How to get rid of PC Virus on Mac?
Hi.
I have a MacBook Pro running OSX 10.7.5. Today, Symantec Endpoint Protection scanned my computer and detected an infected file name xvidsetup.exe. I know that it was a virus named Bad-Sectors.3422 (x) that infected the file. The file was originally in my trash can. Upon detecting it, I deleted the file manually. When the scan was done, I tried to delete it from Symantec, but it did not let me. I am assuming that it didn't let me delete or repair the file because I had already gotten rid of the file. I was wondering if the file is permanently deleted and how to delete PC viruses in the future if I do get one.
Thanks.
First, note that your Mac cannot be infected with a PC virus. Deleting the file is all that is necessary, and even that is only necessary to avoid passing it on to others.
Second, Symantec has a proven history of not understanding the Mac. Their software has been known to cause problems, and their detection of Mac malware is not particularly good. See:
http://www.thesafemac.com/mac-anti-virus-testing-01-2013/
I would recommend removing that. Then read my Mac Malware Guide for information on protecting yourself against malware.
http://www.thesafemac.com/mmg
Similar Messages
-
Looking to find out how to get rid of ransomware on my mac pro running Lion???
I have a Mac pro running OS Lion v10.7.5 and now have ransomware and would like to figure out how to get rid of the ransomware. Would apprieciate any help.
RuAnLe wrote:
I have a Mac pro running OS Lion v10.7.5 and now have ransomware and would like to figure out how to get rid of the ransomware. Would apprieciate any help.
If you're seeing a message in your web browser that your Mac is infected with a virus, and given a phone number to call for help, you're being scammed. There is no virus. See:
Tech support scam pop-ups
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com, in the form of buttons allowing for donations. Donations are not required to use my site or software.) -
How to get ride of a virus on yosemite
Product: MacBook Pro (13-inch, Early 2011)
Processor: 2.3 GHz Intel Core i5
Memory: 4 GB 1333 MHz DDR3
Storage. 1 TB
Operating System: OS X Yosemite. 10.10
I had been downloading some software to try fix my android phone, and I'm positive that I download 1 or more virus. I was able to get rid of the adware. But since the download my computer has been running much more slowly, sometimes freezing all together.
Also just now I lost control of my mouse. The pointer started moving of it's own accord and opening other all kinds or programs and files. I immediately did a hard shutdown. It's back up and running but I expect I'll run into the problem again. At the time I was using a VPN connected to Malaysia.
How can I find and destroy any leftover viruses on my system?Start time: 17:29:21 03/20/15
Model Identifier: iMac12,1
System Version: OS X 10.10.2 (14C1510)
Kernel Version: Darwin 14.1.0
Time since boot: 7 minutes
SATA
WDC WD5000AAKS-402AA0
Bluetooth
Apple Wireless Keyboard
Apple Magic Mouse
Diagnostic reports
2015-02-25 com.apple.WebKit.WebContent hang
2015-03-01 PluginProcess crash
2015-03-01 com.apple.preference.network.remoteservice crash
2015-03-01 fontd crash x3
2015-03-11 callservicesd crash
Log
Mar 20 12:02:51 com.apple.CSConfigDotMacCert-EMAIL-SharedServices: Service setup event to handle failure and will not launch until it fires.
