Anytime you are using your Mac and are suddenly inundated with popups, unwanted Web pages opening, and other ads, then you are likely either using or getting too close to illegitimate resources. Generally this happens when you stumble across a nefarious Web site, but at other times it can be from adware and other malware you have installed on your system. One such instance of this is if you find persistent popups showing up on your Mac that reference “FlashMall,” which occurs from having installed the CrossRider trojan.
CrossRider is one of several web adware trojans that will attempt to override your Web browser with unwanted ad and search redirects. Often such activity is a crude attempt to force ad-clicking and thereby get ad revenue for the malware creators, but may also be used to track online activity.
Since the software is not a legitimate software package, you cannot trust it to have an uninstaller, so one approach for managing the CrossRider/FlashMall adware is to use an adware remover like Thomas Reed’s AdwareMedic for OS X, but you can also do so manually by the following steps:
- Go to the OS X Finder
- Open the Go menu and hold the Option key
- Choose the Library option from this menu
This will open a new Finder window at your user account’s Library folder. In here, perform the following actions:
- Locate and remove the folder called “WebTools”
- Open the Application Support subdirectory and remove the folder called “webHelperApp”
- Go back to the Library folder (up one directory) and open the LaunchAgents subdirectory
- Remove any of the following files that may appear in there:
com.crossrider.NUMBER.agent.plist com.webhelper.plist com.webtools.update.agent.plist flashmall_updater.plist flashmall_updater.sh WebSocketServerApp
Now do the same for your Mac’s global library, by opening your boot drive (aka, “Macintosh HD” by default) in the Finder, and then going to the Library folder in there. This folder is structured similarly to the Library for your user account, so again following the above procedures for removing the WebTools and webHelperApp folders, along with the specified contents of the LaunchAgents directory. Note that when deleting these items from this global Library folder, you may be required to supply your password.
When done, restart your Mac and the services that were running this adware should no longer be loaded.
I was going to ask, who would want to do this job the hard way when you can do it easily with AdwareMedic? But I’m in awe of the work Topher does to figure out how to do these things manually and/or with Terminal. I don’t want to discourage his efforts or his expertise. And just reading his solutions can teach us about how the OS X is organized and how it works. Which is why I usually read his solutions even if I don’t plan on using them. And sometimes I do use them, so who am I to say what will or will not be useful? So, Topher, thank you and keep up the good work.
I totally agree with Mr. Le Blanc about the help Mr. Kessler provides. A big part of that comes from his history and the confidence he provides in other sources of help simply by mentioning them. I already have AdwareMedic, but I always wonder about how safe these types of apps are and how well they update their databases. Seeing this app mentioned here encourages me to use it, even though I plan on manually looking through my Application Support directory! LOL! With Topher around, I feel like A. E. Neuman, “What me worry?” 😉
Am I doing something wrong? I get Library to come up from the Go menu option, but there is no folder named Webtools. Nor did it open a new window, but simply opened to Library.
I did use the search bar to look for the file names listed and none were returned as found, but I don’t understand why I’m not getting the same results as listed in the directions.
Of course, perhaps the lack of a folder named Webtools means I’m alright, right?
That just means that you have not been infected with this adware. It’s a good thing.
That’s the best news I’ve had all week!
Thank you for all your comments. Sometimes it´s necessary to go by feed, if it is dangerous.
I´m comming from Atari over Mac II, Dos, Win, Linux to Mac again, and i notice, how cryptic the Mac OS was every time. Ok, their opinion is, to give the user an playground without nessecerity of inside-knowledge. And there we have the main problem of our time: how we can know about the honesty by our trouble-shooter Programms, if we down´t know how to exemine it??? There are allways only a few companies, that get an Ethik mind and it´s difficult to find them. Only in this case when you find them you can imagine what cinfidence is. In all other cases you better make it Manuale.
And therefore every knowledge about the way up manually is a basic gift. so again: thanks for every funded lesson
(btw, I also missed the folder webtools 😉
have a nice day
and MOIN MOIN
My computer wont let me delete the WebTools folder and everything in it because it is saying it is in use. What do I do?