I can't get rid of an unknown virus

Hi, I believe I have some sort of unknown adware virus on my mac so I don't know how to get rid of it. The symptom is a generally constant one: when I click on something (anything) on the website I am on, a new tab opens up with ads. It is the ads which change: the ones I've seen several times are terdir.com and MacKeeper ads. Does anyone have any suggestions? Also, I've tried searching for those two things in my files and all but haven't found anything at all. Thanks in advance.

I've seen this before but I'm a bit unsure of these kind of things. Is it really trustworthy? But thanks anyway for the answer, I'll probably try it anyway.

Similar Messages

  • "Show in Mail" link in To-Dos - can't get rid of, like a virus

    Hello!
    I use To-Dos in iCal intensively.
    But strange thing started to happen - all my To-Dos magically get "Show in Mail" link in URL field.
    When I enter a new To-Do - everything is fine,
    but after a couple of days "Show in Mail" link sticks to it again.
    (This link takes you to nowhere).
    And I can't get rid of it any other way then just by deleting "infected" To-Do.
    Please help.

    I think I've got it fixed....I "reset" my mail program, I deleted my mailbox then re-created it and I'm all set for now.

  • Can't get rid of text enhance virus

    text enhance is doing my head in.
    I've disabled every extension, cleared the cookies, but it will not go away.
    The only extensions I have are:
    adban 2.3.1
    adblock plus 2.6.3
    norton toolbar 2014.7.3.12
    norton vulnerability protection 12.2.0.5 - 1
    updated adblocker for firefox 110.7.7
    webmail adblocker 4.25
    Please help, almost every word on every page is affected by this virus and I'm about to throw my laptop out the window.
    Regards, Alan

    Create a new profile as a test to check if your current profile is causing the problems. <br>
    See '''Creating a profile''':
    *https://support.mozilla.org/kb/profile-manager-create-and-remove-firefox-profiles
    *http://kb.mozillazine.org/Standard_diagnostic_-_Firefox#Profile_issues
    If the new profile works then you can transfer files from a previously used profile to the new profile, but be cautious not to copy corrupted files to avoid carrying over the problem <br>
    '''Profile Backup and Restore'''
    *http://kb.mozillazine.org/Profile_backup
    *https://support.mozilla.org/en-US/kb/back-and-restore-information-firefox-profiles
    *http://kb.mozillazine.org/Transferring_data_to_a_new_profile_-_Firefox

  • How can I get rid of a possible virus

    Im pretty sure I have a virus on my Mac pro for this following reasons: 1 when I click something on the web page it opens another browser not pertaining from the website. My computer runs really slow even though I have 400 and some gb still. As of today I cant even use my safari or chrome because it's not connecting to the Internet or doesnt load the page. What do you guys recomend ?

    Check the links below for options to remove the Adware.
    The Easy, safe, effective method:
    http://www.adwaremedic.com/index.php
    If you are comfortable doing manual file removals use the somewhat more difficult method:
    http://support.apple.com/en-us/HT203987
    Also read the articles below to be more prepared for the next time there is an issue on your computer.
    https://discussions.apple.com/docs/DOC-7471
    https://discussions.apple.com/docs/DOC-8071

  • How can I get rid of the bizzclick virus?

    When I look for something on Google, a whole list of sites comes up, but when I click on a site, I'm redirected to another site instead. I understand that this is called bizz click redirect virus and it happens mostly when using Mozilla.

    http://news.bizzclick.com/2011/11/bizzclick-redirect-virus/

  • An unknown excel file has appeared on my desktop. It cannot be deleted and I cannot get any information about it. Is this malware?  How can I get rid of it?

    An unknown excel file has appeared on my desktop. It cannot be deleted and I cannot get any information about it.
    Is this malware?  How can I get rid of it?

    Hello Jeff,
    Thanks very much for your reply.  I looked over the article you mentioned, but I have tried all of these methods, but only get the response "The item “29394D00” can’t be moved to the Trash because it can’t be deleted."  Similarly, I cannot Get Info on the file.  This is why I'm so concerned, it just appeared on my desktop, but I cannot touch it, or open it or delete it...
    If you have any more tricks up your sleeve, I'd love to hear about them...
    Derek

  • Launchpad displaying unknown files and icons. how can i get rid of this?

