Q: How can I get rid of the DealTop Virus?

I am using Malwarebytes on my MacBook Pro Retina, Malwarebytes should be able to remove the so-called adware from your Mac.

You can trust this program.

If you have opened another thread on this forum and have not been given preventive instructions to your issues at this time reopen that thread and state that.

Currently there are no reported mac virus in the wild, by the definition of how malware, adware and virus spread and deploy.

To remove pop ups on Safari see apples recommendation here

Stop pop-up ads in Safari - Apple Support

close safari and open it again while holding the shift key, then remove your browser history and cache.

Malwarebytes can remove malware on mac if it is found, it will not prevent it from infecting your computer.

Most if not all mac anti-virus solutions have been cited on these forms as causing more problems then they purport to fix. All mac AV offerings should be be given the credit of their PC counterparts. PC AV has had decades to mature and be developed, Mac AV has not. To be clear Malwarebytes does not operate as most AV solutions do, it does not stay in a perpetual state of residency on you computer searching for anomalies, it is not preventative and does not claim to be. I personally would not include it in the same category as Mac AV as it's approach to operation is entirely different

You may have installed ad-injection malware ("adware").

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

Back up all data first.

If you're not already running the latest version of OS X, updating or upgrading in the App Store may cause the adware to be removed automatically. If you are already running the latest version, please log out or restart the computer. Again, some kinds of malware will be removed—not all. There is no such thing as automatic removal of all possible malware, either by OS X or by third-party software. That's why you can't rely on software to protect you.

If the malware is removed in your case, you'll still need to make changes to the way you use the computer to protect yourself from further attacks. Ask if you need guidance.

If the malware is not removed automatically, see below.

This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.

Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. The malware will be disabled temporarily.

Step 1

Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

          Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

Leave the folder open for now.

Step 2

Do as in Step 1 with this line:

/Library/LaunchAgents

The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

Step 3

Repeat with this line:

/Library/LaunchDaemons

This time the folder will be named "LaunchDaemons."

Step 4

Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

Step 5

If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

The overwhelming majority of volunteers here will recommend you use Malwarebytes, as do many certified Apple technicians. It's safe, effective and proven to hundreds of volunteers helping just as many users for use with this specific type of issue. The conclusivle number of posts where users were directed to use Malware bytes showed it effectively removed newer and older variants of Mac Malware with a far simpler procedure and provided reports as to what was accomplished through manual means.

While any method is not without it's flaws Malwarebytes has a history of deployment in professional settings and a history of providing results for cross platform security in removal of adware when manual procedures may not accurately provide security against a specific variant or fail to address a strain of malware entirely.

If you prefer a single point of reference and subsequent process of malware removal that involves a series of steps that may or may not resolve the problem that is entirely your prerogative, however there are enough posts on these forums that show the manual method is in no way superior when both solutions are offered or administered if you decided to investigate further and form your own opinion.

Hello Linc Davis,

I'm following your instructions from another, older thread about "deal top" popup ads. I'd be grateful if you could help me identify potential malware related files in my LaunchAgents and LaunchDaemons folders- some do seem suspect in the launchDaemons, but none (to me) in the other !

LaunchDaemons folder :

LaunchAgents folder :

Thank you very much,

Catilinochka

You installed one or more variants of the "VSearch" trojan. Please inactivate them as follows. This procedure will leave a few small files behind, but they have no effect, and trying to remove them all would be a lot more trouble than it's worth.

This malware has many variants. Anyone else finding this comment should not expect it to be applicable.

Back up all data before proceeding.

The VSearch variant that you have regenerates itself if you try to delete it while it's running. To remove it, you must first start up in safe mode to disable the malware temporarily.

Note: If FileVault is enabled in OS X 10.9 or earlier, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for other instructions.

While running in safe mode, triple-click anywhere in the line below on this page to select it:

/Library/LaunchDaemons

Right-click or control-click the line and select

          Services ▹ Open

from the contextual menu.* A folder named "LaunchDaemons" should open.

Inside that folder there are one or more items with a name that begins in the following way:

          com.apple.

There are also one or more items with a three-part name of this form:

          com.something.plist

where something is a meaningless string of letters, different in every case. Typical examples:

          com.semifasciaUpd.plist

          com.ubuiling.plist

Drag all such items to the Trash. You may be prompted for your administrator login password.

Restart the computer and empty the Trash.

Reset the home page in each of your web browsers, if it was changed. In Safari, first load the home page you want, then select

          Safari ▹ Preferences... ▹ General

and click

          Set to Current Page

If you use the Firefox and/or Chrome web browser, remove any extensions or add-ons that you don't know you need. If in doubt, remove all of them.

The malware is now permanently inactivated, as long as you never reinstall it. A few small files will be left behind, but they have no effect, and trying to find them all is more trouble than it's worth.

Thanks a lot, I'm not completely sure yet if it has worked, but so far I haven't seen any new "adtop" popups, and no new .plist files have appeared in my LaunchDaemons folder... I guess I'll see !

in any case thank you for your help,

Catilinochka