FacebookTwitterLinkedIn

How to remove ExploreActivity adware

Also Known As: Ads by ExploreActivity
Type: Mac Virus
Damage level: Medium

Tomas Meskauskas Written by on (updated)

What is ExploreActivity?

ExploreActivity is classified as a potentially unwanted application (PUA) because of the method employed for distribution: via a fake installer for Adobe Flash Player. Note that users do not often download/install ExploreActivity or similar apps intentionally.

The main purpose of ExploreActivity is to generate ads and promote a fake search engine. In this way, it functions as adware and a browser hijacker. Moreover, it is likely that this app is designed to collect information about its users.

ExploreActivity adware

ExploreActivity is a type of software that displays unwanted advertisements such as pop-ups, coupons, banners, surveys, and others. Commonly, these ads are used to promote dubious web pages (e.g., download pages for various PUAs). Sometimes they are used to distribute unwanted software. If clicked, they download and install PUAs.

Furthermore, this potentially unwanted app changes browser settings to promote a fake search engine. Usually, browser hijackers promote fake search engines by modifying settings such as the address of the homepage, new tab, and default search engine. The main purpose of browser hijackers is to force users to visit specific addresses when they open hijacked browsers, new tabs, or enter search queries into URL bars.

Apps of this type force people to use search engines that do not generate unique results - they display those generated by Yahoo, Google, or other search engines. They can also generate misleading results and shows ads. In any case, fake search engines cannot be trusted. Typically, to remove unwanted addresses from the browser settings, it is necessary to remove the browser hijacker first.

ExploreActivity collects information, targeting Internet Protocol addresses, URLs of visited web pages, entered search queries, geolocations, and other browsing data. Some adware/browser hijackers are capable of accessing private, sensitive information including, for example, credit card details, passwords saved on the browser, and other personal data. The information could be misused for marketing purposes or monetized in other ways. For example, it could be sold to third parties (potentially cyber criminals).

In any case, adware-type apps and browser hijackers are untrusted. Therefore, ExploreActivity and other PUAs should never be installed on browsers or computers.

Threat Summary:
Name Ads by ExploreActivity
Threat Type Adware, Mac malware, Mac virus
Detection Names Avast (MacOS:Agent-MT [Trj]), BitDefender (Adware.MAC.Generic.20044), ESET-NOD32 (A Variant Of OSX/TrojanDownloader.Adload.AE), Kaspersky (Not-a-virus:HEUR:AdWare.OSX.Cimpli.m), Full List (VirusTotal)
Additional Information This application belongs to the Adload malware family.
Symptoms Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.
Damage Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.
Malware Removal (Mac)

To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner for Mac
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

There are many apps similar to ExploreActivity online. Some examples are OriginalModule, UpdaterSync, and ProcessBrand. Typically, they are useless to regular users. They generate revenue for the developers by displaying ads, forcing users to visit specific addresses, and gathering various data.

These rogue apps can reduce computer performance, make other apps crash, reduce internet connection speeds, and cause other problems. Remove ExploreActivity from browsers and operating systems immediately.

How did ExploreActivity install on my computer?

The ExploreActivity app is distributed through a fake Adobe Flash Player installer. Fake installers are used to distribute malware including, for example, ransomware, Trojans, and other types.

Browser hijackers, adware-type apps, and other types of PUAs are commonly distributed by integrating them into the download and/or installation set-ups of other programs, so that a proportion of users inadvertently download and install them together with their chosen software. This distribution method is known as "bundling".

Offers to download and install additionally-included apps usually appear in "Advanced", "Custom" and other settings of the set-ups (where they can usually be declined). Many users fail to check and change these settings, thereby granting permission for PUAs to be downloaded and installed by default.

In addition, unwanted downloads and installations are sometimes caused by clicking deceptive advertisements capable of executing certain scripts.

How to avoid installation of potentially unwanted applications

Download software and files from official websites and via direct links. It is not safe to use torrent clients, eMule (or other Peer-to-Peer networks), third party downloaders, unofficial websites or other sources of this kind.

Avoid third party installers. Check "Advanced", "Custom" and other settings, and decline offers to download or install unwanted software. Do not click ads that are displayed on dubious websites, since they can open other untrusted websites or even cause unwanted downloads and installations.

Remove any unwanted, suspicious applications (extensions, add-ons, and plug-ins) that are installed on the browser. The same should be applied to programs of this kind that are installed on the operating system.