    Launchpad on my 3 week old 13inch macbook pro with OS Lion, is displaying all sorts of strange files and icons, some of which include: disk image mounter, dock,  how can I get rid of this? ods agent, 50onPaletteServer, spotlight.service, SCIM, TCIM, makePDF, PressAndHold, MassStorageCamera- to name but a few! Theres over 100 of these icons and I have no idea what they are and where they came from? whilst using googlechrome yesterday my macbook suddenly slowed down and all running programmes froze. i eventually got all programmes closed and restarted twice and was still running slow. Today it is up to normal speed but I noticed how Launchpad is totally messed up and I dont know how to get rid or move any of these icons, that is if they are even meant to be there. Im not sure if it is relevant but I shall also add that the Hard Disk Icon was randomly being displayed on my desktop as well.
    Any help on whats happening to my launchpad and what these icons are would be greatly appriciated.
    Thanks, Beth.

    I will also add that none of these icons exist when I view my applications folder in Finder.

  • Can't get rid of a TX - message keeps appearing and being processed by OSB

    I have some sort of a poison message or TX I can't flush. Every 10 seconds I get a log message like the second one below, and the number of pending messages in multiple places and OSB proxy service messages processed keep climbing - all without producing any new messages on my part. I've tried deleting the default server store on the OSB managed server and the filestore for the JMS server. No luck.
    When this first started happening, the error messages looked like the first one below. Something I did caused the change, I assume. However, it's the same TX ID throughout.
    So, first, how can I get rid of this thing? It's driving me nuts and keeping me from closing out a POC.
    Second, why is it happening? I have one suspicion - could it be because that somehow we configured mutiple domains with the same name for a distributed application? It's not my normal practice but it happened. These domains don't communicate directly, but there are domains that need to communicate with both. So I'm guessing the name ambiguity may be hurting us. Just a guess, though.
    In this case, the sgosb domain's proxy service (this domain name is unique) is receiving messages from a queue resident in the pega_domain in Singapore and another proxy service is putting a message to another queue in the pega_domain in the UK. This is not in a single TX; the first proxy service forwards the message to a queue in the sgosb_domain, the second proxy service gets that message and puts it into the other pega_domain. It's an XA TX for each proxy service.
    Just to make it more fun, the sgosb_domain has another proxy service reading from a different queue and forwarding it to a queue in the third pega_domain in the US.
    TIA for any help or insight.
    Oh yes, the OSB domain is WLS 10.3.4, while the pega_domains are WLS 10.3.2
    Original error message
    ####<Apr 13, 2011 4:32:13 AM GMT> <Error> <EJB> <sg01app510> <sgosb_1> <[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'>
    <<anonymous>> <> <92f54a30d60e6302:-4b6d523c:12f4cfeaabc:-8000-0000000000000123> <1302669133597> <BEA-010026> <Exception occurred during commit of
    transaction Xid=BEA1-039B0B6D3D0E77C1B135(1898471720),Status=Rolled back. [Reason=Unknown],numRepliesOwedMe=0,numRepliesOwedOthers=0,seconds since
    begin=0,seconds left=600,XAServerResourceInfo[WLStore_pega_domain_ProcessEventJMS_Store_mgd1]=(ServerResourceInfo[WLStore_pega_domain_ProcessEventJMS_Store_mgd1]=
    (state=new,assigned=none),xar=null,re-Registered = false),SCInfo[sgosb_domain+sgosb_1]=(state=rolledback),SCInfo[pega_domain+pega_1]=(state=rolledback),properties=
    ({}),OwnerTransactionManager=ServerTM[ServerCoordinatorDescriptor=(CoordinatorURL=sgosb_1+152.64.128.243:22110+sgosb_domain+t3+, XAResources={eis/tibjms/Topic,
    WLStore_sgosb_domain_FileStore_auto_1, eis/aqjms/Queue, eis/wls/Queue, eis/tibjms/Queue, WLStore_sgosb_domain__WLS_sgosb_1, eis/AQ/aqSample, eis/aqjms/Topic,
    eis/pramati/Queue, eis/sunmq/Queue, WLStore_sgosb_domain_WseeFileStore_auto_1, WLStore_sgosb_domain_MesssageForwardingJMS_Store_mgd1,
    WSATGatewayRM_sgosb_1_sgosb_domain, eis/jbossmq/Queue, eis/activemq/Queue, eis/fioranomq/Topic, eis/tibjmsDirect/Topic, eis/wls/Topic,
    eis/tibjmsDirect/Queue, eis/Apps/Apps, eis/webspheremq/Queue},NonXAResources={})],CoordinatorURL=pega_1+nj09mhm5078:22111+pega_domain+t3+):
    javax.transaction.RollbackException: This transaction does not exist on the coordinating server.  It was probably rolled back and forgotten.
            at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
            at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:223)
            at weblogic.transaction.internal.CoordinatorImpl_1032_WLStub.commit(Unknown Source)
            at weblogic.transaction.internal.TransactionImpl$1.run(TransactionImpl.java:331)
            at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
            at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
            at weblogic.transaction.internal.SecureAction.runAction(SecureAction.java:72)
            at weblogic.transaction.internal.TransactionImpl.commit(TransactionImpl.java:327)
            at weblogic.transaction.internal.ServerTransactionImpl.internalCommit(ServerTransactionImpl.java:252)
            at weblogic.transaction.internal.ServerTransactionImpl.commit(ServerTransactionImpl.java:239)
            at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:553)
            at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:424)
            at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:326)
            at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
            at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
