Avoid downloading fake Flash updater from theworldofcontents.info

How to remove redirects to theworldofcontents[.]info from Mac?

What is theworldofcontents[.]info?

Theworldofcontents[.]info is a scam webpage, pushing a fake Flash Player updater. There are several variants of this scam's design/appearance, though the purpose is much the same. The site claims that visitors' Flash Player may be outdated and recommends them to update it. Illegitimate updaters are used to spread a variety of untrustworthy and malicious content. For example, they are employed to proliferate PUAs (Potentially Unwanted Applications) and even malware (e.g. trojans, ransomware, etc.). Few users access websites like theworldofcontents[.]info intentionally, most get redirected by intrusive advertisements or by PUAs, already installed onto the system.

When entered, both variants of theworldofcontents[.]info display multiple pop-up windows. The initially displayed, center pop-up states that Flash Player is an essential browser plug-in. It enables users to play video, animation and audio media, as well as games - online. As Flash might be lacking latest security updates (i.e. is outdated) - it is possible that the plug-in has been blocked. To continue using Flash Player, the scam urges visitors to update it. The window at the bottom-right instructs users to install the newest updates for improved performance. This scam version presents another pop-up, which overlays the one shown in the center of the page. It repeats the same message - Flash may be out-of-date and lacking security updates, thereby it might not work. Each of these windows have "Download/Update" buttons, clicking on any - leads to the download of the illegitimate updates. The other variant of this scheme, displays two pop-ups. The window at the top-right corner, informs users that they need to download an updated new version of said plug-in. The one in the middle of the webpage presents visitors with a loading bar, which allegedly represents the download process of the Flash updates. Installing them will only take a few seconds and require no restart/reboot. This pop-up also has buttons to download the fake updater. Once the download process has begun, theworldofcontents[.]info provides users with instructions how to install the updates. However, following the steps will allow untrustworthy/malicious software onto the device, instead of updating Flash Player. Content promoted via such dubious methods is highly likely to lead to serious issues; therefore, it is strongly advised against downloading/installing it.

Deceptive websites are commonly force-opened by PUAs, yet they can redirect to other sale-based, untrustworthy/rogue, compromised and malicious pages as well as. However, they can have different abilities. Some unwanted apps run intrusive advertisement campaigns, i.e. deliver browsing-quality diminishing and harmful ads. As mentioned in the introduction, intrusive adverts also redirect to various questionable webpages and can stealthily download/install content - when they are clicked. Other types of PUA can make unauthorized changes to browsers and limit/deny access to their settings. Most PUAs, regardless of their other functions, can track data. They monitor users' browsing habits (URLs visited, search queries typed, etc.) and collect their personal information (IP addresses, geolocations and real-life details). This vulnerable data can then be shared with third parties, intent on misusing it for profit. To summarize, PUAs can not only cause browser and system infiltrations/infections, but also result in financial losses, severe privacy issues and even identity theft. To protect device integrity and user safety, all suspect applications and browser extensions/plug-ins must be removed without delay.

Threat Summary:

Name	theworldofcontents.info pop-up
Threat Type	Phishing, Scam, Mac malware, Mac virus
Fake Claim	Site claims visitors' Flash Player might be outdated.
Detection Names (AdobeFlashPlayerInstaller.dmg)	BitDefender (Adware.MAC.Bundlore.DPS), Kaspersky (HEUR:Trojan-Downloader.OSX.Shlayer.a), GData (Adware.MAC.Bundlore.DPS), Tencent (Unk.Win32.Script.404241), Full List (VirusTotal)
Promoted Unwanted Application	Site promotes fake Flash Player updates.
Symptoms	Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods	Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.
Damage	Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.
Removal	To eliminate theworldofcontents.info pop-up our malware researchers recommend scanning your computer with Combo Cleaner. ▼ Download Combo Cleaner Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Combo Cleaner.

Mainplaceupgradesfree.info, startmostnewestprogram.icu, fineplaceupgradefree.info are a few examples of scam sites, promoting fake software updaters. Deceptive pages use social engineering and scare-tactics to trick users into downloading/installing and/or purchasing unreliable/malicious content, revealing personal details (e.g. banking account or credit card credentials), making monetary transactions (e.g. payment for "services rendered", various fees) and so on. The sole goal of these scams is to generate revenue for their designers at the expense of users.

How did potentially unwanted applications install on my computer?

PUAs can infiltrate devices under the guise of other software (e.g. fake updaters). However, they can also be downloaded/installed together with regular products. This false marketing method of pre-packing ordinary programs with unwanted (or malicious) content is called "bundling". Rushed download/installation processes (e.g. ignored terms, used pre-set options, etc.) - endangers systems with potential infiltrations and infections. Some apps of this kind have "official" download pages, which are typically pushed by deceptive/scam websites. When an intrusive ad is clicked, it can execute scripts, designed to download/install PUAs without user consent.

How to avoid installation of potentially unwanted applications?

