malware

Below is a suggested procedure to inactivate the malware you installed.

Please back up all data before making any changes.

The numbers refer to the items in the screenshots, in the order shown. Use the screenshots as a guide. #1 would be the topmost item, #2 the one below, and so on.

The names in quotes refer to malware types, not to the names of the files. Don't expect the files to have similar names. For example, if you installed the "VSearch" malware, usually none of the files will have the word "VSearch" in the name. Malware attackers don't make it that easy for you.

You may be prompted for your administrator name and/or password when you delete some of the files listed below, or you may be prompted to confirm because a file is locked.

In the first folder arranged as shown in the screenshots, delete these items:

#1 and #2 ("VSearch")

In the second folder:

#1 and #2 ("Flashmall")

In the third folder:

#3 through #5 ("Genieo")

#7 and #8 ("Flashmall")

Restart the computer. Until you've done that, the malware will still be active, even after you delete the files.

Uninstall any Safari extensions you don't know you need. If in doubt, remove all of them. None is needed for normal operation.

Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

Reset the Safari home page and search engine, if either was changed. You may need to do the same in the other browsers.

From the Applications folder (not shown in the screenshots), delete items with any of the following names:

MPlayerX

PDF Pronto

Open your home folder by clicking the house icon with your name in the sidebar of a Finder window. If there is a subfolder named "Applications" (different from the main Applications folder), remove anything in it that you don't recognize.

These steps will permanently inactivate the malware, as long as you never reinstall it. A few small files may remain in hidden folders, but they have no effect.

Step 1

Step 2

Step 3

Step 4

Step 5

Chrome

Step 5

Firefox

Just replied and looking forward to your help. Thanks!

And... nevermind. I got it worked out.

Can you help me with this problem?

For chrome:

I would very much appreciate your help getting Chumsearch off my computer. I installed MacKeeper before fully researching it to try to solve that problem, and I hope I have successfully uninstalled it. I also found Mega Backup in my applications, and I put it in the trash. All this trouble came from my trying to update Adobe and not paying enough attention to what I was doing.

I followed Linc's instructions here and it was a big help. But I had to do one more thing to insure the adware was gone. What was happening on my iMac was when I startup, after everything loads from the system, the following files were created and placed in private/var/tmp

If dit8.tgz is allowed to decompress, it installs a folder in tmp called Injector. Inside this folder is bad stuff that creates the files Linc discusses. The injector files infects browsers with adware selling virus removal software. What a surprise, right? Deleting the files Linc recommendes got rid of the source but I also needed to delete the files from private/var/tmp.

Looking forward to your help.. I had chum search installed and I don't know how.. Could you help me?

I'm no expert. All I did was follow these instructions:

Re: malware

You can do the same.

Same issue. Any help is appreciated! Thanks!

Seems i have some type of adware. Saw your post and thought i would ask for help.

The LaunchAgents window came up and I deleted those files within a week ago. The window will

still appear but has no contents. This is the LaunchDaemons window that appears.

Thanks