Mar 20 12:02:52 com.apple.xpc.launchd.domain.pid.om.apple.photostream-agent.1163: Path not allowed in target domain: type = pid, path = /Applications/iPhoto.app/Contents/Frameworks/PhotoFoundation.framework/Versions /A/XPCServices/com.apple.PhotoApps.DevicePropertyReader.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app
Mar 20 12:02:52 com.apple.xpc.launchd.domain.pid.om.apple.photostream-agent.1163: Path not allowed in target domain: type = pid, path = /Applications/iPhoto.app/Contents/Frameworks/PhotoFoundation.framework/Versions /A/XPCServices/com.apple.PhotoApps.DevicePropertyReader.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app
Mar 20 12:03:19 ALF: ifnet_get_address_list_family error 12
Mar 20 12:28:27 process com.avast.daemon[2016] thread 70950 caught burning CPU! It used more than 50% CPU (Actual recent usage: 50%) over 180 seconds. thread lifetime cpu usage 380.268364 seconds, (321.391081 user, 58.877283 system) ledger info: balance: 90007705008 credit: 380195510931 debit: 290187805923 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 176758503026
Mar 20 12:32:37 com.apple.xpc.launchd.domain.pid.MediaLibraryService.3007: Path not allowed in target domain: type = pid, path = /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iT unesLibraryService.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /System/Library/Frameworks/MediaLibrary.framework/Versions/A/XPCServices/com.ap ple.MediaLibraryService.xpc
Mar 20 12:32:37 com.apple.xpc.launchd.domain.pid.MediaLibraryService.3007: Path not allowed in target domain: type = pid, path = /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iT unesLibraryService.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /System/Library/Frameworks/MediaLibrary.framework/Versions/A/XPCServices/com.ap ple.MediaLibraryService.xpc
Mar 20 12:43:06 com.apple.xpc.launchd.domain.pid.MediaLibraryService.3035: Path not allowed in target domain: type = pid, path = /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iT unesLibraryService.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /System/Library/Frameworks/MediaLibrary.framework/Versions/A/XPCServices/com.ap ple.MediaLibraryService.xpc
Mar 20 12:43:06 com.apple.xpc.launchd.domain.pid.MediaLibraryService.3035: Path not allowed in target domain: type = pid, path = /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iT unesLibraryService.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /System/Library/Frameworks/MediaLibrary.framework/Versions/A/XPCServices/com.ap ple.MediaLibraryService.xpc
Mar 20 13:02:51 com.google.GoogleContactSyncAgent: Interval spawn of service failed: 139: Service cannot presently execute
Mar 20 13:11:38 com.apple.xpc.launchd.domain.pid.MediaLibraryService.3087: Path not allowed in target domain: type = pid, path = /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iT unesLibraryService.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /System/Library/Frameworks/MediaLibrary.framework/Versions/A/XPCServices/com.ap ple.MediaLibraryService.xpc
Mar 20 13:11:38 com.apple.xpc.launchd.domain.pid.MediaLibraryService.3087: Path not allowed in target domain: type = pid, path = /Library/Frameworks/iTunesLibrary.framework/Versions/A/XPCServices/com.apple.iT unesLibraryService.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /System/Library/Frameworks/MediaLibrary.framework/Versions/A/XPCServices/com.ap ple.MediaLibraryService.xpc
Mar 20 13:17:24 ALF: ifnet_get_address_list_family error 12
Mar 20 13:17:24 ALF: ifnet_get_address_list_family error 12
Mar 20 13:17:46 ALF: ifnet_get_address_list_family error 12
Mar 20 13:17:48 ALF: ifnet_get_address_list_family error 12
Mar 20 13:17:48 ALF: ifnet_get_address_list_family error 12
Mar 20 13:21:18 ALF: ifnet_get_address_list_family error 12
Mar 20 13:21:20 ALF: ifnet_get_address_list_family error 12
Mar 20 17:22:45 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)
Mar 20 17:23:09 com.apple.dpd: Service exited with abnormal code: 75
Mar 20 17:23:32 com.google.GoogleContactSyncAgent: Service setup event to handle failure and will not launch until it fires.
Mar 20 17:23:32 com.apple.CSConfigDotMacCert-EMAIL-SharedServices: Service setup event to handle failure and will not launch until it fires.