            at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
            at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
            at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
            at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
            at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
            at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
    Caused by: javax.transaction.RollbackException: This transaction does not exist on the coordinating server.  It was probably rolled back and forgotten.
            at weblogic.transaction.internal.CoordinatorImpl.commit(CoordinatorImpl.java:94)
            at weblogic.transaction.internal.CoordinatorImpl_WLSkel.invoke(Unknown Source)
            at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
            at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
            at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
            at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
            at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
            at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
            at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
            at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    The error message I'm getting now
    ####<Apr 13, 2011 4:51:38 AM GMT> <Error> <EJB> <sg01app510> <sgosb_1> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <>
    <92f54a30d60e6302:-42808c28:12f4d3173cb:-8000-0000000000000032> <1302670298730> <BEA-010026> <Exception occurred during commit of transaction
    Xid=BEA1-0011D0679BA5074B8E12(1930603846),Status=Rolled back. [Reason=javax.transaction.xa.XAException],numRepliesOwedMe=0,numRepliesOwedOthers=0,seconds since begin=0,seconds
    left=60,XAServerResourceInfo[WLStore_sgosb_domain_MesssageForwardingJMS_Store_mgd1]=(ServerResourceInfo[WLStore_sgosb_domain_MesssageForwardingJMS_Store_mgd1]=
    (state=rolledback,assigned=sgosb_1),xar=WLStore_sgosb_domain_MesssageForwardingJMS_Store_mgd1239571724,re-Registered =
    false),XAServerResourceInfo[WLStore_pega_domain_ProcessEventJMS_Store_mgd1]=(ServerResourceInfo[WLStore_pega_domain_ProcessEventJMS_Store_mgd1]=
    (state=rolledback,assigned=pega_1),xar=null,re-Registered = false),SCInfo[sgosb_domain+sgosb_1]=(state=rolledback),SCInfo[pega_domain+pega_1]=(state=rolledback),properties=
    ({}),OwnerTransactionManager=ServerTM[ServerCoordinatorDescriptor=(CoordinatorURL=sgosb_1+152.64.128.243:22110+sgosb_domain+t3+, XAResources={eis/tibjms/Topic,
    WLStore_sgosb_domain_FileStore_auto_1, eis/aqjms/Queue, eis/wls/Queue, eis/tibjms/Queue, WLStore_sgosb_domain__WLS_sgosb_1, eis/AQ/aqSample, eis/aqjms/Topic, eis/pramati/Queue, eis/sunmq
    /Queue, WLStore_sgosb_domain_WseeFileStore_auto_1, WLStore_sgosb_domain_MesssageForwardingJMS_Store_mgd1, WSATGatewayRM_sgosb_1_sgosb_domain, eis/jbossmq/Queue, eis/activemq
    /Queue, eis/fioranomq/Topic, eis/tibjmsDirect/Topic, eis/wls/Topic, eis/tibjmsDirect/Queue, eis/Apps/Apps, eis/webspheremq/Queue},NonXAResources=
    {})],CoordinatorURL=sgosb_1+152.64.128.243:22110+sgosb_domain+t3+): weblogic.transaction.RollbackException: Unknown reason
            at weblogic.transaction.internal.TransactionImpl.throwRollbackException(TransactionImpl.java:1881)
            at weblogic.transaction.internal.ServerTransactionImpl.internalCommit(ServerTransactionImpl.java:345)
            at weblogic.transaction.internal.ServerTransactionImpl.commit(ServerTransactionImpl.java:239)
            at weblogic.ejb.container.internal.MDListener.execute(MDListener.java:553)
            at weblogic.ejb.container.internal.MDListener.transactionalOnMessage(MDListener.java:424)
            at weblogic.ejb.container.internal.MDListener.onMessage(MDListener.java:326)
            at weblogic.jms.client.JMSSession.onMessage(JMSSession.java:4659)
            at weblogic.jms.client.JMSSession.execute(JMSSession.java:4345)
            at weblogic.jms.client.JMSSession.executeMessage(JMSSession.java:3821)
            at weblogic.jms.client.JMSSession.access$000(JMSSession.java:115)
            at weblogic.jms.client.JMSSession$UseForRunnable.run(JMSSession.java:5170)
            at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
            at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
            at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
    Caused by: javax.transaction.xa.XAException
            at weblogic.store.gxa.internal.GXAResourceImpl.prepare(GXAResourceImpl.java:1227)
            at weblogic.transaction.internal.XAServerResourceInfo.prepare(XAServerResourceInfo.java:1295)
            at weblogic.transaction.internal.XAServerResourceInfo.prepare(XAServerResourceInfo.java:500)
            at weblogic.transaction.internal.ServerSCInfo.startPrepare(ServerSCInfo.java:380)
            at weblogic.transaction.internal.ServerTransactionImpl.localPrepare(ServerTransactionImpl.java:2593)
            at weblogic.transaction.internal.ServerTransactionImpl.localPrepare(ServerTransactionImpl.java:1321)
            at weblogic.transaction.internal.SubCoordinatorImpl.startPrepare(SubCoordinatorImpl.java:183)
            at weblogic.transaction.internal.CoordinatorImpl_WLSkel.invoke(Unknown Source)
            at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
            at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:477)
            at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
            at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
            at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:473)
            at weblogic.rmi.internal.wls.WLSExecuteRequest.run(WLSExecuteRequest.java:118)
            at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
            at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    .>Edited by: SteveElkind on Apr 13, 2011 5:50 AM

