Avoid downloading fake Flash updater from theworldofcontents.info

How to remove redirects to theworldofcontents[.]info from Mac computers

What is theworldofcontents[.]info?

theworldofcontents[.]info is a scam website promoting a fake Flash Player updater. There are several variants of this scam with differing design/appearance, although the purpose is much the same. The site claims that visitors' Flash Players might be outdated and advises them to update the software. Rogue updaters are used to spread a variety of untrustworthy and malicious content. For example, they are employed to proliferate Potentially Unwanted Applications (PUAs) and even malware (e.g. trojans, ransomware, etc.). Few users access websites like theworldofcontents[.]info intentionally - most are redirected by intrusive advertisements or PUAs already installed on the system.

When entered, variants of theworldofcontents[.]info display multiple pop-up windows. The initially displayed center pop-up states that Flash Player is an essential browser plug-in, which enables users to play video, animation and audio media, and games online. As Flash might be lacking the latest security updates (i.e., is outdated), it is possible that the plug-in has been blocked. To continue using Flash Player, the scam urges visitors to update it. The window at the bottom-right instructs them to install the latest updates for improved performance. This scam version presents another pop-up, which overlays the one shown in the center of the page. It repeats the same message: Flash might be out-of-date and lacking security updates, and therefore might not work. These windows have "Download/Update" buttons. Clicking on any leads to download of the bogus updates. The other variant of this scheme displays two pop-ups. The window at the top-right corner informs users that they need to download an updated new version of the plug-in. The windows in the middle of the web page presents visitors with a loading bar, which allegedly represents the download process of the Flash updates. Installing them takes just a few seconds and requires no restart/reboot. This pop-up also has buttons to download the fake updater. Once the download process has begun, theworldofcontents[.]info provides users with instructions about how to install the updates, however, following the steps will allow untrustworthy/malicious software onto the device, rather than updating Flash Player. Content promoted via such dubious methods is highly likely to lead to serious issues. Therefore, you are strongly advised against downloading/installing this software.

Deceptive websites are commonly force-opened by PUAs, yet they can redirect to other sale-based, untrustworthy/rogue, compromised and malicious pages. They can also have other, different capabilities. Some unwanted apps run intrusive advertisement campaigns. I.e., they deliver harmful ads that diminish the browsing experience. Intrusive ads also redirect to dubious web pages and stealthily download/install content when they are clicked. Other PUAs can make unauthorized changes to browsers and limit/deny access to settings. Regardless of their other functions, most PUAs can track data. They monitor users' browsing habits (URLs visited, search queries typed, etc.) and collect their personal information (IP addresses, geolocations and other details). This vulnerable data can then be shared with third parties intent on misusing it for profit. To summarize, PUAs can cause browser and system infiltration/infections and result in financial loss, serious privacy issues and even identity theft. To protect device integrity and user safety, remove all suspect applications and browser extensions/plug-ins without delay.

Threat Summary:

Name	theworldofcontents.info pop-up
Threat Type	Phishing, Scam, Mac malware, Mac virus.
Fake Claim	Site claims that the visitor's Flash Player might be outdated.
Detection Names (AdobeFlashPlayerInstaller.dmg)	BitDefender (Adware.MAC.Bundlore.DPS), Kaspersky (HEUR:Trojan-Downloader.OSX.Shlayer.a), GData (Adware.MAC.Bundlore.DPS), Tencent (Unk.Win32.Script.404241), Full List (VirusTotal)
Promoted Unwanted Application	Site promotes fake Flash Player updates.
Symptoms	Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods	Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.
Damage	Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.
Malware Removal (Mac)	To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner for Mac To use full-featured product, you have to purchase a license for Combo Cleaner. Limited three days free trial available.

mainplaceupgradesfree.info, startmostnewestprogram.icu, and fineplaceupgradefree.info are some other examples of scam sites that promote fake software updaters. Deceptive web pages use social engineering and scare tactics to trick users into downloading/installing and/or purchasing dubious/malicious content, revealing personal details (e.g. banking account or credit card credentials), making monetary transactions (e.g. payment for "services rendered", various fees) and so on. The goal of these scams is to generate revenue for their designers at the expense of innocent users.

How did potentially unwanted applications install on my computer?

PUAs can infiltrate devices under the guise of other software (e.g. fake updaters), however, they can also be downloaded/installed together with regular products. This deceptive marketing method of pre-packing normal programs with unwanted (or malicious) content is called "bundling". Rushing download/installation processes (e.g. ignoring terms, using pre-set options, etc.) endangers systems with potential infiltration and infections. Some apps of this kind have "official" download pages, which are typically promoted by deceptive/scam websites. When an intrusive ad is clicked, it can execute scripts designed to download/install PUAs without users' consent.