Mar 20 17:23:33 com.apple.xpc.launchd.domain.pid.om.apple.photostream-agent.617: Path not allowed in target domain: type = pid, path = /Applications/iPhoto.app/Contents/Frameworks/PhotoFoundation.framework/Versions /A/XPCServices/com.apple.PhotoApps.DevicePropertyReader.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app
Mar 20 17:23:33 com.apple.xpc.launchd.domain.pid.om.apple.photostream-agent.617: Path not allowed in target domain: type = pid, path = /Applications/iPhoto.app/Contents/Frameworks/PhotoFoundation.framework/Versions /A/XPCServices/com.apple.PhotoApps.DevicePropertyReader.xpc error = 147: The specified service did not ship in the requestor's bundle, origin = /Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app
kexts
com.avast.PacketForwarder (2.0)
com.avast.AvastFileShield (2.1.0)
Daemons
com.avast.uninstall
com.avast.daemon
com.kodak.aio.kcpconnector
com.avast.update
com.apple.installer.osmessagetracing
com.avast.proxy
com.avast.service
com.avast.fileshield
com.avast.account
com.adobe.fpsaud
com.avast.crashreport
com.avast.init
Agents
com.google.GoogleContactSyncAgent
com.avast.home.userinit
com.avast.userinit
com.avast.helper
com.apple.photostream-agent
com.kodak.BonjourAgent
com.kodak.KODAK
com.avast.update-agent
com.apple.FolderActions.folders
com.apple.AirPortBaseStationAgent
com.kodak.KODAK
com.apple.CSConfigDotMacCert-EMAIL-SharedServices
dylibs
/Library/Application Support/Avast/components/proxy/certutil/libfreebl3.dylib
/Library/Application Support/Avast/components/proxy/certutil/libnspr4.dylib
/Library/Application Support/Avast/components/proxy/certutil/libnss3.dylib
/Library/Application Support/Avast/components/proxy/certutil/libnssdbm3.dylib
/Library/Application Support/Avast/components/proxy/certutil/libnssutil3.dylib
/Library/Application Support/Avast/components/proxy/certutil/libplc4.dylib
/Library/Application Support/Avast/components/proxy/certutil/libplds4.dylib
/Library/Application Support/Avast/components/proxy/certutil/libsmime3.dylib
/Library/Application Support/Avast/components/proxy/certutil/libsoftokn3.dylib
/Library/Application Support/Avast/components/proxy/certutil/libssl3.dylib
/Library/Application Support/Avast/lib/libcrypto.1.0.0.dylib
/Library/Application Support/Avast/lib/libprotobuf-lite.8.dylib
/Library/Application Support/Avast/lib/libssl.1.0.0.dylib
/Library/Application Support/Visan/plugins/PPLauncher-1.3.0.12842.dylib
/Users/USER/Library/Application Support/Google/Chrome/WidevineCDM/1.4.7.771/_platform_specific/mac_x64/libwidev inecdm.dylib
App extensions
com.apple.iTunes.today.TodayExtension
Contents of /etc/sysctl.conf (checksum 2295721791)
kern.sysv.shmall=65536
kern.sysv.shmmax=268435456
kern.sysv.shmmni=64
kern.sysv.shmseg=64
Contents of /Library/LaunchAgents/com.avast.update-agent.plist (checksum 4192623169)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.avast.update-agent</string>
<key>Program</key>
<string>/Library/Application Support/Avast/components/update/com.avast.update-agent</string>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.avast.userinit.plist (checksum 84920623)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.avast.userinit</string>
<key>Program</key>
<string>/Library/Application Support/Avast/hub/userinit.sh</string>
<key>KeepAlive</key>
<false/>
<key>RunAtLoad</key>
<true/>
<key>AbandonProcessGroup</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.kodak.BonjourAgent.plist (checksum 2625351456)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Kodak Version</key>
<string>7.1.6.10</string>
<key>Label</key>
<string>com.kodak.BonjourAgent</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Printers/Kodak/AiO_Printers/KodakAiOBonjourAgent.app/Contents/ MacOS/KodakAiOBonjourAgent</string>
</array>
<key>ServiceIPC</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.avast.init.plist (checksum 17654464)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>AbandonProcessGroup</key>
<true/>
<key>Label</key>
<string>com.avast.init</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Avast/hub/init.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.avast.uninstall.plist (checksum 3425227779)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<dict>
<key>PathState</key>
<dict>
<key>/Applications/Avast.app</key>
<false/>
</dict>
</dict>
<key>AbandonProcessGroup</key>
<true/>
<key>Label</key>
<string>com.avast.uninstall</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Avast/hub/autouninstall.sh</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
...and 3 more line(s)
