Trojan, possibly mackeeper, on macbook air and can't get rid of it

So I accidentally downloaded a file that would allow me to watch a video because "mine was out of date" or something, not Adobe, and wasn't really paying attention and realized that I download it and when I thought i was deleting it I realized I installed it instead. I wasn't that worried about it at first because I was always under the impressions that macs couldn't get any type of virus at all. I had thought that just deleting the files off the computer would solve my problems but they didn't and can't seem to find any other suspicious files so they appear to be gone. I continuously get adds for "mackeeper", anti-virus products and then just some random stuff every time i open a new tab. I have spent hours trying to figure out how to get rid of this and I have been unsuccessful. I download an anti-virus product, Sophos Anti-virus, and did a full scan but it said there were no threats, maybe due to me deleting files. I then checked my extensions in my Safari preferences and there is not a single extension there. I have tried looking/ using the terminal and activity monitor to help this, due to others suggesting this with instructions, and haven't been able to understand the directions at all to get it to work. Also I get these pop-ups in both safari and chrome. I don't know what to do next and can't find anything that seems to work. Would a complete reboot of the computer fix this? Do I need to try a new anti-virus system? or is there some other way to fix it that I'm missing? or am i screwed because I actually installed this program and then deleted the files that I found which I also deleted from the trash? Please help

There is no need to download anything to solve this problem. You may have installed a variant of the "VSearch" ad-injection malware. Follow Apple Support's instructions to remove it.
If you have trouble following those instructions, see below.
Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
The VSearch malware tries to hide itself by varying the names of the files it installs. To remove it, you must first identify the naming pattern.
Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination  command-C:
/Library/LaunchDaemons
In the Finder, select
          Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder named "LaunchDaemons" may open. Look inside it for two files with names of the form
          com.something.daemon.plist
and
           com.something.helper.plist
Here something is a variable string of characters, which can be different in each case. So far it has always been a string of letters without punctuation, such as "cloud," "dot," "highway," "submarine," or "trusteddownloads." Sometimes it's a meaningless string such as "e8dec5ae7fc75c28" rather than a word. Sometimes the string is "apple," and then you must be especially careful not to delete the wrong files, because many built-in OS X files have similar names.
If you find these files, leave the LaunchDaemons folder open, and open the following folder in the same way:
/Library/LaunchAgents
In this folder, there may be a file named
          com.something.agent.plist
where the string something is the same as before.
If you feel confident that you've identified the above files, back up all data, then drag just those three files—nothing else—to the Trash. You may be prompted for your administrator login password. Close the Finder windows and restart the computer.
Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.
The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.
Open this folder:
/Library/Application Support
If it has a subfolder named just
           something
where something is the same string you saw before, drag that subfolder to the Trash and close the window.
Don't delete the "Application Support" folder or anything else inside it.
Finally, in this folder:
/System/Library/Frameworks
there may an item named exactly
            v.framework
It's actually a folder, though it has a different icon than usual. This item always has the above name; it doesn't vary. Drag it to the Trash and close the window.
Don't delete the "Frameworks" folder or anything else inside it.
If you didn't find the files or you're not sure about the identification, post what you found.
If in doubt, or if you have no backups, change nothing at all.
The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Then, still in System Preferences, open the App Store or Software Update pane and check the box marked
          Install system data files and security updates (OS X 10.10 or later)
or
          Download updates automatically (OS X 10.9 or earlier)
if it's not already checked.

Similar Messages

  • I have bought a 2nd hand late 2008 macbook air and can't install iPhoto as it requires update 10.9 or higher i can't seem to update any further than 10.7.5 help???

    I have bought a 2nd hand late 2008 macbook air and can't install iPhoto as it says it requires update 10.9 or higher i can't seem to update any further than 10.7.5 can anyone help please???

    Thankyou for your response... being new to this i have had a look and it says the following
    This system can run the last version of OS X 10.8 "Mountain Lion" as well as the current version of OS X 10.9 "Mavericks," but does not support the AirDrop, AirPlay Mirroring, or Power Nap features. It is not supported booting into 64-bit mode when running Mac OS X 10.6 "Snow Leopard." It does support "OpenCL" and Grand Central Dispatch introduced with Mac OS X 10.6 "Snow Leopard."
    Please note that OS X "Lion" 10.7 and subsequent versions of OS X, like Mountain Lion and Mavericks, are not capable of running Mac OS X apps originally written for the PowerPC processor as these operating systems do not support the "Rosetta" environment. To run PowerPC applications on this Mac, it will be necessary to use Mac OS X 10.6 "Snow Leopard" or earlier
    what do i do next
    Thankyou once again for your reply
    Gaz

  • Safari locks up on my macbook air and can not be restarted.

    Safari locks up on my macbook air and can not be restarted.  Doing a reboot gets me back to normal but every time I restart Safari it goes to the locked up page.

