Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PLEASE HELP.. how to remove offers4u malware


  • Please log in to reply
6 replies to this topic

#1 acidicsnowflake

acidicsnowflake

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 16 June 2015 - 01:52 PM

ive accidentally downloaded the offers4u malware onto my macbook pro and its killing me... anyone shed light on how to remove the ads? thanks so mcuh x



BC AdBot (Login to Remove)

 


#2 dante12

dante12

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 16 June 2015 - 02:38 PM

  1. Please download AdwareMedic (Current Version 2.2.5). Open the DMG and move the app to your Desktop.
  2. Start the app and choose Scan for Adware. Detected Malware will move to the trash. If you need to restart, restart your mac.
  3. If any Malware found, please restart AdwareMedic and go to the Menu bar. Go to the menu Scanner and choose Open Log File. Post the content here. Don't Close the app!
  4. Open the AdwareMedic menu bar again and navigate to the menu Scanner. Choose Take System Snapshot now. Click on the button Copy to Clipboard and post the Content here.


#3 acidicsnowflake

acidicsnowflake
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 16 June 2015 - 05:48 PM

2015-06-16 23:34:58: ----- Scan Started -----
2015-06-16 23:34:58: Scanning with signatures version 74
2015-06-16 23:35:04: InstallCore : /Users/snowy/Library/Safari/Extensions/BrianDeer.safariextz
2015-06-16 23:35:05: Downlite : /Library/Application Support/5e71e18d0855e9df
2015-06-16 23:35:05: Downlite : /Library/LaunchAgents/com.5e71e18d0855e9df.agent.plist
2015-06-16 23:35:05: Downlite : /Library/LaunchDaemons/com.5e71e18d0855e9df.daemon.plist
/Library/LaunchDaemons/com.5e71e18d0855e9df.helper.plist
2015-06-16 23:35:05: Downlite : /System/Library/Frameworks/v.framework
2015-06-16 23:35:05: Genieo : /Users/snowy/Library/LaunchAgents/Texiday.download.plist
/Users/snowy/Library/LaunchAgents/Texiday.ltvbit.plist
/Users/snowy/Library/LaunchAgents/Texiday.update.plist
2015-06-16 23:35:05: Genieo : /Users/snowy/Library/LaunchAgents/Texiday.download.plist
2015-06-16 23:35:05: Genieo : /Users/snowy/Library/LaunchAgents/Texiday.update.plist
2015-06-16 23:35:05: Genieo : /Users/snowy/Library/LaunchAgents/Texiday.ltvbit.plist
2015-06-16 23:35:05: Buca Apps : /Users/snowy/Library/LaunchAgents/com.webhelper.plist
2015-06-16 23:35:05: Buca Apps : /Users/snowy/Library/LaunchAgents/com.webtools.update.agent.plist
2015-06-16 23:35:05: Buca Apps : /Users/snowy/Library/LaunchAgents/com.webtools.uninstaller.plist
2015-06-16 23:35:05: Buca Apps : /Users/snowy/Library/Application Support/webHelperApp
2015-06-16 23:35:05: Buca Apps : /Users/snowy/Library/WebTools
2015-06-16 23:35:05: Buca Apps : /Applications/WebTools.app
2015-06-16 23:35:06: ----- Scan Ended -----
2015-06-16 23:39:55: +++++ Attempting to remove adware +++++
2015-06-16 23:39:55: /Users/snowy/Library/Safari/Extensions/BrianDeer.safariextz
2015-06-16 23:39:55: /Library/Application Support/5e71e18d0855e9df
2015-06-16 23:39:55: /Library/LaunchAgents/com.5e71e18d0855e9df.agent.plist
2015-06-16 23:39:55: /Library/LaunchDaemons/com.5e71e18d0855e9df.daemon.plist
2015-06-16 23:39:55: /Library/LaunchDaemons/com.5e71e18d0855e9df.helper.plist
2015-06-16 23:39:55: /System/Library/Frameworks/v.framework
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/Texiday.download.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/Texiday.ltvbit.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/Texiday.update.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/Texiday.download.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/Texiday.update.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/Texiday.ltvbit.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/com.webhelper.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/com.webtools.update.agent.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/com.webtools.uninstaller.plist
2015-06-16 23:39:55: /Users/snowy/Library/Application Support/webHelperApp
2015-06-16 23:39:55: /Users/snowy/Library/WebTools
2015-06-16 23:39:55: /Applications/WebTools.app
2015-06-16 23:39:55: +++++ Adware removal complete +++++
2015-06-16 23:40:14: ===== Attempting restart =====


