MysteriousStranger

Q: ChumSearch malware/How to get rid of it?

So I accidentally downloaded or somehow ended up with something called ChumSearch, and it's my new default search engine/browser, and i tried just switching it and uninstalling the safari extension, but even after I uninstalled it it's still there. I followed the instructions on this post but they didn't work. Any help would be greatly appreciated (the quickest the better, my parents will kill me if i do anything to my laptop). Thank you!

MacBook Pro (13-inch Mid 2012)

Posted on Mar 22, 2016 7:58 PM

Close

Q: ChumSearch malware/How to get rid of it?

  • All replies
  • Helpful answers

Page 1 of 3 last Next
  • by Allan Eckert,

    Allan Eckert Allan Eckert Mar 22, 2016 8:00 PM in response to MysteriousStranger
    Level 9 (54,010 points)
    Desktops
    Mar 22, 2016 8:00 PM in response to MysteriousStranger
  • by MysteriousStranger,

    MysteriousStranger MysteriousStranger Mar 22, 2016 8:03 PM in response to Allan Eckert
    Level 1 (3 points)
    Mar 22, 2016 8:03 PM in response to Allan Eckert

    that would be the thread that i just linked to and said didn't help. i followed all their advice and it's still there!

  • by MysteriousStranger,

    MysteriousStranger MysteriousStranger Mar 22, 2016 8:16 PM in response to MysteriousStranger
    Level 1 (3 points)
    Mar 22, 2016 8:16 PM in response to MysteriousStranger

    Okay, so I got my homepage/search engine back, now these are my problems:

    • everything is very very slow
    • mackeeper and magabackup were both also installed
    • the applications folder appears to be empty so i can't delete them
    • no search functions are working (spotlight search or the search bars in finder)
  • by ~Bee,

    ~Bee ~Bee Mar 22, 2016 8:42 PM in response to MysteriousStranger
    Level 7 (31,792 points)
    Mac OS X
    Mar 22, 2016 8:42 PM in response to MysteriousStranger

    MS -

     

    If you've got MacKeeper on there, you're in serious trouble.

    And so, you're telling us that your downloaded MalwareBytes, ran it, and it didn't find or delete anything?

  • by MysteriousStranger,

    MysteriousStranger MysteriousStranger Mar 22, 2016 8:55 PM in response to ~Bee
    Level 1 (3 points)
    Mar 22, 2016 8:55 PM in response to ~Bee

    Yes. I did manage to find the contents of the applications folder and I deleted mackeeper and megabackup, though. I'm really not sure how these things work (slightly clueless, as I'm sure you've gathered), is getting rid of them enough? Did they do any lasting damage?

  • by ~Bee,

    ~Bee ~Bee Mar 22, 2016 9:15 PM in response to MysteriousStranger
    Level 7 (31,792 points)
    Mac OS X
    Mar 22, 2016 9:15 PM in response to MysteriousStranger

    DId you download MalwareBytes, install it, and run it?

    (I know this may be confusing, but we're trying our best to help you.)

  • by MysteriousStranger,

    MysteriousStranger MysteriousStranger Mar 22, 2016 9:16 PM in response to ~Bee
    Level 1 (3 points)
    Mar 22, 2016 9:16 PM in response to ~Bee

    yes.

  • by ~Bee,

    ~Bee ~Bee Mar 22, 2016 9:25 PM in response to MysteriousStranger
    Level 7 (31,792 points)
    Mac OS X
    Mar 22, 2016 9:25 PM in response to MysteriousStranger

    If you just deleted MacKeeper, it's still on there.

     

    It would help, at this point, if you downloaded Etresoft (another free very effective little app de

    veloped by a helper here) and run it. Then copy the report, and post it here. It will save tons of time and back and forth posts.

    http://www.etrecheck.com/#about

  • by MysteriousStranger,

    MysteriousStranger MysteriousStranger Mar 22, 2016 9:35 PM in response to ~Bee
    Level 1 (3 points)
    Mar 22, 2016 9:35 PM in response to ~Bee

    EtreCheck version: 2.9.10 (261)

    Report generated 2016-03-23 00:33:27

    Download EtreCheck from https://etrecheck.com

    Runtime 5:37

    Performance: Below Average

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

     

    Problem: Other problem

    Description:

    accidentally downloaded malware?