    Tom,
    Thanks! Succinct and easy to understand as ever.
    Yup, that covers it - I had also just seen this in the docs after looking at atheek1's earlier response (thanks to him/her as well). It's covered almost as clearly there as you state it here (http://download.oracle.com/docs/cd/E11035_01/wls100/jta/trxcon.html).
    While the ESB domains meet all of those requirements (except for cross-domain security configuration), each of the other two sets of domains (3 in each set) do not meet the naming uniqueness criteria for domain and server names; they do for JMS server names. I saw the store names in the TX identifier string as included resource, and assumed they might play a part - that's why I changed them. As you say, an unnecessary change. Oh well - it was an easy one.
    My normal practice has been for unique names in the past, due to problems I had years ago with cross-domain JMS traffic in an earlier WLS version. I guess it's the wrong time to have forgotten that lesson.
    Does anyone know of a quick way of changing a domain name quickly without rebuilding the domain? In the past WLST resulted in incomplete copies for me, is that still a problem? Server names are easy, just some global search-and-replace in the config.xml file (and in the management scripts, too)
    /Steve

  • How can I get rid of the display of the last played music-title

    How can I get rid of the display of the last played music-title
    When playing a music-title the name of the title and it's progress is displayed in the box at the top of iTunes, even if the music is already stopped or ended. This display is impeding f.i. when copying music-albums to iPhones and watching the progress. Can anyone tell me please how to make the display of the last played music-title disappear?
    Thank you very much in advance.
    Hans M

