A
You installed one or more variants of the "VSearch" trojan. Please inactivate them as follows. This procedure will leave a few small files behind, but they have no effect, and trying to remove them all would be a lot more trouble than it's worth.
This malware has many variants. Anyone else finding this comment should not expect it to be applicable.
Back up all data before proceeding.
The VSearch variant that you have regenerates itself if you try to delete it while it's running. To remove it, you must first start up in safe mode to disable the malware temporarily.
Note: If FileVault is enabled in OS X 10.9 or earlier, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for other instructions.
While running in safe mode, load this web page and then triple-click anywhere in the line below to select it:
/Library/LaunchDaemons
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return.
A folder named "LaunchDaemons" will open. Press the key combination command-2 to select list view, if it's not already selected.
There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. Please don't skip this step. Files that belong to an instance of VSearch will have the same modification time to within a few minutes, so they will be clustered together when you sort the folder this way, making them easy to identify.
Inside that folder there are one or more items with a name that begins like this:
com.apple.
There are also one or more items with a three-part name of this form:
com.something.plist
and of this form:
com.something.net-preferences.plist
where something is a meaningless string of letters, different in every case. Typical examples:
com.hemolymphatic.net-preferences.plist
com.semifasciaUpd.plist
com.ubuiling.plist
Drag all such items to the Trash. You may be prompted for your administrator login password.
Restart the computer and empty the Trash.
Reset the home page in each of your web browsers, if it was changed. In Safari, first load the home page you want, then select
Safari ▹ Preferences... ▹ General
and click
Set to Current Page
If you use the Firefox and/or Chrome web browser, remove any extensions or add-ons that you don't know you need. If in doubt, remove all of them.
If you're not sure whether a file is part of the malware, order the folder contents by modification date, not by name. The malware files will be clustered together. There could be more than one such cluster. A file dated years in the past is not part of the malware. A file dated right in the middle of an obviously malicious cluster is almost certainly also malicious.
If the files come back after you have deleted them, or if they're replaced by others with similar names, then either you didn't start up in safe mode or you didn't get all of them. Try again.
B
The "Malwarebytes" product failed to remove the malware. That's what you should always expect from such products: failure. I suggest that you remove it according to its developer's instructions and never install any "anti-malware" or "anti-virus" software again. Relying on such software for your security is a dangerous mistake. Security lies in safe computing practices, not in software. Ask if you want guidance.
C
"CleanMyMac" is a scam and a common cause of instability and poor performance. Depending on what version you have, the developer's instructions may not completely remove it. Please follow those instructions, then do as below.
Back up all data before proceeding.
Triple-click anywhere in the line below on this page to select it:
/Library/LaunchDaemons/com.macpaw.CleanMyMac3.Agent.plist
Right-click or control-click the highlighted line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.* A folder may open with an item selected. If it does, move the selected item to the Trash. You may be prompted for your administrator login password.
Repeat with this line:
/Library/PrivilegedHelperTools/com.macpaw.CleanMyMac3.Agent
Restart the computer and empty the Trash.
You may also have to remove one or more of these items in the same way:
~/Library/LaunchAgents/com.macpaw.CleanMyMac.helperTool.plist
~/Library/LaunchAgents/com.macpaw.CleanMyMac.volumeWatcher.plist
~/Library/LaunchAgents/com.macpaw.CleanMyMac3.Scheduler.plist
Never again install "CleanMyMac" or anything like it.
*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return.