Contents of /Library/LaunchDaemons/com.avast.update.plist (checksum 3870293393)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>AbandonProcessGroup</key>
<true/>
<key>Label</key>
<string>com.avast.update</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Avast/components/update/update.sh</string>
</array>
<key>StartInterval</key>
<integer>600</integer>
<key>ThrottleInterval</key>
<integer>10800</integer>
<key>RunAtLoad</key>
<false/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
...and 1 more line(s)
Contents of /Library/LaunchDaemons/com.kodak.aio.kcpconnector.plist (checksum 1722687283)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Kodak Version</key>
<string>1.0.8.0</string>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.kodak.aio.kcpconnector</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Printers/Kodak/CloudPrinting/KCPConnector</string>
<string>-d</string>
</array>
<key>ServiceIPC</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.apple.CSConfigDotMacCert-EMAIL-SharedServices.Agent.pl ist (checksum 2871207185)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>Label</key>
<string>com.apple.CSConfigDotMacCert-EMAIL-SharedServices</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>LowPriorityIO</key>
<true/>
<key>Nice</key>
<integer>10</integer>
<key>ProgramArguments</key>
<array>
<string>/System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices .framework/Versions/A/Support/CSConfigDotMacCert</string>
<string>-l</string>
<string>/Users/USER/Library/Logs/CSConfigDotMacCert.log</string>
<string>-u</string>
<string>EMAIL</string>
<string>-t</string>
<string>SharedServices</string>
<string>-s</string>
</array>
...and 4 more line(s)
Contents of Library/LaunchAgents/com.apple.FolderActions.folders.plist (checksum 1189540302)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.FolderActions.folders</string>
<key>Program</key>
<string>/usr/bin/osascript</string>
<key>ProgramArguments</key>
<array>
<string>osascript</string>
<string>-e</string>
<string>tell application "Folder Actions Dispatcher" to tick</string>
</array>
<key>WatchPaths</key>
<array/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.avast.home.userinit.plist (checksum 4037685755)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.avast.home.userinit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Avast/hub/userinit.sh</string>
</array>
<key>KeepAlive</key>
<false/>
<key>RunAtLoad</key>
<true/>
<key>AbandonProcessGroup</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.google.GoogleContactSyncAgent.plist (checksum 2135155192)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.google.GoogleContactSyncAgent</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/System/Library/PrivateFrameworks/GoogleContactSync.framework/Versions/ A/Resources/gconsync</string>
<string>--sync</string>
<string>com.google.ContactSync</string>
<string>--periodic</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>3600</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/com.google.keystone.agent.plist (checksum 72695614)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.google.keystone.user.agent</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>
<string>-runMode</string>
<string>ifneeded</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>3523</integer>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Contents of Library/LaunchAgents/com.kodak.StatisticCollection.plist (checksum 3132310684)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.kodak.StatisticCollection</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Printers/Kodak/AiO_Printers/KodakStatisticsCollection</string>
<string>-s</string>
</array>
</dict>
</plist>
Global login items
/Applications/Nikon Software/Nikon Message Center 2/Nikon Message Center 2.app/Contents/SharedSupport/Launch Nikon Message Center 2.app
/Library/Application Support/ArcSoft/Connect Service/ConnectService.app
Firewall: On
Nets
en0 192.168.1
en1 192.168.1
Listeners
cupsd: ipp
Wi-Fi
link auth: none
User login items
Garmin Express Service
- /Applications/Garmin Express.app/Contents/Library/LoginItems/Garmin Express Service.app
iTunesHelper
- missing value
Safari extensions
1-ClickWeather
- com.twci.safari.oneclickweather
AdBlock
- com.betafish.adblockforsafari
Add To Amazon Wish List
- com.amazon.safari.wishlist
Better Facebook
- net.betterfacebook
GoldenBoy
- com.gold.safari
My eBay Manager
- com.ebay.safari.myebaymanager
Restricted files: 311
Lockfiles: 46
Elapsed time (s): 398 -
How to get rid of redirect virus?