#4 acidicsnowflake

acidicsnowflake
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 16 June 2015 - 05:49 PM

AdwareMedic 2.2.5 system report - Tuesday, 16 June, 2015 @ 11:48:49 PM
Mac OS X version 10.7.5
23:48  up 4 mins, 1 user, load averages: 0.70 0.51 0.23
 
Safari extensions
---------------
/Users/snowy/Library/Safari/Extensions/iTube Studio.safariextz
     Name: iTube Studio
     Modified: Thursday, 20 December, 2012 @ 10:01:29 AM
 
Chrome extensions
---------------
/Users/snowy/Library/Application Support/Google/Chrome/Default/Extensions/gighmmpiobklfepjocnamgkkbiglidom
     Name: AdBlock
     Modified: Thursday, 11 June, 2015 @ 6:30:43 PM
/Users/snowy/Library/Application Support/Google/Chrome/Default/Extensions/lapoiohkeidniicbalnfmakkbnpejgbi
     Name: 支付宝安全插件
     Modified: Thursday, 23 October, 2014 @ 4:00:52 PM
/Users/snowy/Library/Application Support/Google/Chrome/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg
     Name: Chrome Hotword Shared Module
     Modified: Tuesday, 19 May, 2015 @ 11:27:17 PM
/Users/snowy/Library/Application Support/Google/Chrome/Default/Extensions/okffnhejfhpaihcocihfbojpjpiekjbp
     Name: iTube Studio
     Modified: Thursday, 10 January, 2013 @ 5:41:23 AM
/Users/snowy/Library/Application Support/Google/Chrome/Default/Extensions/pdnfnkhpgegpcingjbfihlkjeighnddk
     Name: Unblock Youku
     Modified: Thursday, 11 June, 2015 @ 6:30:43 PM
 
Firefox extensions
---------------
None
 
Login items
---------------
uHD-Agent, iTunesHelper, CleanMyDrive, Battery Health, Android File Transfer Agent, Octoshape
 
Startup items
---------------
None
 
System startup items
---------------
None
 
User launch agents
---------------
total 72
-rw-r--r--@ 1 snowy  staff  714 Dec 28 05:35 com.BlueStacks.AppPlayer.LogRotator.plist
-rw-r--r--@ 1 snowy  staff  649 Dec 28 05:35 com.BlueStacks.AppPlayer.Service.plist
-rw-r--r--@ 1 snowy  staff  724 Dec 28 05:35 com.BlueStacks.AppPlayer.UninstallAgent.plist
-rw-r--r--@ 1 snowy  staff  824 Dec 28 05:35 com.BlueStacks.AppPlayer.UpdaterAgent.plist
-rw-r--r--  1 snowy  staff  697 Aug  8  2013 com.adobe.AAM.Updater-1.0.plist
-rw-r--r--  1 root   wheel  469 Jul 16  2014 com.alipay.refresher.plist
-rw-r--r--@ 1 snowy  staff  802 May 19 23:26 com.google.keystone.agent.plist
-rw-r--r--  1 snowy  staff  800 May  4 11:22 com.jdibackup.ZipCloud.autostart.plist
-rw-r--r--  1 snowy  staff  821 May  4 11:22 com.jdibackup.ZipCloud.notify.plist
 
System launch agents
---------------
total 24
-rw-r--r--  1 root  wheel  612 Apr 21 23:38 com.adobe.AAM.Updater-1.0.plist
-rw-r--r--  1 root  wheel  667 Apr 21 22:55 com.adobe.AdobeCreativeCloud.plist
lrwxr-xr-x  1 root  wheel  104 Jan 11 23:04 com.oracle.java.Java-Updater.plist -> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Java-Updater.plist
 
System launch daemons
---------------
total 40
-rw-r--r--  1 root  wheel  479 Apr 21 22:55 com.adobe.adobeupdatedaemon.plist
-rw-r--r--  1 root  wheel  462 Apr 25 15:46 com.adobe.fpsaud.plist
-rw-r--r--  1 root  wheel  492 Jul 16  2014 com.alipay.DispatcherService.plist
-rw-r--r--  1 root  wheel  421 May  9  2012 com.apple.remotepairtool.plist
-rw-r--r--  1 root  wheel  568 Mar 10  2011 com.microsoft.office.licensing.helper.plist
lrwxr-xr-x  1 root  wheel  103 Jan 11 23:04 com.oracle.java.Helper-Tool.plist -> /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Helper-Tool.plist
 
