How to remove Trojan OSX?

Discussions relating to ClamXav

Moderator: Mark

How to remove Trojan OSX?

Postby princkata » Mon 22 Sep 2014 10:42 am

Hello and a good day.
New to virus and scans I run ClamXav scan because my computer was having virus syndromes and it turned out it was infected.

Last night I discovered "conduit" virus so I went step by step according to various forum and removed it. I think successfully as it no longer shows. There was a safari conduit in extensions and some in the library paths.

My question is, how to remove trojan?
Filename Infection Name Status
/Library/Application Support/VSearch/Agent/VSearchAgent.app Osx.Trojan.VSearchAgent
/System/Library/Frameworks/VSearch.framework/Versions/A/PlugIn/VSearchLoader.bundle Osx.Trojan.VSearchAgent
/System/Library/Frameworks/VSearch.framework/Versions/A/PlugIn/VSearchPlugIn.bundle Osx.Trojan.VSearchPlugin

I went to forums and learned that when there is osx present, i shouldn't delete it.
The syndromes are that tabs open randomly when I click on a link and spam page shows. Doesn't happen all the time but pretty much most of the time.

Thank you for coming up with the scan. Major help. Please let me know what I can do to remove the trojan.
Kindest regards,
Tatiana
princkata
 
Posts: 1
Joined: Mon 22 Sep 2014 10:28 am

Re: How to remove Trojan OSX?

Postby alvarnell » Mon 22 Sep 2014 12:09 pm

princkata wrote:how to remove trojan?
See Dealing with infected files.

But since you already know that you had been infected by Conduit adware and ClamXav only identified three infected files from the VSearch (aka Downlite) adware, I recommend you also run AdwareMedic to clean up any additional adware files that have also been accidentally installed.

To understand what happened to cause this and how to avoid it in the future, see John Galt's How to install adware.
-Al-
--
21.5" iMac Quad-core i7 / Mac OS X 10.9.5, 10.10.5, 10.11.6, 10.12.6 & 10.13.2 / ClamXAV v2.18.1/0.100.0 (3610)
alvarnell
Site Admin
 
Posts: 5477
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA

Re: How to remove Trojan OSX?

Postby jcoffino » Tue 07 Oct 2014 2:01 am

I have the exact same problem as described by the first poster, but I am having trouble deleting the (filename) VSearchAgent.app / (infection name) osx.trojan.vsearchagent.

I followed the link for deleting infected files, and am unable to delete the file. VSearchAgent.app is not in a mailbox, and is on the hard drive. The file path is /library/application support/vsearch/agent/vsearchagent.app. When I "show in finder" and try to move the file to the trash, it says "The item “VSearchAgent” can’t be moved to the Trash because it’s open." I have tried going to the activity monitor and force quitting the app, but that does not work either.

please help! thanks :)
jcoffino
 
Posts: 1
Joined: Tue 07 Oct 2014 1:54 am

Re: How to remove Trojan OSX?

Postby alvarnell » Tue 07 Oct 2014 2:35 am

jcoffino wrote:I have the exact same problem as described by the first poster, but I am having trouble deleting the (filename) VSearchAgent.app / (infection name) osx.trojan.vsearchagent.


I strongly recommend you use the afore mentioned AdwareMedic for safest, most efficient identify and optionally remove of all the files associated with this adware, not just the ones found by ClamXav. It's written by a colleague of Mark and I and after probably thousands of uses has never been reported as causing any side issues.

If that's not acceptable to you then here is a list of all the files I know of that are associated with it from the same author:
Move the following items to the trash. Note that removing many of these files will require administrator access, so you will need to be sure you are logged in to an admin account on your Mac. If you are not, you will be unable to remove some of them. Also, some of these files may not be present in all variants of this adware. If you don’t know how to locate a file based on the path given below, you should read Locating files from paths.

/Library/Application Support/VSearch
/Library/LaunchAgents/com.vsearch.agent.plist
/Library/LaunchDaemons/com.vsearch.daemon.plist
/Library/LaunchDaemons/com.vsearch.helper.plist
/Library/LaunchDaemons/Jack.plist
/Library/PrivilegedHelperTools/Jack
/System/Library/Frameworks/VSearch.framework

After you have moved these items to the trash, restart the computer. After restarting, you can empty the trash.
-Al-
--
21.5" iMac Quad-core i7 / Mac OS X 10.9.5, 10.10.5, 10.11.6, 10.12.6 & 10.13.2 / ClamXAV v2.18.1/0.100.0 (3610)
alvarnell
Site Admin
 
Posts: 5477
Joined: Thu 04 Sep 2008 1:18 am
Location: Mountain View, CA, USA


Return to ClamXav

Who is online

Users browsing this forum: No registered users

cron