ATTENTION - Your sensitive Information is at risk popup help??

Hi, I am receiving the popup as well. Here is my screenshot.

here is the launch agents folder

/Library/LaunchAgents

and here is my launch demon screen shot

There is no way to tell if any particular pop-up is caused by a normal internet ad or an adware infection. If you want to know if you have an adware infection, you will have to post screenshots or directory listings of various hidden folders (as numerous people have done above) and wait for someone to tell you what to delete. An easier option is to run a tool like EtreCheck (http://etrecheck.com) that can automatically detect adware or otherwise make it much easier to post the contents of those hidden folders. In most cases, EtreCheck can delete the adware too. But if EtreCheck reports any "Unexpected Files" then you should go ahead and post the EtreCheck report. Those "Unexpected Files" could be newly introduced adware.

Disclaimer: Although EtreCheck is free, there are other links on my site that could give me some form of compensation, financial or otherwise.

Hi Linc Davis,

This is what pop ups for me. Could you please assist?

Thank you!

Like everyone else in this thread, you installed "Advanced Mac Cleaner." Instructions for removing it have already been posted. Also see below.

You installed the "mediahm" trojan. Please take the steps below to disable it.

Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

Back up all data before continuing.

1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

2. Inside the folder you just opened, there may be one or more files with a name that begins as follows:

com.mediahm

Move any such files to the Trash. There may not be anything else in the LaunchAgents folder; in that case, you can delete the folder, but otherwise don't delete it. Other files in the folder are not necessarily malicious (though they could be, if you also installed some other kind of malware.)

Log out or restart the computer.

3. From the Safari menu bar, select

Safari ▹ Preferences... ▹ Extensions

Uninstall all extensions you don't know you need. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

4. Reset the home page in each of your browsers, if it was changed. In Safari, first load the home page you want, then select

Safari ▹ Preferences... ▹ General

and click

Set to Current Page

5. This step is optional. Open this folder as in Step 1:

~/Library/Application Support

and move to the Trash the subfolder with the name

mediahm

if present.

Don't move the Application Support folder or anything else inside it.

Hello,

I've also been receiving this pop-up for a while now. Any help I'd truly appreciate. Here's my screen shot of LaunchAgents and LaunchDedaemons.

You have "Advanced Mac Cleaner," "JustCloud," and "ZipCloud."

"ZipCloud," sometimes named "JustCloud," is a cloud-storage service with a doubtful reputation. The OS X client is sometimes distributed along with malware. Although ZipCloud may not be malicious itself, it should be suspected by virtue of the company it keeps.

To remove ZipCloud, please start by backing up all data (not with ZipCloud itself, of course.)

Quit the "ZipCloud" or "JustCloud" application, if it's running, and drag it from the Applications folder to the Trash. Don't try to empty yet.

Triple-click anywhere in the line below on this page to select it:

~/Library/LaunchAgents

Right-click or control-click the highlighted line and select

Services ▹ Open

from the contextual menu.* A folder named "LaunchAgents" should open.

In the folder, there may be one or more files with a name beginning as follows:

com.jdibackup.

Move all such files to the Trash.

Log out or restart the computer and empty the Trash.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return.

This was very helpful, I have seen the popups for several weeks. I had to repeat step1 (I did this after step2) - I had originally three com. files, and the first time I restarted after moving them to Trash, one file was back. So I did:

step 1

step 2 and step 1

and now I seem to be OK. Thanks again.

Hello, I am getting the same pop-up as above and have followed your instructions. Here are my screenshots. Anything you can tell me to do will be much appreciated!

A

Frankly, you're stuffed with malware. There's really no point in removing it unless you intend to make drastic changes in the way you use the computer; otherwise you'll be reinfected right away.

First folder: delete #2, #3, #5 through #17.

Second folder: delete #1, #4, #14, #15.

Third folder: no changes needed.

B

"MacKeeper" is a scam with only one useful feature: it deletes itself.

If you have incompletely removed MacKeeper—for example, by dragging the application to the Trash and immediately emptying—then you'll have to reinstall it and start over.

Note: These instructions apply to the version of the product that I downloaded and tested in early 2012. I can't be sure that they apply to other versions.

IMPORTANT: "MacKeeper" has what the developer calls an “encryption” feature. In my tests, I didn't try to verify what this feature really does. If you used it to “encrypt” any of your files, “decrypt” them before you uninstall, or (preferably) restore the files from backups made before they were “encrypted.” As the developer is not trustworthy, you should assume that the "decrypted" files are corrupt unless proven otherwise.

Please back up all data before making any changes.

In the Finder, select

Go ▹ Applications

from the menu bar, or press the key combination shift-command-A. The "MacKeeper" application is in the folder that opens. Quit it if it's running, then drag it to the Trash. You'll be prompted for your login password. Click the Uninstall MacKeeper button in the dialog that appears. All the other functional components of the software will be deleted. Restart the computer and empty the Trash.

☞ Quit MacKeeper before dragging it to the Trash.

☞ Let MacKeeper delete its other components before you empty the Trash.

☞ Don't try to drag MacKeeper from the Dock or the Launchpad to the Trash.

☞ Don't try to remove MacKeeper while running in safe mode.

C

I suggest that you change a setting to allow only Apple updates and software from the App Store to be installed.

Open the Security & Privacy pane in System Preferences and select the General tab. Click the lock icon in the lower left corner and enter your password to unlock the settings. Select the button marked

Mac App Store

and close the preference pane. For information about the effects of the setting, see this support article. You may need to change the setting temporarily to install some third-party software, such as Adobe Flash Player. Be especially careful with that, as malware is often distributed in the form of a fake Flash update. Never follow a link to a Flash update on any web page. Instead, use the built-in updater in the Flash Player preference pane.

The products in the App Store, while they aren't always very good, can at least be considered safe enough to use.

Help I also received this pop up on or about March 27th

Here are my screens

You should start your own thread instead of resurrecting an old one. You will get more focused attention if you start your own thread.