     

    Hardware Information:

        MacBook Pro (13-inch, Mid 2012)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        MacBook Pro - model: MacBookPro9,2

        1 2.9 GHz Intel Core i7 CPU: 2-core

        8 GB RAM Upgradeable - [Instructions]

            BANK 0/DIMM0

                4 GB DDR3 1600 MHz ok

            BANK 1/DIMM0

                4 GB DDR3 1600 MHz ok

        Bluetooth: Good - Handoff/Airdrop2 supported

        Wireless:  en1: 802.11 a/b/g/n

        Battery: Health = Normal - Cycle count = 706

     

    Video Information:

        Intel HD Graphics 4000

            Color LCD 1280 x 800

     

    System Software:

        OS X Yosemite 10.10.5 (14F27) - Time since boot: about one hour

     

    Disk Information:

        APPLE HDD HTS541075A9E662 disk0 : (750.16 GB) (Rotational)

            EFI (disk0s1) <not mounted> : 210 MB

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 1.03 GB

            Macintosh HD (disk1) / : 748.28 GB (583.35 GB free)

                Core Storage: disk0s2 748.65 GB Online

     

        HL-DT-ST DVDRW  GS31N   ()

     

    USB Information:

        Apple Inc. FaceTime HD Camera (Built-in)

        Apple Computer, Inc. IR Receiver

        Apple Inc. BRCM20702 Hub

            Apple Inc. Bluetooth USB Host Controller

        Apple Inc. Apple Internal Keyboard / Trackpad

     

    Thunderbolt Information:

        Apple Inc. thunderbolt_bus

     

    Gatekeeper:

        Mac App Store and identified developers

     

    Kernel Extensions:

            /Library/Extensions

        [loaded]    com.movavi.driver.SoundGrabber (1.6.5 - SDK 10.9 - 2016-03-22) [Support]

     

            /System/Library/Extensions

        [not loaded]    com.nike.sportwatch (1.0.0 - 2016-03-22) [Support]

        [not loaded]    com.wacom.kext.pentablet (5.3.0 - SDK 10.8 - 2016-03-22) [Support]

     

    System Launch Agents:

        [not loaded]    5 Apple tasks

        [loaded]    146 Apple tasks

        [running]    61 Apple tasks

     

    System Launch Daemons:

        [not loaded]    47 Apple tasks

        [loaded]    136 Apple tasks

        [running]    79 Apple tasks

     

    Launch Agents:

        [loaded]    com.google.keystone.agent.plist (2016-03-02) [Support]

        [running]    com.nike.nikeplusconnect.plist (2013-05-08) [Support]

        [not loaded]    com.oracle.java.Java-Updater.plist [Support]

        [running]    com.wacom.pentablet.plist (2012-10-29) [Support]

     

    Launch Daemons:

        [loaded]    com.adobe.fpsaud.plist (2016-03-07) [Support]

        [loaded]    com.google.keystone.daemon.plist (2016-03-02) [Support]

        [loaded]    com.malwarebytes.MBAMHelperTool.plist (2016-03-22) [Support]

        [not loaded]    com.oracle.java.Helper-Tool.plist [Support]

     

    User Launch Agents:

        [loaded]    com.adobe.ARM.[...].plist (2014-10-27) [Support]

        [running]    com.spotify.webhelper.plist (2016-03-08) [Support]

        [loaded]    com.valvesoftware.steamclean.plist (2015-10-15) [Support]

     

    User Login Items:

        iTunesHelper    Application Hidden (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

        AdobeResourceSynchronizer    Application Hidden (/Applications/Adobe Reader.app/Contents/Support/AdobeResourceSynchronizer.app)

        BambooCore    Application  (/Library/Application Support/Wacom/BambooCore.app)

     

    Other Apps:

        [running]    com.google.GoogleTalkPluginD.81824.E528A622-33FF-4094-8B52-E4CA85315B47

        [loaded]    com.mackeeper.MacKeeper.service.clean

        [running]    com.wacom.BambooCore.63648

        [running]    com.wacom.Consumer_TouchDriver.15084

        [running]    com.wacom.TabletDriver.5144

        [loaded]    369 Apple tasks

        [running]    169 Apple tasks

     

    Internet Plug-ins:

        o1dbrowserplugin: 5.41.3.0 - SDK 10.8 (2016-01-23) [Support]

        WacomNetscape: 2.1.0-1 - SDK 10.8 (2012-10-29) [Support]

        Unity Web Player: UnityPlayer version 4.3.1f1 - SDK 10.6 (2014-02-23) [Support]

        Default Browser: 600 - SDK 10.10 (2015-07-16)

        OfficeLiveBrowserPlugin: 12.3.4 (2012-10-15) [Support]

        WacomTabletPlugin: WacomTabletPlugin 2.1.0.2 (2012-10-29) [Support]

        AdobePDFViewerNPAPI: 11.0.10 - SDK 10.6 (2014-12-09) [Support]

