Malware blocking safe mode/updates/filevault

if one is redirected to weird site : open spotlight by pressing command spacebar - type terminal - in this window type a command : cat /etc/hosts hit enter - restart from apple logo - in trash a dollar icon or file will be there - empty the trash . open safari - its gone .

how to remove any malware , pop up , rootkits , botnets , key logger , viruses ( very rare in mac computers i.e. .exe , .db . txt files ) . download www.malwarebytes.org/antimalware/mac from this site . it will be in downloaded in download folder drag and drop in application folder , then remove .dmg file in trash as it occupies space in hard disk .

then don't open it from launched as it is 3 rd party app ( unidentified app ) . go in finder - applications - right click on malware bytes - open then scan . it will remove any kind of malware .

if still in doubts go to root user a/c scan on malware bytes if left over malware is there it will pull out from system .

then it is not advisable to use root user account , so its better to log out from root user account , there are manual methods to remove malware also .

if malware appears in system how to remove it

click on finder - go from top menu bar - computer - macintosh HD - library ( this is the way to enter in system library )

application support : only search v search , conduit , trovi , jack , com.midnight.agent.plist if they are found delete them .

applications : find search protect.app , cinemaprol -2 .app , web tools.app , genieo , install mac uninstall genieo , uninstall IM completer .app

launch agents : com .genieo .completer .update.plist , com .genieo .engine.plist , com genieo innovation.mac -extension.client.plist , com .genieoinnovation.mac-extension.plist , com asterikagent.plist ( asterik is any word ex : com.midnight.agent.plist )

also see com.midnight. asterik plist ( asterik may be shopymate , cinemaprol -2 , - enabler.plist , - enabler.sh , - updater.plist , - updater.sh , .ver

if : com.crossrider.wss1234.agent.plist , com .crossrider .wss asterik .agent .plist , com.extensions .updater asterik .agent .plist . if they are found delete them . launch agent folder should be empty .

launch dameons : com.genieoinnovation , mac extension.client.plist , jack.plist , com asterik .daemon.plist , com .asterik .helper.plist ,com.midnight.daemon.plist

but do not delete com.adobe.fpsaud.plist , com.microsoft.office.licensing.helper.plist - if one is using adobe flash player , microsoft

privileged helper tools : jack , com.genieoinnovation .macextension.client

start up items : it should be empty

logs ; if safari is slowing down the remove it contents otherwise not

preferences : conduit , v search , genieo if found delete them other contents not to be removed

scripting additions - should be empty

frameworks : v .framework , v search.framework , genieo extra .framework if found remove them other contents are not be removed

input methods - empty

internet plugins : don't remove : default browser.plugin , flash player .plugin , flash player .xpt ns1qtscriptable plugin .xpt , share point browser plugin .plugin , quick time plugin .plugin , share point web kit plugin.webplugin

if any other files are be found remove them .

also /usr/lib/libgenkit .dylib , /usr/lib/ libgenkitsa.dylib , /usr/llib/libimckit.dylib , /usr / libimckitsa .dylib if found remove them

receipts : remove the contents - if major issues are there in safari otherwise not

extensions : if safari issues are there remove contents otherwise not do not remove bsd.pkg , db , install history.plist

caches : remove the contents if highly accumulated

we have to go in user library also and remove contents from there also , it will be in next post .

Bails96 wrote:

Hi thanks for your reply - unfortunately I had already tried this to no avail. I am quite sure the malware blocks it from running because it only scans for a matter of seconds before saying its completed.