I get random redirects when I open webpages, how do I get rid of these?
hello danimini, the browser protect addon is malicious - please go to ''firefox > addons > extensions'' & remove/disable it. also go to the windows control panel / programs and remove any similar named software and other suspicious entries from there (toolbars or potentially unwanted software, things you have not installed intentionally or don't know what purpose they serve).
also run a full scan of your system with security tools like the [http://www.malwarebytes.org/products/malwarebytes_free free version of malwarebytes] & [http://www.bleepingcomputer.com/download/adwcleaner/ adwcleaner].
[[Remove a toolbar that has taken over your Firefox search or home page]]
afterwards install the search reset addon - it will revert the most common customizations those adware programs do in firefox back to the default: https://addons.mozilla.org/firefox/addon/searchreset/ -
How to get rid of Mallware on my Mac
I did click on a video supposedly sent by a friend on my Facebook. It was a virus. Now I have Malware on my Mac. How do I get rid of it?
Please post a screenshot that shows what you mean. Be careful not to include any private information.
Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply. -
How to get rid of cinema ads off mac
I downloaded something that now places a little green icon next to words and says "Ads by Cinema +" How do I get rid of this? Thank you!
Helpful Links Regarding Malware Problems
If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide, AdwareMedic, or Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support.
Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.
The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.
Fix Some Browser Pop-ups That Take Over Safari.
Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.
Quit Safari
Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.
Relaunch Safari
If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.
This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.
An excellent link to read is Tom Reed's Mac Malware Guide.
Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
See these Apple articles:
Mac OS X Snow Leopard and malware detection
OS X Lion- Protect your Mac from malware
OS X Mountain Lion- Protect your Mac from malware
OS X Mavericks- Protect your Mac from malware
About file quarantine in OS X
If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.) -
How to get rid of someone else's MAC ID on my computer and iphone
Hello Everyone,
I have not yet been able to register my apple computer (notebook), which i bought now a few years back. Trouble is that a person who was house/cat sitting for me, must have used my computer without my permision and now his email shows up everytime i try to do anything using my apple iD. I can't get rid of his ID in my computer's memory, whenever i need to insert my apple ID. How do I get rid of his email address and see mine? I logged out and back into my account, but that didn't help. I reset my password, but still his ID keeps coming up, and, as i don't know his password (obviously) I can't get rid of it.
Now this has contaminated my G4 and I can't get into itunes and therefore can only use my G4 as a telephone. Can't do anything more with it than i could do on my (cheapest available) phone.
I am absolutely blocked, can't register either my G4 or my apple notebook and can't buy any apps or use itunes on my G4.
Any help in gtting rid of this person's ID would be well received.
The other problem is that this person is a confidence trickster (obviously i didn't know it at the time) and i am worried he can hack into my computer, use my network etc.
Regards
MarySign out of iTunes & App Store and sign in with the correct Apple ID.
Settings>iTune & App Store>Apple ID>Sign out -
How to get rid of scroll bars in Mac OS X Lion?
I have been using the magic mouse with lion on my iMac since I got it. Today I got a new mouse, a logitech M510. After using the mouse I noticed that the scroll bars came back permanently. I actually liked having the scroll bars dissapear when not using them, it made everything look much cleaner. How would I go about getting rid of them? Any help will be greatly appreciated.
system preferences>general>adjust settings as desired.
-
How to get rid of genieo tool from mac?
I cannot get rid of genieo from safari. I have change the preferences on safari. It doesnt appear when I open safari but if i am searching for something it comes as my default search browser
There is an uninstaller, but as the developer is not trustworthy, you shouldn't rely on it. I suggest the tedious procedure below to disable Genieo.