        FlashPlayer-10.6: 21.0.0.182 - SDK 10.6 (2016-03-10) [Support]

        Silverlight: 5.1.10411.0 - SDK 10.6 (2014-07-23) [Support]

        Flash Player: 21.0.0.182 - SDK 10.6 (2016-03-10) [Support]

        QuickTime Plugin: 7.7.3 (2015-09-16)

        googletalkbrowserplugin: 5.41.3.0 - SDK 10.8 (2015-12-11) [Support]

        AdobePDFViewer: 11.0.10 - SDK 10.6 (2014-12-09) [Support]

        DirectorShockwave: 11.6.6r636 (2012-08-09) [Support]

     

    Safari Extensions:

        Tumblr Savior-1 (2012-08-21)

        Reddit Enhancement Suite (2014-12-30)

     

    3rd Party Preference Panes:

        Flash Player (2016-03-07) [Support]

     

    Time Machine:

        Time Machine not configured!

     

    Top Processes by CPU:

           100%    mds

            10%    WindowServer

             8%    com.apple.WebKit.WebContent(3)

             4%    Safari

             2%    kernel_task

     

    Top Processes by Memory:

        795 MB    com.apple.WebKit.WebContent(3)

        733 MB    kernel_task

        246 MB    Safari

        197 MB    spindump

        180 MB    Finder

     

    Virtual Memory Information:

        2.13 GB    Free RAM

        5.87 GB    Used RAM (1.92 GB Cached)

        0 B    Swap Used

     

    Diagnostics Information:

        Mar 22, 2016, 10:30:51 PM    Self test - passed

        Mar 22, 2016, 08:45:47 PM    ~/Library/Logs/DiagnosticReports/com.apple.WebKit.WebContent_2016-03-22-204547_ [redacted].crash

            /System/Library/StagedFrameworks/Safari/WebKit.framework/Versions/A/XPCServices /com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

        Mar 21, 2016, 02:34:26 AM    /Library/Logs/DiagnosticReports/WindowServer_2016-03-21-023426_[redacted].crash

            /System/Library/Frameworks/CoreGraphics.framework/Versions/A/Resources/WindowSe rver

        Mar 20, 2016, 12:51:25 PM    ~/Library/Logs/DiagnosticReports/com.apple.WebKit.WebContent_2016-03-20-125125_ [redacted].crash

  • by ~Bee,

    ~Bee ~Bee Mar 22, 2016 9:38 PM in response to MysteriousStranger
    Level 7 (31,792 points)
    Mac OS X
    Mar 22, 2016 9:38 PM in response to MysteriousStranger

    MS --

     

    MacKeeper is still on there.

    Please run Malwarebytes again.

     

    I will try to contact the developer for you.

  • by MysteriousStranger,

    MysteriousStranger MysteriousStranger Mar 22, 2016 9:40 PM in response to ~Bee
    Level 1 (3 points)
    Mar 22, 2016 9:40 PM in response to ~Bee

    I ran it again, it still says it found nothing.

  • by seventy one,

    seventy one seventy one Mar 23, 2016 2:05 AM in response to MysteriousStranger
    Level 6 (15,282 points)
    Peripherals
    Mar 23, 2016 2:05 AM in response to MysteriousStranger

    As `Bee says, you still have Mackeeper.    Let's see what others say, but you may have to formally download it again then delete it as per their instructions.   This should remove both the new and the old.

     

    You should also get rid of valvasoftware.steamclean.    It is of little benefit for you and has been involved in other slowdowns if my memory serves me correct.

     

    The mds at 100% is likely most of your problem but the only resolution I have found includes terminal commands that I am always reluctant to pass on.   It is so easy to mess up your machine unless you really know what you are doing.   One thing that will have to be done is re-index spotlight. 

     

    Perhaps someone else can step in and help here ... particularly regarding terminal.

  • by turingtest2,

    turingtest2 turingtest2 Mar 23, 2016 4:49 AM in response to MysteriousStranger
    Level 10 (87,660 points)
    Apple TV
    Mar 23, 2016 4:49 AM in response to MysteriousStranger

    I rather suspect this entry will be for something unwanted:

    o1dbrowserplugin: 5.41.3.0 - SDK 10.8 (2016-01-23) [Support]

     

    Sadly I don't know how you go about blocking it.

     

    tt2

  • by Eric Root,

    Eric Root Eric Root Mar 23, 2016 5:57 AM in response to MysteriousStranger
    Level 9 (73,351 points)
    iTunes
    Mar 23, 2016 5:57 AM in response to MysteriousStranger
Page 1 of 3 last Next