Tips on Adware Elimination

Yes, Macs can get adware. Beyond traditional viruses, worms, and Trojans, there’s now a thriving ecosystem of adware and spyware programs that bombard you with ads and spy on your web browsing, just like on Windows. The biggest problem with adware programs is that they represent legitimate software which, however, has malware attributes. This is exactly why they are not easily discovered by anti-virus programs. Their removal is even more challenging.

How does it appear?
Most often, adware programs are nicely wrapped in software installation packages. The experienced among you probably know that it mostly happens when trying to download illegal content from torrents or piracy sites. At certain occasions, it is the downloading site that attaches them to legit software (even famous sites like Softonic or Download.com have resorted to such unethical behavior, which is why we don’t recommend them). Sometimes, it happens because we are not careful enough and we choose adware-pervaded installers which deliberately distribute malicious software. Last, but not least adware programs reach our devices undercover, pretending to be useful programs and trying to grab attention. The last one, however, can easily be detected by anti-virus programs.

How could we recognise it?
Most often, there will be undesired and unexpected ads on your Mac screen. Once familiar with the environment, an adware program will start making changes, such as substituting the home page on your browser or the settings of your search engine. In the worst case, it will redirect you from legitimate sites to the ones which sponsored the functions of this program.

There are also secondary symptoms: For instance, the pages (or entire browser) you were used to open without problems will crash or display improperly (it is because a foreign HTML code has been inserted).
Have in mind, however, that undesired ads are not always a result from adware intrusion. It might happen that the network is compromised, or the website is experiencing problems.

Things to do before removing adware
Firstly (and most important), back up your data! The last thing you want when removing adware manually is losing your files or software. The risk of adware programs hurting your device should not be neglected. Even if you’ve already done it, it would be a good idea to purchase an external hard drive (preferably twice larger than the internal one) and to employ Time Machine in order to transfer data on it.

Step 1 – Scan your system using Macware Adware Cleaner
Firstly, download Macware Adware Cleaner. What Adware Cleaner does is scan your system and help remove malicious adware automatically. Have in mind that you may be requested to restart the device and close alll open browsers.

Step 1b: Removing adware manually
We advise you to resort to manual removal only when you are not able to run Macware Adware Cleaner.

If you have to (or you prefer) to do the elimination yourself, check the instructions for manual removal. Once again, be very careful when following the steps. The biggest risk you’re facing is to delete the wrong file, or failing, and leaving your system at risk.

Step 2: Make sure you’ve considered all other causes
Scanning may not reveal any adware programs in your system. That puts a big question mark on whether adware is really your problem. You might be facing compromised or ad-supportive Wi-Fi networks. There is also the possibility that the site you’re trying to open is hacked or unresponsive.

Step 3: You might have discovered new adware-report it!
Let’s assume you’ve followed the instructions carefully, but none of the previous steps revealed adware presence. We still recommend you to contact Macware support. You’ll have to send an email with your details (name, system information) and you explain the nature of your problem. Macware support team will reply and will give you instructions on what to do next.

How to Remove VSearch

What is VSearch?
VSearch is a relatively popular adware program, met mostly under the cover of a video-streaming installers. Some of you may recognise it under the name of Downlite, a scam torrent-downloader which has not been present on the web recently. VSearch can be easily recognised-once you’re trying to open a particular page, it redirects you to another search engine, or it simply causes unrelated pop-up advertisement to appear on your screen. VSearch was a pioneer among adware apps to be identified as malicious by Apple. The program was blocked, but the threat remains.

How to remove VSearch?
The following things should be eliminated. Have in mind that for some of them you should have administrator access, so check whether you’re actually logged in through your Mac’s admin account. If you are not, it is very likely that you will be unable to delete some items. Further on, remember that we are only discussing the known VSearch items, which doesn’t encompass all of them. If you are not able to find a specific file using the path below, read something on locating files from paths.
/Library/Application Support/VSearch /Library/LaunchAgents/com.vsearch.agent.plist /Library/LaunchDaemons/com.vsearch.daemon.plist /Library/LaunchDaemons/com.vsearch.helper.plist /Library/LaunchDaemons/Jack.plist /Library/PrivilegedHelperTools/Jack /System/Library/Frameworks/VSearch.framework /System/Library/Frameworks/v.framework

Files can also appear under the following names (‘xxx’ can replace any word):

/Library/LaunchAgents/com.xxx.agent.plist
/Library/LaunchDaemons/com.xxx.daemon.plist
/Library/LaunchDaemons/com.xxx.helper.plist

As we mentioned, ‘xxx’ can stand for any word. What is important to remember is that the particular word in a system will repeat itself in all files on that system.Therefore, if you recognise the word in any of your files-delete them!

Additionally, check the LaunchAgent and LaunchDemons files and look for specific ‘xxx’ locations:

/Library/Application Support/xxx
/System/Library/Frameworks/xxx.framework

Once you’re done with eliminating known VSearch files, restart your computer and empty the trash.