What launches an ancient "Update Helper" and how do I confirm it's not a trojan?
Once in a while a program nags me out of the blue to update. I seldom yield since I always suspect a trojan. For example today I get a persistent:
I launch Activity Monitor
and sure enough, there is indeed a process with that name.
Yet after the last upgrade (to El Capitan) I didn't bother installing either Google Chrome or Google Earth. I confirm this in my /Applications
folder.
But I do see the folder ~/Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
, presumably left from a previous installation. I am puzzled. After looking at my login tasks
I see that Google Earth should not be running at login.
What launched it, and, more importantly, how do I confirm that such a request from an "Update Helper
" is not a trojan?
Update
The answers and comments indicate that what I was asking is not clear. There are four questions/problems that need to be solved in this context. In order of increasing difficulty they are:
- I no longer use Chrome or Earth. How do I remove the Google Software Updater.
- How do I remove any one particular software updater if I no longer use, nor have installed since the last major OS X upgrade, that software?
- Some random window pops up and asks me to enter my password. It's bad enough if my user files are contaminated, but it's a completely different problem if I give a suspect program superuser privileges and take a chance in contaminating the system. How do I confirm which piece of software is popping the window? (And how could something be running without being present in the login tasks? I don't see any root cron jobs. Where else should I be looking?)
- There is a problem with OS X major release upgrades. I upgrade in-place (i.e., without formatting my drive). Both ~/Library and /Library are swelling
(
sudo du -h -s /Library
reports 3.5G andsudo du -h -s ~/Library
reports 4.7G). How do I purge the unnecessary folders?
I meant to ask Q3, but I'll gladly settle for an answer to Q1.
In your answers and comments several people have recommended that this discussion will solve Q1. While that article is indeed very helpful, I don't have the file
~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/\
Resources/GoogleSoftwareUpdateAgent.app/Contents/Resources/install.py
The nearest file I have is
~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/\
Resources/GoogleSoftwareUpdateAgent.app/Contents/Resources/ksinstall
I'm tempted to just wipe out the folder
rm -fr ~/Library/Google/GoogleSoftwareUpdate/
Suggestions?
As others have mentioned, this discussion has some good tips for accomplishing this.
I have not tested any of these solutions as I still frequently use Google Chrome and do not want to delete these files myself.
If your Library contains a install.py
file:
python
~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/Resources/install.py --uninstall
or:
python
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/Resources/install.py --uninstall
If your Library instead contains a ksinstall
file:
~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/Resources/ksinstall --uninstall
or:
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/Resources/ksinstall --uninstall
Test if it worked by running defaults read com.google.Keystone.Agent
. If it worked you should see Domain com.google.Keystone.Agent does not exist
.
Alternatively you can also disable the updater without removing it completely by running:
defaults write com.google.Keystone.Agent checkInterval 0
. The 0
essentially tells the updater to never check for updates.
Problem solved! Check this link out. It uses Terminal to stop the auto updating that is coming directly from Google! I did this about an hour or so ago and the updater never came back. This is for Mac, though!
http://applehelpwriter.com/2014/07/13/how-to-remove-googles-secret-update-software-from-your-mac/