    OK, thank you very much, fiend.
    However: Since yesterday afternoon my e-mail-acount is being flooded with 50+ e-mails every few hours which are not at all related to my question. I'm copying the properties of one e-mail as a sample. Could you please organize this flood to stop or tell me what to do?
    Thank you very much!
    Hans M
    Return-Path: <[email protected]>
    Delivered-To: [email protected]
    Received: (qmail 11232 invoked from network); 2 Jan 2014 21:38:42 -0000
    Received: from unknown ([172.18.1.109])
              by mailbox11.aon.at (qmail-ldap-1.03) with QMQP; 2 Jan 2014 21:38:42 -0000
    Delivered-To: CLUSTERHOST smarthub76.res.a1.net [email protected]
    Received: (qmail 9065 invoked from network); 2 Jan 2014 21:38:41 -0000
    X-Spam-Checker-Version: SpamAssassin 3.2.0 (2007-05-01) on
    WARSBL504.highway.telekom.at
    X-Spam-Level:
    Received: from redstreak.apple.com (HELO bz.apple.com) ([17.151.62.54])
              (envelope-sender <[email protected]>)
              by smarthub76.res.a1.net (qmail-ldap-1.03) with RC4-MD5 encrypted SMTP
              for <[email protected]>; 2 Jan 2014 21:38:41 -0000
    X-A1Mail-Track-Id: 1388698720:8973:smarthub76:17.151.62.54:1
    Received: from nwk-jivep-lapp04.corp.apple.com ([17.34.26.3])
    by bz.apple.com (Oracle Communications Messaging Server 7u4-23.01(7.0.4.23.0)
    64bit (built Aug 10 2011)) with ESMTP id <[email protected]> for
    [email protected]; Thu, 02 Jan 2014 13:38:40 -0800 (PST)
    Date: Thu, 02 Jan 2014 13:38:39 -0800
    From: Apple Support Communities Updates <[email protected]>
    Reply-to: discussions-replies <[email protected]>
    To: Hans M <[email protected]>
    In-reply-to:
    <2-24330225-3-6714313-1388532858380-2-24354104-3-1039882-1388697859204.jivesbs.ji vemailuser@https://discussions.apple.com/>
    References:
    <2-24330225-3-6714313-1388532858380.jivesbs.jivemailuser@https://discussions.appl e.com/>
    <2-24330225-3-6714313-1388532858380-2-24353958-3-6714313-1388696827692.jivesbs.ji vemailuser@https://discussions.apple.com/>
    <2-24330225-3-6714313-1388532858380-2-24354104-3-1039882-1388697859204.jivesbs.ji vemailuser@https://discussions.apple.com/>
    Subject: [iTunes for Windows] - Re: Cannot follow these instructions
    "Where are my iTunes files located?" [7h40p2-20wvf-ehzw3]
    MIME-version: 1.0
    Content-type: multipart/mixed;
    boundary="----=_Part_577492_1482299802.1388698719437"
    Auto-submitted: yes
    Content-disposition: inline

  • How can i get rid of cinemapro1-2 adv?

    recently when i search on the internet about some shopping websites, on the top of the web there always appear some advertisements. can you tell me how can i get rid of this? thank you so much
    yours sincere
    yiyang han

    There is no need to download anything to solve this problem.
    You may have installed one or more of the common types of ad-injection malware. Follow the instructions on this Apple Support page to remove it. It's been reported that some variants of the "VSearch" malware block access to the page. If that happens, start in safe mode by holding down the shift key at the startup chime, then try again.
    Back up all data before making any changes.
    One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those. If Safari crashes on launch, skip that step and come back to it after you've done everything else.
    If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, ask for further instructions.
    Make sure you don't repeat the mistake that led you to install the malware. It may have come from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
    Malware is also found on websites that traffic in pirated content such as video. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
    In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
    Still in System Preferences, open the App Store or Software Update pane and check the box marked
              Install system data files and security updates (OS X 10.10 or later)
    or
              Download updates automatically (OS X 10.9 or earlier)
    if it's not already checked.

  • How can I get rid of adclick on my Mac?