Back up all data. You must know how to restore from a backup even if the system becomes unbootable. If you don't know that, stop here and ask for guidance.
Quit the Genieo application, if it's running. Force quit if necessary.
Triple-click anywhere in the line below on this page to select it:
/etc/launchd.conf
Right-click or control-click the line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.
If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar, paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.
A folder may open with a file selected, or the file may be absent, in which case you'll get a message that it doesn't exist. If it does exist, it's a configuration file created or replaced by the Genieo installer. Any software installer that does this should be considered ipso facto malware. Move the file to the Trash. You'll be prompted for your administrator password.
IMPORTANT: If the launchd.conf file exists, you must move it to the Trash it before continuing. Otherwise the systemwill become unbootable. In that case, restore from your backup and start over. That's how badly Genieo has sabotaged your system.
Repeat with each of these lines:
/Applications/Genieo.app
/Applications/Uninstall Genieo.app
/Library/Frameworks/GenieoExtra.framework
/Library/LaunchAgents/com.genieo.engine.plist
/Library/LaunchAgents/com.genieoinnovation.macextension.plist
/Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist
/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
/usr/lib/libgenkit.dylib
/usr/lib/libimckit.dylib
/usr/lib/libimckitsa.dylib
Again, some of these items may be absent, in which case you'll get a message that the file doesn't exist. Skip that item and go on to the next one.
Reboot and empty the Trash. Don't try to empty the Trash until you have rebooted.
Your web browser(s) should now function normally, and you should be able to reset the home page and search engine. If not, stop here and post your results.
From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall any extensions you don't know you need, including one called "Spigot" if it's present. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
The Genieo installer may also install the "Silverlight" web plugin from Microsoft. If you have no use for that plugin, you can remove it according to Microsoft's instructions. Don't remove it if you subscribe to "Netflix" or any other video-streaming service that uses it.
This procedure may leave a few files behind, but it should deactivate Genieo. Make sure you don't repeat the mistake that led you to install it. Chances are you got it from one of the Internet's open sewers such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad embedded in a page on some other site.
Finally, be forewarned that when Genieo is mentioned on this site, the developer sometimes shows up under the name "Genieo support." If that happens, don't believe anything he says, but feel free to tell him what you think of his scam. -
Please help it's getting really annoying and it's hard to do things on my phone when it freaks out and go all over the place.
superjedishadow wrote:
i wasnt saying that there were any viruses made to date, im just saying that a virus could be made for it
No one's been able to do that yet. And people a lot smarter than you (and me) have tried.
The basic way malware works is that it runs a program on the device. However, the iOS does not allow any program to be downloaded or installed onto the device, unless they are from the App Store. And Apple thoroughly checks all apps submitted by app-developers before allowing them onto the App Store.
In essence, imagine that there is a fortress that has absolutely only one entrance; a guarded front gate. And the guards will only let in people that have proper identification. Without that identification, they will not open the gate.
The fortress is the iOS device. The guards are the operating system. The identification is the App Store.
You didn't come from the App Store? Then you can't come in. It's as simple as that. -
How to get rid of adware on my mac?
When on line with Safari or Chrome I am plagued by intrusive pop up tabs!
There is no need to download anything to solve this problem. You may have installed a variant of the "VSearch" ad-injection malware.
Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
/Library/LaunchDaemons
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder named "LaunchDaemons" may open. Look inside it for a file with a name of the form
com.something.daemon.plist
Here something is a variable word, which can be different in each case. It could be "cloud," "dot," "highway," "submarine," "trusteddownloads," or pretty much anything else.
There may also be a file named
com.something.helper.plist
in the same folder.
Leave the LaunchDaemons folder open, and open the following folder in the same way:
/Library/LaunchAgents
In this folder, there may be a file named
com.something.agent.plist
where the word something is exactly the same as before.
If you feel confident that you've identified these three files, back up all data, then drag the three files you found to the Trash. You may be prompted for your administrator login password. Close the windows and restart the computer.
Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.
The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.
Open this folder:
/Library/Application Support
If it has a subfolder named just
something
(where something is the same word as before), drag that subfolder to the Trash and close the window.
Don't delete the "Application Support" folder or anything else inside it.
Finally, in this folder:
/System/Library/Frameworks
there may an item named exactly
v.framework
It's actually another folder, though it has a different icon. Drag it to the Trash and close the window.
Don't delete the "Frameworks" folder or anything else inside it.
If you didn't find the files or you're not sure about the identification, post what you found.
If in doubt, or if you have no backups, change nothing at all.
The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Then, still in System Preferences, open the App Store or Software Update pane and check the box marked
Install system data files and security updates (OS X 10.10 or later)
or
Download updates automatically (OS X 10.9 or earlier)
if it's not already checked. -
How to get rid of pop-ups on my macBook air?
One of my roommates recently downloaded torrent on my macbook air to watch a movie, and since then I have been experiencing popups every time I open a new page on safari. Also, my search engine has switched to something known as search-quick? I've tried a few different mac detox sites to no avail. Very frustrated. Any suggestions on how to get rid of this "virus" and pop-ups would be much appreciated!
There is no need to download anything to solve this problem. You may have installed a variant of the "VSearch" ad-injection malware.
Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
The VSearch malware tries to hide itself by varying the names of the files it installs. To remove it, you must first identify the naming pattern.
Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
/Library/LaunchDaemons
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder named "LaunchDaemons" may open. Look inside it for two files with names of the form
com.something.daemon.plist
and
com.something.helper.plist
Here something is a variable word, which can be different in each case. So far it has always been a string of letters without punctuation, such as "cloud," "dot," "highway," "submarine," or "trusteddownloads." Sometimes the word is "apple," and then you must be especially careful not to delete the wrong files, because many built-in OS X files have similar names.
If you find these files, leave the LaunchDaemons folder open, and open the following folder in the same way:
/Library/LaunchAgents
In this folder, there may be a file named
com.something.agent.plist
where the word something is the same as before.
If you feel confident that you've identified the above files, back up all data, then drag just those three files—nothing else—to the Trash. You may be prompted for your administrator login password. Close the Finder windows and restart the computer.
Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.
The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.
Open this folder:
/Library/Application Support
If it has a subfolder named just
something
where something is the same word you saw before, drag that subfolder to the Trash and close the window.
Don't delete the "Application Support" folder or anything else inside it.
Finally, in this folder:
/System/Library/Frameworks
there may an item named exactly
v.framework
It's actually a folder, though it has a different icon than usual. This item always has the above name. Drag it to the Trash and close the window.
Don't delete the "Frameworks" folder or anything else inside it.
If you didn't find the files or you're not sure about the identification, post what you found.
If in doubt, or if you have no backups, change nothing at all.
The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Then, still in System Preferences, open the App Store or Software Update pane and check the box marked
Install system data files and security updates (OS X 10.10 or later)
or
Download updates automatically (OS X 10.9 or earlier)
if it's not already checked. -
I've got OSX/Genieo.A virus on my mac and don't know how to get rid of it and why I have it
I've got OSX/Genieo.A virus on my mac and don't know how to get rid of it and w I have it
There is no need to download anything to solve this problem.
You installed the "Genieo" malware. The product is a fraud, and the developer knowingly distributes an uninstaller that doesn't work. I suggest the procedure below to disable Genieo. This procedure may leave a few small files behind, but it will permanently deactivate the malware (as long as you never reinstall it.)
Malware is always changing to get around the defenses against it. These instructions are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
Back up all data before proceeding.
Step 1
Triple-click anywhere in the line below on this page to select it:
/Library/Frameworks/GenieoExtra.framework
Right-click or control-click the line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.
If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder should open with an item named "GenieoExtra.framework" selected. Move that item to the Trash. You'll be prompted for your administrator password.
