I somehow got the mackeeper download that downloaded the OS X pirrit? Ive used bit defender and malwarebytes (which doesn't find anything) but everytime i restart my mac its back. I can see it in my activity monitor i can use and it shows up as random things with random user each time. Could anyone PLEASE help me get rid of this?
Thanks softwater for your respond. Before I do what you said, I thought perhaps you can take a look at this screenshot from sophos. Could this be the information you want?
How do you find the Terminal.app you mention?
The solution for the Pirrit adware is very simple I have try it and it works ( I had the Pirrit adware).
- Steps to get rid of Pirrit adware:
-Create an account of Sophos Home Free Antivirus.
- Sing in to Sophos Home.
- Install Sophos Home for Mac.
- Run a full Scan.
- Sophos software will detect the pirrit adwar.
- Select it
- Click Clean.
You are now free of any pirrit adware. !
Have an amazing day!
<Personal Information Edited by Host>
Hi,
My Sophos has detected Pirrit but the 'clean up' button is greyed and the instruction said I have to clean it manually. Oh dear! I am not a tech savvy person, can someone please tell me how to go about it.
Pirrit is a sneaky little monkey and hides in different places; it also has the ability to choose random names.
However, it tends to drop folders with executables into /Library with lower case names. Sometimes it hides stuff in /etc, and sometimes it creates a hidden user on your mac. To effectively diagnose it, we're going to need to see all running processes.
To get an output of all running processes, first quit any unnecessary apps, but leave your browser running. Then, in the Terminal.app, copy and paste this line (click on three times to select it all):
ps -axo user,pid,ppid,%cpu,%mem,start,time,command | open -fBefore you post the results of that in a public forum, you may want to redact any user names, which will show up in the file paths. Although it may look meaningless to you, take a quick scan through the paths under the 'Command' column to make sure you're comfortable with what's its showing (e.g, if you were running some app that you didn't want to announce publicly in this forum, either quit that app before running the terminal command or redact it manually from the file).
When you're ready, select the entire contents of the text file, copy and paste them here.
gambeta22 wrote:
The solution for the Pirrit adware is very simple I have try it and it works ( I had the Pirrit adware).
- Steps to get rid of Pirrit adware:
-Create an account of Sophos Home Free Antivirus.
- Sing in to Sophos Home.
What if you have a bad voice?
Yes, that's Pirrit.
You can find Terminal in /Applications/Utilities folder.
I suspect Sophos won't clear those up for you because they require admin privileges. You can do it manually in the Finder.
1. Click on the Finder, then hold down Command-Shift-G
2. Write /Library in the Finder dialog and hit go.
3. Locate the folders called Jacky and troglodytismUpd
4. Drag them to the Trash, supplying an admin password. If you get a 'Can't move to the Trash because xxx is in use' message, then you'll need to search and kill those three processes in Activity monitor first (that's in /Application/Utilties too).
For the last, one, you'll need Terminal. Paste this into the Terminal window and hit 'return':
rm -rf /private/var/tmp/DemoUpdater
If you get a permission denied message, try
sudo rm -rf /private/var/tmp/DemoUpdater
and type an admin password.
If all that sounds like a bit of a nightmare, you can use DetectX to do this for you.
Reboot your mac after doing all this.
*Disclaimer: DetectX is a free utility written by myself. This post contains links to my website from which I may derive some form of compensation.
Hi softwater,
I did what you instructed and I did not have to use DetectX. Pirrit is now gone. Thank you so very very much. I really appreciate your making effort to write and show me how to go about it. God Bless You!
I would install Avast. It's a mac antivirus and it just found out about Pirrit. As soon as you get it, (it's free) I would do a full system scan. Antiviruses think other antiviruses are viruses, (even really bad ones like MacKeeper) and will delete them. BUT, before you do all that, I would install AppCleaner (https://freemacsoft.net/appcleaner/) and also re-install MacKeeper, since it leaves some files on your computer when you uninstall it, then search up MacKeeper in AppCleaner, and make sure you check every file. It worked for me, since I had these same problems before. Hope this helps! Bye!
install avast antivirus! i had pirrit and avast found all of these and quarantined them. and after that, no more ads!
Download and run MalwareBytes. Malwarebytes was developed by one of our own colleagues here in ASC. It gets rave reviews and is about the most proven anti-malware software for Mac.
I've downloaded it. MalwareBytes doesn't find anything.
Sorry I read-read your post.
That's because MacKeeper is an app, not technically malware but a very bad one. It can really mess with your OS.
Uninstall it and see if that stops it.
Instructions to remove MacKeeper
I've uninstalled the mackeeper but i still have this pirrit adware on my mac that won't go away. bit defender will find it and delete it but its back under something else when i restart my mac.
If Malwarebytes Anti-Malware for Mac did not take care of 'pirrit', open Malwarebytes again, click on HELP and from the drop down menu click on CONTACT SUPPORT.
Ciao.
How to get rid of pirrit adware PLEASE help