    Quit Safari. If it won't quit in the usual way, select
     ▹ Force Quit...
    from the menu bar, then select Safari from the list and press return.
    Relaunch Safari by holding down the shift  key and clicking its icon in the Dock. That will stop the bad page from reloading automatically. From the menu bar, select
    Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data
    to get rid of any cookies or other data left by the server.

  • Just bought a macbook air and can't find pages or numbers

    Just bought a macbook air and can't find pages or numbers; told this was on it and so says Apple.com…lost??

    http://www.apple.com/creativity-apps/mac/up-to-date/
    Best.

  • I have a mackeeper virus and can't get rid of it

    I have a mackeeper virus and can't get rid of it??? Please someone help me?

    You may have installed the "VSearch" trojan, perhaps under a different name. Remove it as follows.
    Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
    Back up all data before proceeding.
    Triple-click anywhere in the line below on this page to select it:
    /Library/LaunchAgents/com.vsearch.agent.plist
    Right-click or control-click the line and select
              Services ▹ Reveal in Finder (or just Reveal)
    from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
    Repeat with each of these lines:
    /Library/LaunchDaemons/com.vsearch.daemon.plist
    /Library/LaunchDaemons/com.vsearch.helper.plist
    /Library/LaunchDaemons/Jack.plist
    Restart the computer and empty the Trash. Then delete the following items in the same way:
    /Library/Application Support/VSearch
    /Library/PrivilegedHelperTools/Jack
    /System/Library/Frameworks/VSearch.framework
    ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
    Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
    From the Safari menu bar, select
              Safari ▹ Preferences... ▹ Extensions
    Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
    Reset the home page and default search engine in all the browsers, if it was changed.
    This trojan is distributed on illegal websites that traffic in pirated content. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
    You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that this Internet criminal has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
    *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
              Go ▹ Go to Folder...
    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

  • I have a macbook air and have trouble getting images to load on ebay, many blogs

    i have a macbook air and have trouble getting images to load on ebay, many blogs and also pinterest. What can I do to improve performence?

    this is not normal but try to see the multiples accounts in the mail check if his account is not connected yet

  • I have reinstalled mountain lion on my MacBook Pro and can't get the games back App Store says they'll already installed how can i download them can anyone help

    I have reinstalled mountain lion on my MacBook Pro and can't get the games back App Store says they'll already installed how can i download them can anyone help

    I have eactly the same problem - it seems that the downloaded version on MBA is version 6.0 and on iPad is is version 2.0 -
    Issue is when i tried to save the presentation on MBA Keynote 09 - Keynote crashed.
    I tried to save is as Powerpoint in MBA and it crashed as well!
    Message was edited by: Innovaxin

  • About a year ago we purchased a used macbook pro and can not get music to transfer from iPhones to mac

    about a year ago we purchased a used macbook pro and can not get music to transfer from iPhones to mac

    how can i get All music transferred? even non purchased

  • HT1267 Q  I keep getting a repeat screen that says "unable to download" [name of a song] and gives me the choice to "try again" or "done".  I don't want the song and can't get rid of the screen.  Ideas?

    I keep getting a screen that says "Unable to Download"   [song] with two choices - "done" or "try again".   I have tried both and can't get rid of the screen ( and don't want the song which I never ordered to begin with.   Ideas on getting rid of the screen??

    Purplehiddledog wrote:
    I do backup with iCloud.  I can't wait until the new iMac is available so that I can once again have my files in more than 1 location without needing to rely solely on the cloud. 
    I also rely on iTunes and my MacBook and Time Machine as well as backing up to iCloud. I know many users know have gone totally PC free, but I chose to use iCloud merely as my third backup.
    I assume that the restore would result in my ability to open Pages and Numbers and fix the problem with deleting apps, but this would also mean that if my Numbers documents still exist solely within the app and are just not on iCloud for some reason that they would be gone forever.  Is that right?
    In a word, yes. In a little more detail.... When you restore from an iCloud backup, you must erase the device and start all over again. There is no other way to access the backup in iCloud without erasing the device. Consequently, you are starting all over again. Therefore, it would also be my assumption that Pages and Numbers will work again and that the deleting apps issues would be fixed as well.
    If the documents are not in the backup, and you do not have a backup elsewhere, the documents could be gone forever.

  • I somehow managed to add lines on my master slide and can't get rid of them.  I now have a useless rectangle on the left half of many of my slides.  How do I remove this?

    I somehow managed to add lines on my master slide and can't get rid of them.  I now have a useless rectangle on the left half of many of my slides.  How do I remove this?

    Select the master slide,
    copy any objects you want to keep,
    Select all, (command A), and press delete key.
    Paste back the items to retain (Command V)

  • I am constantly getting a pop up box to sign into imessage or facetime and can't get rid of it even after entering password. What can I do?

    I am constantly getting a pop up box to sign into imessage or facetime and can't get rid of it even after entering password. What can I do?

    Launch Safari with the Shift key held down. If that doesn’t work, disconnect the computer from the Internet.
    (116847)

  • HT1918 I have$.08 that is eight cents!! Left in my account and can't get rid of it to change my account info to another country. How can I do this???