    How can I get rid of adclick on my Macbook Pro?  I get adclick, bulletflix, mackeeper, HD stream, etc.  Thanks in advance

    There is no need to download anything to solve this problem.
    You may have installed the "VSearch" trojan. Remove it as follows.
    Malware is always changing to get around the defenses against it. These instructions are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
    Back up all data before proceeding.
    Step 1
    From the Safari menu bar, select
              Safari ▹ Preferences... ▹ Extensions
    Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
    Reset the home page and default search engine in all the browsers, if it was changed.
    Step 2
    Triple-click anywhere in the line below on this page to select it:
    /Library/LaunchAgents/com.vsearch.agent.plist
    Right-click or control-click the line and select
              Services ▹ Reveal in Finder (or just Reveal)
    from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
    Repeat with each of these lines:
    /Library/LaunchDaemons/com.vsearch.daemon.plist
    /Library/LaunchDaemons/com.vsearch.helper.plist
    Restart the computer and empty the Trash. Then delete the following items in the same way:
    /Library/Application Support/VSearch
    /System/Library/Frameworks/VSearch.framework
    ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
    Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
    The problem may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
    This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow.
    You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the Internet criminal behind VSearch has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
    *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
              Go ▹ Go to Folder...
    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

  • I have a mackeeper virus and can't get rid of it

    I have a mackeeper virus and can't get rid of it??? Please someone help me?

    You may have installed the "VSearch" trojan, perhaps under a different name. Remove it as follows.
    Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
    Back up all data before proceeding.
    Triple-click anywhere in the line below on this page to select it:
    /Library/LaunchAgents/com.vsearch.agent.plist
    Right-click or control-click the line and select
              Services ▹ Reveal in Finder (or just Reveal)
    from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
    Repeat with each of these lines:
    /Library/LaunchDaemons/com.vsearch.daemon.plist
    /Library/LaunchDaemons/com.vsearch.helper.plist
    /Library/LaunchDaemons/Jack.plist
    Restart the computer and empty the Trash. Then delete the following items in the same way:
    /Library/Application Support/VSearch
    /Library/PrivilegedHelperTools/Jack
    /System/Library/Frameworks/VSearch.framework
    ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
    Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
    From the Safari menu bar, select
              Safari ▹ Preferences... ▹ Extensions
    Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
    Reset the home page and default search engine in all the browsers, if it was changed.
    This trojan is distributed on illegal websites that traffic in pirated content. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
    You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that this Internet criminal has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
    *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
              Go ▹ Go to Folder...
    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

  • I went to Firefox extentions to remove facesmooch, but there isn't any extensions listed, how else can i get rid of it?

    I downloaded a free youtube downloader and told it I didn't want facesmooch, but it installed it anyway and now I can't get rid of it. I have tried going to the add-ons manager and removing it from the extensions, but there are no extensions listed, it isn't in add/remove programs, the file I downloaded isn't a folder so I can't "get in to it", and I have uninstalled and deleted all content related to the youtube downloader. Please help me get rid of facesmooch.

    Sounds like some form of ad-aware.
    Boot up your pc in safe mode w/ networking, open FF and type "about:plugins" in the url address bar. Take note of anything that looks like it may be associated w/ "Facemooch". Close FF and do a search for any malicious looking files listed under the plugin section and append "bak" to the extension. You may need to open task manager prior to doing this to ensure the file isn't running, if "rundll32.exe or a malicious looking file, a simple search should be able to determine this, end the task prior to changing the extension (ie. somefile.dll.bak) <- this can be changed in the search wizard.
    Fire up msconfig while your still in Safe Mode, and uncheck any startup programs that are of unknown origin. (this does not delete anything, but just keeps it from booting at startup) msconfig should be available from the run command, just type in "msconfig" and enter.
    norton also has a freeware program called "autorun", very useful in stopping malicious files in their tracks.
    Most file validity can usually be determined by the directory they are lying in, for example, most viruses or malicious programs tend to load themselves into the c://windows/system32 directory or root directory (synonym).
    A quick google search also revealed this: http://www.howtogeek.com/forum/topic/how-do-i-get-rid-of-face-smooch

  • In chrome I'm getting green double underline hyperlinks to ads.  How can I get rid of this without adding more junk to the computer?