It is advised to research content, before downloading/installing it. Users are encouraged to only use official and verified download channels. Untrustworthy download sources, e.g. P2P sharing networks (BitTorrent, eMule, Gnutella, etc.), free file-hosting sites and other third party downloaders - can offer deceptive and/or bundled software. All updates should be done with tools/functions provided by genuine developers; third party updaters are deemed to be high-risk, so they are expressly advised against use. When downloading/installing, it is recommended to read terms, explore all available options, use the "Custom/Advanced" settings and opt-out from supplementary apps, tools, features and so on. Intrusive advertisements often appear legitimate and harmless, however they redirect to dubious webpages (e.g. pornography, adult-dating, gambling and others). Should users encounter ads/redirects of this type, it is necessary to check the system and immediately remove all suspicious applications and/or browser extensions/plug-ins from it. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text presented in the pop-up windows initially presented by theworldofcontents[.]info:

Top of the page pop-up:

 

Latest version of Flash Player is recommended to encode and/or decode (Play) audio files in high quality. - Click here to update for latest version.

 

--------

Center page pop-up:

 

Software update
Flash Player
Install the latest update
Update now
 
"Flash Player" is an essential plugin for your browser that allows you to view everything from video to games and animation on the web. The version of “Flash Player" on your system might not include the latest security updates and might be blocked.

To continue using “Flash Player", it is recommended to download an updated version.

Download Flash... Update

 

--------

Bottom-right page corner pop-up:

 

Flash Player Update RECOMMENDED
Install latest version of Flash Player for better performance.
Download

Screenshot of the pop-up, which overlays the middle of the page:

Text presented in this pop-up:

Software update

“Flash Player” might be out-of-date

The version of this plug-in on your computer might not include the latest security updates. Flash might not work be used until you download an update.
Update Download Flash...

Screenshot of fake Flash Player updates installation instructions, provided by this scam:

Text presented in this page:

1

Go to the ‘Downloads’
Open your downloads list by
clicking on the top right corner
the ‘arrow’.

 

2

Open the file
Locate and double-click the file
starting with ‘Flash Player’.

 

3

Run the application
Confirm the installation by clicking
Continue and Install
buttons.
Type your password.

Appearance of theworldofcontents[.]info scam (GIF):

Appearance of the alternative variant of theworldofcontents[.]info scam (GIF):

Screenshot of the fake Flash Player updater installation set-up:

Instant automatic removal of theworldofcontents.info pop-up: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of theworldofcontents.info pop-up. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Combo Cleaner.

Quick menu:

• What is "theworldofcontents[.]info"?
• STEP 1. Remove PUA related files and folders from OSX.
• STEP 2. Remove rogue extensions from Safari.
• STEP 3. Remove rogue add-ons from Google Chrome.
• STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove theworldofcontents.info pop-up related files and folders:

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Check for adware-generated files in the /Library/LaunchAgents folder:

In the Go to Folder... bar, type: /Library/LaunchAgents

In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

Check for adware generated files in the /Library/Application Support folder:

In the Go to Folder... bar, type: /Library/Application Support

In the “Application Support” folder, look for any recently-added suspicious folders. For example, “MplayerX” or “NicePlayer”, and move these folders to the Trash.

Check for adware-generated files in the ~/Library/LaunchAgents folder:

In the Go to Folder bar, type: ~/Library/LaunchAgents

In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

Check for adware-generated files in the /Library/LaunchDaemons folder:

In the Go to Folder... bar, type: /Library/LaunchDaemons

In the “LaunchDaemons” folder, look for recently-added suspicious files. For example “com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, "com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”, etc., and move them to the Trash.

 Scan your Mac with Combo Cleaner:

If you have followed all the steps in the correct order you Mac should be clean of infections. To be sure your system is not infected run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file double click combocleaner.dmg installer, in the opened window drag and drop Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates it's virus definition database and click "Start Combo Scan" button.

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide, otherwise it's recommended to remove any found infections before continuing.

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

theworldofcontents.info pop-up removal from Internet browsers:

Remove malicious extensions from Safari:

Remove theworldofcontents.info pop-up related Safari extensions:

Open Safari browser, from the menu bar, select "Safari" and click "Preferences...".

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for normal browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Remove malicious plug-ins from Mozilla Firefox:

Remove theworldofcontents.info pop-up related Mozilla Firefox add-ons:

Open your Mozilla Firefox browser. At the top right corner of the screen, click the "Open Menu" (three horizontal lines) button. From the opened menu, choose "Add-ons".

Choose the "Extensions" tab and look for any recently-installed suspicious add-ons. When located, click the "Remove" button next to it/them. Note that you can safely uninstall all extensions from your Mozilla Firefox browser - none are crucial for normal browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

Remove malicious extensions from Google Chrome:

Remove theworldofcontents.info pop-up related Google Chrome add-ons:

Open Google Chrome and click the "Chrome menu" (three horizontal lines) button located in the top-right corner of the browser window. From the drop-down menu, choose "More Tools" and select "Extensions".

In the "Extensions" window, look for any recently-installed suspicious add-ons. When located, click the "Trash" button next to it/them. Note that you can safely uninstall all extensions from your Google Chrome browser - none are crucial for normal browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.