Move each of these items to the Trash in the same way:
/Applications/Genieo.app
/Applications/Reset Search.app
/Applications/Uninstall Genieo.app
/Library/LaunchAgents/com.genieo.completer.update.plist
/Library/LaunchAgents/com.genieo.engine.plist
/Library/LaunchAgents/com.genieoinnovation.macextension.plist
/Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist
/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
/usr/lib/libgenkit.dylib
/usr/lib/libgenkitsa.dylib
/usr/lib/libimckit.dylib
/usr/lib/libimckitsa.dylib
~/Library/Application Support/com.genieoinnovation.Installer
~/Library/LaunchAgents/com.genieo.completer.download.plist
~/Library/LaunchAgents/com.genieo.completer.update.plist
If there are other items with a name that includes "Genieo" or "genieo" alongside any of those listed above, move them as well. Some of these items will be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
Restart and empty the Trash. Don't try to empty the Trash until you have restarted.
Step 2
From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall any extensions you don't know you need, including ones called "Genieo" or "Omnibar," and any that have the word "Spigot" or "InstallMac" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
Your web browser(s) should now be working, and you should be able to reset the home page and search engine. If not, stop here and post your results.
Make sure you don't repeat the mistake that led you to install this trojan. Chances are you got it from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad has a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If youever download a file that isn't obviously what you expected, delete it immediately.
You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that this Internet criminal has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
Finally, be forewarned that when Genieo is mentioned on this site, the attacker sometimes shows up under the name "Genieo support." He will tell you to run a fake "uninstaller." As he intends, the uninstaller does not completely remove the malware, and is in fact malware itself. -
How to get rid of the java update virus?
Everytime i go on a web page something pops up saying to install Java Runtime Environment in order to web content and it gives me the option to click more info (to go to the page to download the Java Runtime Environment) OR ok. Before i clicked ok until it continued to pop and and began to annoy me so i decided to install it. It still pops up and won't go away. I found out it is a virus and i don't know how to get rid of it.
PLEASE HELP!Most likely, you have a web plugin that depends on the Java runtime distributed by Apple, such as the Facebook video calling plugin or the "NexDef" plugin for watching baseball streams. If you no longer need the plugin, remove it. Otherwise, install Java.
-
Hi, I have this green mark (with pointing arrow looks like a link) on some words show on my window screen when I open a web page, I wonder if it is a virus link or such. Need help how to get rid of it. Here's the example:
WING
GAMES
MAJORITY
ThanksIf the third link you posted (the link containing the word "majority") does not look like the following then you inadvertently installed adware.
That particular page should resemble the following:
The word "majority" in the third paragraph should not be a link and should not have the green icon associated with it.
To learn how this may have occurred, and how to prevent it from occurring in the future, read How to install adware
Most so-called "news" websites are nothing more than entertainment outlets that cater to prurient interests, and contain advertisements that leave the user about three clicks away from installing junk. If you decide to frequent those websites, Safari's "Reader" feature helps minimize that exposure.
Try it:
Maybe you are looking for
-
How can we prepare the PDC Cheques from SAP?
Hi, How can we prepare the PDC Cheques from SAP? tx Bharat
-
My MBP after the Lion upgrade takes 1 minute to put something usable on screen and without doing anything else the HD is active for another minute. I have visited the Genius bar where they went through some maintenance routines and permissions repair
-
Automatic Global Activity: Obtain instance vars from "BusinessProcess"
Hi, I need obtain instance vars from BusinessProcess, but i can't find the method for this operation. Can some one give me answers about this problem? Thank you...
-
I suddenly keep getting "Adobe Shockwave" folder popping up on my desktop. It pops up at least 3 or 4 times a day. In the folder there is "Shockwave Installer Full Pkg" and "Shockwave Uninstaller app" I don't know where it came from or whether I shou
-
Assigning Work Center to Operatios?
HI, I Create two operators, named op1 and op2, and they are in the same Workcenter. I assign a SFC named sfc001 to op1, But if I login use op2 account, op2 can to start and complete with sfc001? is it normal condition? or someone have another solut