If Malwarebytes hasn't found anything, it's not likely there's something there, but if you want added peace of mind, you can go through the steps listed in this support article to look for (and remove if found) malware manually.

http://support.apple.com/en-us/HT203987

in user library : click on go on top menu bar - keep on holding option key don't release it - click on library - this the way to enter in user library

application support : web helper app , genieo , com.genieo innovation.installer if found remove them if you remove all contents in application support and move in trash - restart from apple logo - then empty the trash fresh contents are recreated , if in doubts about malware remove them .

contents of caches , cookies are also to be removed

caches : com.conduit.takeoversearchassests , com .vsearch .bulk ,installer , com.vsearch .vsinstaller

applications : cinemaprol - 2 .app

internet plugins : conduit NPAPIP plugin.plugin , trovi NPAPIP plugin.plgin

input methods : should be empty

preferences : com.genieo.global.sttings.plistlockfile , com.genieo.settings.plist.global.settings.plist

by host : remove contents of it - all junk files related to network are removed

logs : remove all contents if highly accumulated otherwise not sometimes safari slows down then only contents are deleted

preferences : com.apple.plist.lockfile note enlarge preferences column by using three fingers to see clearly the file name always so that other important files should be never removed

also remove contents of caches ,cookies , saved application state

launch agents : this folder is removed by apple in el capitan if one is using yosemite it might be there so it should be empty

saved application state : com.genieo.removegenieomac.savedstate , com.vsearch .bulk.installer.savedstate

also remove : conduit , trovi , web tools , cinemaprol

if these contents are to be found remove them but www.malwarebytes.org/antimalware/mac : is quite easy to operate . it scans all system files in 6 sec . if any malware is there it indicates - and removes .

one moe method is there that will be in next post

one more method to remove malware : go to user library - preferences - remove com.apple.safari.plist to trash . restart from apple logo , empty the trash whole browser is refreshed . lot of settings in system preferences , safari preferences are changed means your browser is refreshed . just like you purchased from showroom its just like a fresh piece .

clear all history & website data

in system library ; remove contents of safari and extensions .

thats not how you clean malware from a Mac. That's how you reset Safari's preferences file if it's corrupt. Unless that malware exists solely in the plist file it's going to be alive an well somewhere on your mac.

yes i do agree with pink stones . when we click on malware bytes - scan - it fades for a very short moment - it downloads signature files then we to have to again click on scan . in the end it states no malware / adware found .( it also asks to enter user name & password always .

if any malware is to be found it will show its activity - like unwanted pop up s will be there , any box in system preferences - will be unchecked , cursor will move , you will not be able to log in web mail . read malware bytes blogs variety of malware removal is there .

also for i worm : in terminal : more /etc/hosts/ hit enter : if any malware is there in system it will be shown .

i have stated manual methods what to remove from system library , user library or use malwarebytes

sorry it is : more /etc/hosts all words are small and there is space after more

if you have downloaded any anti virus software it can remove internet plugins folder or any folder so it is not advise able to use anti virus in mac computers also it might be a mac keeper , mac helper , mac defender malware - a robotic figure some times appears when safari is opened . support.apple.com/en-us/ht202225 article of apple is there follow it if found delete it .

go to spotlight - type activity monitor

choose all processes - under process name column - find mac defender , mac security , mac protector or directly type the names in search field its very easy method .

if found - click quit process button in upper left corner . quit activity monitor application , open application folder in system library locate the malware drag and drop to trash - empty trash . this malware also installs in : system preferences : users and groups , also see in download folders if found delete in trash - restart from apple logo restart . follow the article 202225

in terminal type : more /etc/hosts - hit enter for a normal computer if no malware is there files should look like this

##

# host database

#

# local host is used to configure the loopback interface

# when the system is booting do not change this entry

##

127.0.0.1 local host

255.255.255.255 broad cast host

: : 1 local host

fe 80 : : 1 % lo 0 local host - if this file is not shown if a user is not using ipv6 configuration or blocked it means this address is not routable & will be discarded by any router in the LAN

if any additional lines were added by you or i worm or some sort of hack

if any of the URLS contain apple address that was i worm

if they are adobe addresses then this indicates the installation of pirated adobe software of some sort

in your case apple addresses are there it means malware is there , consult toll free apple 0008001009009 . show your post or do a screen sharing with them and senior advisors will help to remove malware . it seems the malware in your system are stopping to download www.malwarebytes.org

last method as always : wipe out hard drive , do a fresh installation - take your system to authorised apple service centre they are expert will do a fresh installation