Regularly scan your computer with reputable antivirus or anti-spyware software and keep this software up to date.

If your computer is already infected with ExploreActivity, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate this adware.

Pop-up window displayed when ExploreActivity adware is installed:

ExploreActivity adware warning pop-up

Text presented in this pop-up:

"ExploreActivityd" will damage your computer.

This file was downloaded on an unknown date.

 

OK

Show in Finder

Fake Adobe Flash Player installer used to distribute ExploreActivity (first installation step):

exploreactivity adware installer step 1

Fake Adobe Flash Player installer used to distribute ExploreActivity (second installation step):

exploreactivity adware installer step 2

Files related to ExploreActivity adware that need to be removed:

  • ~/Library/Application Support/.[random_string]/Services/com.ExploreActivity.service.app
  • ~/Library/LaunchAgents/com.ExploreActivity.service.plist
  • /Library/Application Support/.[random_string]/System/com.ExploreActivity.system
  • /Library/LaunchDaemons/com.ExploreActivity.system.plist

IMPORTANT NOTE! In some cases, malicious applications like OriginalModule alter system proxy settings, thereby causing unwanted redirects to a variety of dubious websites.

The redirects are likely to remain even after removing the application itself. Thus, you must restore them manually.

Step 1: Click on the gear icon in the Dock to navigate to the system settings. If the icon is not present in the Dock, you can find it in the Launchpad.

Changing proxy settings - navigate to the system settings

Step 2: Navigate to the Network settings.

Changing proxy settings - navigate to the network settings

Step 3: Select the connected network and click "Advanced...".

Changing proxy settings - select the connected network and click Advanced...

Step 4: Click on the "Proxies" tab and untick all the protocols. You should also assign the settings of each protocol to the default: "*.local, 169.254/16".

Changing proxy settings - untick all the options and set their settings to default

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Video showing how to remove ExploreActivity adware using Combo Cleaner:

ExploreActivity adware removal:

Remove ExploreActivity-related potentially unwanted applications from your "Applications" folder:

mac browser hijacker removal from applications folder

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX", "NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove adware-related files and folders

Mac Go To Folder step

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Mac removing related files and folders - step 1Check for adware generated files in the /Library/LaunchAgents/ folder:

Mac go to /Library/LaunchAgents - step 1

In the Go to Folder... bar, type: /Library/LaunchAgents/

Mac go to /Library/LaunchAgents - step 2

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Mac removing related files and folders - step 2Check for adware generated files in the ~/Library/Application Support/ folder:

Mac go to /Library/Application Support - step 1

In the Go to Folder... bar, type: ~/Library/Application Support/

Mac go to /Library/Application Support - step 2

In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.

Mac removing related files and folders - step 3Check for adware generated files in the ~/Library/LaunchAgents/ folder:

Mac go to ~/Library/LaunchAgents - step 1

In the Go to Folder... bar, type: ~/Library/LaunchAgents/

Mac go to ~/Library/LaunchAgents - step 2

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Mac removing related files and folders - step 4Check for adware generated files in the /Library/LaunchDaemons/ folder:

Mac go to /Library/LaunchDaemons - step 1

In the "Go to Folder..." bar, type: /Library/LaunchDaemons/

Mac go to /Library/LaunchDaemons - step 2

In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.

Mac removing malware related files and folders - step 5Scan your Mac with Combo Cleaner:

If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.

Mac remove malware with Combo Cleaner - step 1

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.

Mac remove malware with Combo Cleaner - step 2

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

Remove malicious extensions from Internet browsers

Safari iconRemove malicious Safari extensions:

Removal of malicious extensions in Safari - step 1

Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".

Removal of malicious extensions in Safari - step 2

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Google Chrome logoRemove malicious extensions from Google Chrome:

Removal of malicious extensions in Google Chrome - step 1

Click the Chrome menu icon Google Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

Removal of malicious extensions in Google Chrome - step 2

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Mozilla Firefox logoRemove malicious extensions from Mozilla Firefox:

Removal of malicious extensions in Mozilla Firefox - step 1

Click the Firefox menu firefox menu icon (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

Removal of malicious extensions in Mozilla Firefox - step 2

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
Ads by ExploreActivity QR code
Scan this QR code to have an easy access removal guide of Ads by ExploreActivity on your mobile device.
We Recommend:

Get rid of Mac malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner for Mac

Platform: macOS

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.