    I have both safari and chrome, because I'm used to chrome.  The only extension I have is Google docs.  I started getting green double underline hyperlinks to ads.  How can I get rid of this without adding more junk to the computer?  People suggest programs to do it, but how do I know they won't make it worse?
    Is someone from Apple here and can answer?
    Thanks!

    You may have installed the "VSearch" trojan. Remove it as follows.
    Malware is always changing to get around the defenses against it. These instructions are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
    Back up all data before proceeding.
    Step 1
    From the Safari menu bar, select
              Safari ▹ Preferences... ▹ Extensions
    Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
    Reset the home page and default search engine in all the browsers, if it was changed.
    Step 2
    Triple-click anywhere in the line below on this page to select it:
    /Library/LaunchAgents/com.vsearch.agent.plist
    Right-click or control-click the line and select
              Services ▹ Reveal in Finder (or just Reveal)
    from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
    Repeat with each of these lines:
    /Library/LaunchDaemons/com.vsearch.daemon.plist
    /Library/LaunchDaemons/com.vsearch.helper.plist
    Restart the computer and empty the Trash. Then delete the following items in the same way:
    /Library/Application Support/VSearch
    /System/Library/Frameworks/VSearch.framework
    ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
    Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
    The problem may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
    This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow.
    You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the Internet criminal behind VSearch has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
    *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
              Go ▹ Go to Folder...
    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

  • I by accident downloaded something call geniel. How can I get rid of it?

    I by accident downloaded something call geniel. How can I get rid of it?

    You installed the "Genieo" malware. The product is a fraud, and the developer knowingly distributes an uninstaller that doesn't work. I suggest the procedure below to disable Genieo. This procedure may leave a few small files behind, but it will permanently deactivate the malware (as long as you never reinstall it.)
    Malware is always changing to get around the defenses against it. These instructions are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
    Back up all data before proceeding.
    Step 1
    Triple-click anywhere in the line below on this page to select it:
    /Library/Frameworks/GenieoExtra.framework
    Right-click or control-click the line and select
              Services ▹ Reveal in Finder (or just Reveal)
    from the contextual menu.
    If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
              Go ▹ Go to Folder...
    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
    A folder should open with an item named "GenieoExtra.framework" selected. Move that item to the Trash. You'll be prompted for your administrator password.
    Move each of these items to the Trash in the same way:
    /Applications/Genieo.app
    /Applications/Reset Search.app
    /Applications/Uninstall Genieo.app
    /Library/LaunchAgents/com.genieo.completer.update.plist
    /Library/LaunchAgents/com.genieo.engine.plist
    /Library/LaunchAgents/com.genieoinnovation.macextension.plist
    /Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist
    /Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
    /usr/lib/libgenkit.dylib
    /usr/lib/libgenkitsa.dylib
    /usr/lib/libimckit.dylib
    /usr/lib/libimckitsa.dylib
    ~/Library/Application Support/com.genieoinnovation.Installer
    ~/Library/LaunchAgents/com.genieo.completer.download.plist
    ~/Library/LaunchAgents/com.genieo.completer.update.plist
    If there are other items with a name that includes "Genieo" or "genieo" alongside any of those listed above, move them as well. Some of these items will be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
    Restart and empty the Trash. Don't try to empty the Trash until you have restarted.
    Step 2
    From the Safari menu bar, select
              Safari ▹ Preferences... ▹ Extensions
    Uninstall any extensions you don't know you need, including ones called "Genieo" or "Omnibar," and any that have the word "Spigot" or "InstallMac" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
    Your web browser(s) should now be working, and you should be able to reset the home page and search engine. If not, stop here and post your results.
    Make sure you don't repeat the mistake that led you to install this trojan. Chances are you got it from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad has a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If youever download a file that isn't obviously what you expected, delete it immediately.
    You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that this Internet criminal has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
    Finally, be forewarned that when Genieo is mentioned on this site, the attacker sometimes shows up under the name "Genieo support." He will tell you to run a fake "uninstaller." As he intends, the uninstaller does not completely remove the malware, and is in fact malware itself.

Maybe you are looking for