wouldn't allow the Preferences pane to be opened from the Safari dropdown menu. This obviously prevented me from being able to implement many of the Apple suggested fixes relating to Safari Extensions. As this pane/tab could not even be viewed.


I downloaded and used the Malwarefixes.com app tool. This successfully located the plasticumbrella related files (below) on my HDD which I dragged to Trash. But the problem was still there in Safari.


User uploaded file


When this happened I got worried and began to follow Linc's instructions above using Firefox (which I already had installed). Before starting Linc's Step 1 of 5, I downloaded OS X 10.11.3 ready to re-install if necessary. In the meantime, I took a look at the Apple Instructions Linc suggested. It was here that I found the key to getting rid of the bogus Homepage setting and accessing the Safari Preferences pane:


"On your Mac, force Safari to close. The next time you open Safari, hold down the Shift key while Safari opens. This prevents Safari from automatically reopening any windows."


By following this action (force Safari to close and hold Shift while opening) Safari then opened with the Apple.com page as the new Homepage and suddenly the Safari Preferences pane could be accessed from the Safari dropdown menu. I checked the Extensions tab and there were none listed.


Safari was back to normal. Just to be safe I have also re-installed OS X 10.11.3

Feb 12, 2016 5:31 AM in response to pinkstones

pinkstones wrote:


What do you mean "not permitted to be installed"? You installed it. Therefore you permitted it.

Pinkstones, most of the posters in this thread have taken helpful tone; you seem to like the critical/negative tone. Not very helpful.


If I open my front door and somebody says they are a repairman and then rob my house, it's all well and good to say I "permitted" them to come in. But under false pretenses.


That being said: I will say your advice to only download software from TRUSTED sites is excellent advice and should be heeded by everybody reading.


But it would be much easier to take your advice if you weren't so gruff and "high and mighty" about it. Perhaps you could try to take a more congenial approach in the future. Or not, up to you. Have a nice day 🙂

How do I get rid of search.plasticumbrella.com malware from my Mac Mini?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.