Third-party kernel extensions
---------------
None
 
User cron tasks
---------------
None
 
Root cron tasks
---------------
None
 
launchd.conf contents
---------------
None
 
DNS settings
---------------
Server: 8.8.8.8
 
Hosts file
---------------
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
##
255.255.255.255 broadcasthost
fe80::1%lo0 localhost
162.212.59.2 astrill.com
162.212.59.2 www.astrill.com
162.212.59.2 members.astrill.com
 
Scan log
---------------
2015-06-16 23:34:58: ----- Scan Started -----
2015-06-16 23:34:58: Scanning with signatures version 74
2015-06-16 23:35:04: InstallCore : /Users/snowy/Library/Safari/Extensions/BrianDeer.safariextz
2015-06-16 23:35:05: Downlite : /Library/Application Support/5e71e18d0855e9df
2015-06-16 23:35:05: Downlite : /Library/LaunchAgents/com.5e71e18d0855e9df.agent.plist
2015-06-16 23:35:05: Downlite : /Library/LaunchDaemons/com.5e71e18d0855e9df.daemon.plist
/Library/LaunchDaemons/com.5e71e18d0855e9df.helper.plist
2015-06-16 23:35:05: Downlite : /System/Library/Frameworks/v.framework
2015-06-16 23:35:05: Genieo : /Users/snowy/Library/LaunchAgents/Texiday.download.plist
/Users/snowy/Library/LaunchAgents/Texiday.ltvbit.plist
/Users/snowy/Library/LaunchAgents/Texiday.update.plist
2015-06-16 23:35:05: Genieo : /Users/snowy/Library/LaunchAgents/Texiday.download.plist
2015-06-16 23:35:05: Genieo : /Users/snowy/Library/LaunchAgents/Texiday.update.plist
2015-06-16 23:35:05: Genieo : /Users/snowy/Library/LaunchAgents/Texiday.ltvbit.plist
2015-06-16 23:35:05: Buca Apps : /Users/snowy/Library/LaunchAgents/com.webhelper.plist
2015-06-16 23:35:05: Buca Apps : /Users/snowy/Library/LaunchAgents/com.webtools.update.agent.plist
2015-06-16 23:35:05: Buca Apps : /Users/snowy/Library/LaunchAgents/com.webtools.uninstaller.plist
2015-06-16 23:35:05: Buca Apps : /Users/snowy/Library/Application Support/webHelperApp
2015-06-16 23:35:05: Buca Apps : /Users/snowy/Library/WebTools
2015-06-16 23:35:05: Buca Apps : /Applications/WebTools.app
2015-06-16 23:35:06: ----- Scan Ended -----
2015-06-16 23:39:55: +++++ Attempting to remove adware +++++
2015-06-16 23:39:55: /Users/snowy/Library/Safari/Extensions/BrianDeer.safariextz
2015-06-16 23:39:55: /Library/Application Support/5e71e18d0855e9df
2015-06-16 23:39:55: /Library/LaunchAgents/com.5e71e18d0855e9df.agent.plist
2015-06-16 23:39:55: /Library/LaunchDaemons/com.5e71e18d0855e9df.daemon.plist
2015-06-16 23:39:55: /Library/LaunchDaemons/com.5e71e18d0855e9df.helper.plist
2015-06-16 23:39:55: /System/Library/Frameworks/v.framework
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/Texiday.download.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/Texiday.ltvbit.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/Texiday.update.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/Texiday.download.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/Texiday.update.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/Texiday.ltvbit.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/com.webhelper.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/com.webtools.update.agent.plist
2015-06-16 23:39:55: /Users/snowy/Library/LaunchAgents/com.webtools.uninstaller.plist
2015-06-16 23:39:55: /Users/snowy/Library/Application Support/webHelperApp
2015-06-16 23:39:55: /Users/snowy/Library/WebTools
2015-06-16 23:39:55: /Applications/WebTools.app
2015-06-16 23:39:55: +++++ Adware removal complete +++++
2015-06-16 23:40:14: ===== Attempting restart =====


#5 dante12

dante12

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 17 June 2015 - 10:09 AM

Seems to be ok now, how does your mac works now?



#6 acidicsnowflake

acidicsnowflake
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 17 June 2015 - 12:59 PM

it should be fine now i guess, thanks somuch!!!!



#7 dante12

dante12

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 PM

Posted 17 June 2015 - 01:03 PM

No problem - Ask me if you have questions.

 

You should be carefully download apps from download portals like softonic, cnet and so on. This bundles are include adware (searchtools, additional software). That was that you have doing and install this scam.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users