    I have $.08 eight cents left in my account and can not get rid of it to be able to change my account info, what do I do???

    You'll need to contact support for further assistance.
    https://expresslane.apple.com/GetproductgroupList.action

  • Set up new MacBook Air and can't connect to wifi

    Setting up new MacBook Air and it won't connect to my wifi. I'm still in the setup mode and don't want to skip the apple id section and install at a later date. HELP, I can't seem to go back to the network page either to change if it was wrong.

    A new Mac comes with 90 days of free tech support from AppleCare.
    AppleCare: 1-800-275-2273
    Best.

  • I have malware and can't get rid of it...

    After running Bitdefender, it found this:
    Gen:Variant.Symmi.2065     Disinfect failed     /Users/rippeleffect/Library/Mail/V2/[email protected]@imap .mail.yahoo.com/Deleted Messages.mbox/AA6F5AF9-63F3-4748-82C8-E7C555C76881/Data/8/7/2/2/Messages/227890 0.2.emlxpart
    Gen:Variant.Symmi.2065     Object failed to be moved to quarantine     /Users/rippeleffect/Library/Mail/V2/[email protected]@ imap.mail.yahoo.com/Deleted Messages.mbox/AA6F5AF9-63F3-4748-82C8-E7C555C76881/Data/8/7/2/2/Messages/227890 0.2.emlxpar
    Gen:Variant.Symmi.2065     Disinfect failed     /Users/rippeleffect/Library/Mail/V2/[email protected]@imap .mail.yahoo.com/Deleted Messages.mbox/AA6F5AF9-63F3-4748-82C8-E7C555C76881/Data/9/7/2/2/Messages/227900 4.2.emlxpart
    Gen:Variant.Symmi.2065     Object failed to be moved to quarantine     /Users/rippeleffect/Library/Mail/V2/[email protected]@ imap.mail.yahoo.com/Deleted Messages.mbox/AA6F5AF9-63F3-4748-82C8-E7C555C76881/Data/9/7/2/2/Messages/227900 4.2.emlxpart
    But it can't get rid of it. How do I remove it? please help!

    ClamXav is ideal for scanning incoming emails for Windows viruses.
    You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful: The User Tip seeks to offer guidance on the main security threats and how to avoid them.
    https://discussions.apple.com/docs/DOC-2435
    More useful information can also be found here:
    www.thesafemac.com/mmg

  • What is jetpack file? and can i get rid of it?

    what is jetpack file in my profiles?
    can i get rid of it?
    could it be the reason i have problem with java windows at URL below?
    While playing bridge on Pogo, even in safe mode, the java window freezes or kicks me out, or pogo server loses my sign-in name in the window and the site.

    "Other" is the measure of used space on the iPod not taken up by Audio, Video & Photos. This includes the iPod's library and artwork plus any files you may have copied to your iPod in disk mode. The overhead for the library & artwork data is typically 1-2% of the size of the media, e.g. for 1Gb of Audio & Video expect to have around 15mb of "Other". This information is needed for the iPod's operation and cannot be removed.
    If you have significantly larger amounts of "Other", not related to files you've intentionally placed on the iPod, then these are probably disconnected copies of your media files or iPod libraries left over from failed sync operations. The only way to recover the space is to do a full restore.
    If you have copies of all your media in your iTunes library this isn't a problem, but if you've been manually managing the content then you might need to try to recover the files from it first. See this post by forum regular Zevoneer on transferring files from the iPod to your computer. Some of the tools rely on the iPod having a healthy library however the manual method mentioned towards the end of the post should work regardless.
    tt2

Maybe you are looking for

  • Query on Linux 'top' command in Linux for oracle user

    This is the output of 'top' command in one of my linux server hosting One Oracle instance with 600MB SGA and 400MB PGA. One one instance is up in this server. top - 14:36:37 up 4:26, 3 users, load average: 0.05, 0.11, 0.28 Tasks: 124 total, 1 running

  • Problem with this windows installer package

    I-tunes had been working fine.  I updated my i-phone so is06 and the next day (notsure if the update is relevant) tried to open i-tunes.  I recieved a message telling me there was an error with the link, which unfortunately I did not write down.   I

  • WebUtil and DDE-package

    Hello, does anybody know, if there will be something like a CLIENT_DDE-package (related to the old DDE-package of forms) in webutil. The first announcements of Oracle about WebUtil told so, but now there is nothing left about it. Any suggestions? Tha

  • 6500-qos-drops

    I have a problem with an interface Gi that it has qos enable. It drops packets in priority queue ( cos 5 asignated), following the q2 and there is not drops on q1. This is the status: Interface GigabitEthernet9/32 queueing strategy: Weighted Round-Ro

  • Itunes library changing information

    My iTunes library does not keep information once it's been altered.  This plays havoc with playlists and trying to sort music chronologically.  Very frustrating...is there a solution? For example the album 'The Beatles Bootleg Recordings 1963' was pl