How to avoid installation of potentially unwanted applications

You are advised to research all content, before downloading/installing. Use only official and verified download channels. Untrustworthy download sources (e.g. P2P sharing networks [BitTorrent, eMule, Gnutella, etc.], free file-hosting sites and other third party downloaders) can offer deceptive and/or bundled software. All updates should be performed with tools/functions provided by genuine developers. Third party updaters are high-risk and should be avoided. When downloading/installing, read the terms, explore all available options, use the "Custom/Advanced" settings and opt-out of supplementary apps, tools, features and so on. Intrusive advertisements often seem legitimate and harmless, however, they can redirect to dubious web pages (e.g. pornography, adult-dating, gambling and others). If you encounter ads/redirects of this type, check the system and immediately remove all suspicious applications and/or browser extensions/plug-ins. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text presented in the pop-up windows initially presented by theworldofcontents[.]info:

Top of the page pop-up:

 

Latest version of Flash Player is recommended to encode and/or decode (Play) audio files in high quality. - Click here to update for latest version.

 

--------

Center page pop-up:

 

Software update
Flash Player
Install the latest update
Update now
 
"Flash Player" is an essential plugin for your browser that allows you to view everything from video to games and animation on the web. The version of “Flash Player" on your system might not include the latest security updates and might be blocked.

To continue using “Flash Player", it is recommended to download an updated version.

Download Flash... Update

 

--------

Bottom-right page corner pop-up:

 

Flash Player Update RECOMMENDED
Install latest version of Flash Player for better performance.
Download

Screenshot of the pop-up, which overlays the middle of the page:

Text presented in this pop-up:

Software update

“Flash Player” might be out-of-date

The version of this plug-in on your computer might not include the latest security updates. Flash might not work be used until you download an update.
Update Download Flash...

Screenshot of fake Flash Player updates installation instructions provided by this scam:

Text presented in this page:

1

Go to the ‘Downloads’
Open your downloads list by
clicking on the top right corner
the ‘arrow’.

 

2

Open the file
Locate and double-click the file
starting with ‘Flash Player’.

 

3

Run the application
Confirm the installation by clicking
Continue and Install
buttons.
Type your password.

Appearance of theworldofcontents[.]info scam (GIF):

Appearance of an alternative variant of theworldofcontents[.]info scam (GIF):

Screenshot of the fake Flash Player updater installation set-up:

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited three days free trial available.

Quick menu:

• What is "theworldofcontents[.]info"?
• STEP 1. Remove PUA related files and folders from OSX.
• STEP 2. Remove rogue extensions from Safari.
• STEP 3. Remove rogue add-ons from Google Chrome.
• STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove theworldofcontents.info pop-up related files and folders:

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Check for adware-generated files in the /Library/LaunchAgents folder:

In the Go to Folder... bar, type: /Library/LaunchAgents

In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

Check for adware generated files in the /Library/Application Support folder:

In the Go to Folder... bar, type: /Library/Application Support

In the “Application Support” folder, look for any recently-added suspicious folders. For example, “MplayerX” or “NicePlayer”, and move these folders to the Trash.

Check for adware-generated files in the ~/Library/LaunchAgents folder:

In the Go to Folder bar, type: ~/Library/LaunchAgents

In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

Check for adware-generated files in the /Library/LaunchDaemons folder:

In the Go to Folder... bar, type: /Library/LaunchDaemons

In the “LaunchDaemons” folder, look for recently-added suspicious files. For example “com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, "com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”, etc., and move them to the Trash.

 Scan your Mac with Combo Cleaner:

If you have followed all the steps in the correct order you Mac should be clean of infections. To be sure your system is not infected run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file double click combocleaner.dmg installer, in the opened window drag and drop Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates it's virus definition database and click "Start Combo Scan" button.

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide, otherwise it's recommended to remove any found infections before continuing.

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

theworldofcontents.info pop-up removal from Internet browsers:

Remove malicious extensions from Safari:

Remove theworldofcontents.info pop-up related Safari extensions:

Open Safari browser, from the menu bar, select "Safari" and click "Preferences...".

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for normal browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Remove malicious plug-ins from Mozilla Firefox:

Remove theworldofcontents.info pop-up related Mozilla Firefox add-ons:

Open your Mozilla Firefox browser. At the top right corner of the screen, click the "Open Menu" (three horizontal lines) button. From the opened menu, choose "Add-ons".

Choose the "Extensions" tab and look for any recently-installed suspicious add-ons. When located, click the "Remove" button next to it/them. Note that you can safely uninstall all extensions from your Mozilla Firefox browser - none are crucial for normal browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

Remove malicious extensions from Google Chrome:

Remove theworldofcontents.info pop-up related Google Chrome add-ons:

Open Google Chrome and click the "Chrome menu" (three horizontal lines) button located in the top-right corner of the browser window. From the drop-down menu, choose "More Tools" and select "Extensions".

In the "Extensions" window, look for any recently-installed suspicious add-ons. When located, click the "Trash" button next to it/them. Note that you can safely uninstall all extensions from your Google Chrome browser - none are crucial for normal browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Click to post a comment