�鶹��Ƶ

Symptoms of Macintosh Adware Presence

• Troubles accessing web pages in Safari or Chrome (browser hijacking)
• Abnormal picture ads on google.com main page and search results.
• Unable to create a new message on the �鶹��Ƶ webmail interface.

Services Provided

The Technology Helpline staff is available to help with malware removal from personally owned Macintosh computers during regular hours. Institutionally owned Macintosh computers that are infected will be re-imaged.

Malware removal involves uninstalling applications such as Search Conduit, Mackeeper, MPlayerX, etc and deleting files from both the System Library and the User Library.

Location of Malicious Files/Processes

Accessing the Applications folder

The applications folder is at the root of the Macintosh HD. To find the Applications folder:

• in Finder
• from the Go Menu select Computer
• double-click Macintosh HD
• you should see a Applications folder at this location.

Accessing the System Library

The System Library is the Library folder at the root of the Macintosh HD. To find the System Library:

• in Finder
• from the Go Menu select Computer
• double-click Macintosh HD
• you should see a Library folder at this location.

Accessing the User Library (~/Library)

The User Library (typically denoted ~/Library) is the the Library folder in root of your user directory. To find the User Library:

• in Finder
• Hold down Option key (holding the option key shows the user library in the Go menu - without the option key - it won't show.
• from the Go Menu
• select Library

Accessing Activity Monitor

The Activity Monitor application is in the Utilities folder located in the Applications folder:

• in Finder
• from the Go Menu select Computer
• double-click Macintosh HD
• you should see a Applications folder at this location.
• Go to the Utilities folder
• Open Activity Monitor and select All Processes.

Removal

After removing files, a restart of the computer is necessary.

• From the System Library (Macintosh HD/Library)
• Check the Launch Agents, LaunchDaemons and Application Support folders
• remove any files or folders with zeobit, MacKeeper, 911 or 911bundle, Vsearch, or MPlayerX in their names.

---

• From the User Library (~/Library)
• Check the Caches, Application Support, Preferences, and LaunchAgents folders
• remove any files or folders with zeobit, MacKeeper, 911 or 911bundle, Vsearch, or MPlayerX in their names.

---

• From the Applications folder (Macintosh HD/Applications)
• remove any applications with zeobit, MacKeeper, 911 or 911bundle, Vsearch, SearchConduit, or MPlayerX in their names.

---

• From Activity Monitor (Macintosh HD/Applications/Utilities)
• Delete any processes with zeobit, MacKeeper, 911 or 911bundle, Vsearch, SearchConduit, or MPlayerX in their names

---

• Also check all browsers for suspicious extensions (MacCost, Coupon extensions, Search extensions)
• Empty the Trash
• Clear caches in Chrome, Safari, and Firefox
• Manually reset home pages in Chrome, Safari, and Firefox
• Reboot computer

Software Updates

After removing malware:

• Verify that all System Updates (App Store - Updates) have been applied.
• Verify that all browsers are up to date. Check About Chrome or About FireFox from the Chrome or FireFox menu.
• Verify that all Plug-ins are up to date. In FireFox from the Tools menu select Add-ons - on the Plug-ins tab, click the Check to see if your plug-ins are up to date. Update any outdated Plug-ins.

Additional Help

Here is a helpful web page that has been proven to work multiple times to guide you through removing pesky Macintosh Adware.

Please only delete those files that have the words zeobit, MacKeeper, 911 or 911bundle, or Vsearch.

The directions on the website don't mention anything about Vsearch, but any file that says Vsearch should be treated the same, delete or kill the file/process.

More resources -

Other

• Try removing the website data in Safari. Safari menu, Reset Safari, Remove website data.

See also

• Virus and Malware Removal
• Malwarebytes
• Symantec Anti-Virus
• Safe Mode