How to get rid of TapuFind browser hijacker

Question

Level 1

8 points

How to get rid of TapuFind browser hijacker

How to safely get rid of TapuFind browser hijacker. It is kind of Safari extension which does not have good reputation. I have also mozzila developer edition and it is infected too...

I checked some advices on google but they always try to make me download anti-virus like softwares. However I got confused because there are also information saying that these softwares are not safe either.

So I tried manually. I could not find it among applications as some tutorials said but in MacintoshHD/Users/Shared and there are many folders named like App_(some long crazy name) containing documents MacAppExtensions.app. One of theme had logo of TapuFind. I cleared the whole folder so there was nothing left. I also typed Tapufind in my finder and looked for whatever file related to it and deleted as well.

After that I restarted my safari, cleaned caches and history and after few days TapuFind is back even when nothing new was installed in those days.

Any safe suggestions?

Thank you very much.

Macbook (2016 or later)

Posted on Jan 9, 2019 2:53 AM

Reply

Answer 1

Best reply

dominic23

Level 10

83,904 points

Jan 9, 2019 4:45 AM in response to petr113

From the report:

Configuration Profiles:

This computer has configuration profiles installed.

1. Remove any Profile you have not installed knowingly.

Profiles

System Preferences > Profiles

How to remove a configuration profile? https://support.apple.com/kb/PH25680?locale=en_US

2. I am not familiar with this file.

Executable: /Applications/Microsoft Teams.app/Contents/TeamsUpdaterDaemon.xpc/Contents/MacOS/TeamsUpdaterDaemon

Details: Restrictive config permissions - possibly adware

You can remove adware using either one of these two methods.

Using EtreCheck

Run EtreCheck again.

Scroll up the sidebar and click the “Security” button.

“Adware” and the “Unsigned” files will be listed on the right hand side pane along with a “Remove” button.

Click the ”Remove” button wherever you see “adware”.

Restart your Mac. Launch Safari holding the “Shift” key down.

2. Using “Malwarebytes for Mac”:

Use the latest release of MalwareBytes for Mac to remove malware/adware.

Install guide: https://support.malwarebytes.com/docs/DOC-1817

Uninstall Guide: https://support.malwarebytes.com/docs/DOC-1190

The installer may ask you to allow it in Security & Privacy /System Preference. Allow it.

Click the blue “Scan Now” button.

When first scan is done, repeat it.

Please let us know the result.

Reply

Answer 2

dominic23

Level 10

83,904 points

Jan 9, 2019 6:01 AM in response to petr113

Sorry.

Remove a configuration profile.

The link I posted is not opening the page.

Profiles

System Preferences > Profiles

Launch System Preferences. Do you see any profiles added to the pane at the bottom?

If you see Profiles listed, click on it.

When the Profiles pane opens, select the profile and click the “-“ button at the bottom left corner to remove it.

Reply

Answer 3

dominic23

Level 10

83,904 points

Jan 9, 2019 4:06 AM in response to petr113

Download EtreCheck: https://etrecheck.com/maspro. and post the report here.

Click “Click to Download” button, open Downloads folder, click on it to open, and then select ”Open”.

Click on the bouncing EtreCheck icon in the Dock.

“Choose a problem” from the popup menu box, and then “Start EtreCheck” in the dialog.

Click “Share Report” button in the toolbar, select “Copy to Clipboard” .

Please post the report here when you reply.

Reply

Answer 4

petr113 Author

Level 1

8 points

Jan 9, 2019 4:13 AM in response to dominic23

EtreCheck version: 5.1 (5020)

Report generated: 2019-01-09 13:10:24

Download EtreCheck from https://etrecheck.com

Runtime: 1:50

Performance: Excellent

Sandbox: Enabled

Full drive access: Disabled

Problem: Other problem

Description:

Browser Hijacker TapuFind

Major Issues:

Anything that appears on this list needs immediate attention.

No Time Machine backup - Time Machine backup not found.

Unsigned files - There are unsigned software files installed that could be adware and should be reviewed.

Minor Issues:

These issues do not need immediate attention but they may indicate future problems.

Configuration profiles present - This machine has configuration profiles. These are sometimes used by adware and malware.

32-bit Apps - This machine has 32-bits apps that may have problems in the future.

Limited drive access - More information may be available with Full Drive Access.

Reply

Answer 5

petr113 Author

Level 1

8 points

Jan 9, 2019 4:15 AM in response to petr113

Hardware Information:

MacBook Pro (13-inch, 2017, Two Thunderbolt 3 ports)

MacBook Pro Model: MacBookPro14,1

1 2,3 GHz Intel Core i5 (i5-7360U) CPU: 2-core

16 GB RAM - Not upgradeable

BANK 0/DIMM0 - 8 GB LPDDR3 2133 ok

BANK 1/DIMM0 - 8 GB LPDDR3 2133 ok

Battery: Health = Normal - Cycle count = 61

Video Information:

Intel Iris Plus Graphics 640 - VRAM: 1536 MB

Color LCD 2880 x 1800

Drives:

disk0 - APPLE SSD AP0256J 251.00 GB (Solid State - TRIM: Yes)

Internal PCI-Express 8.0 GT/s x4 NVM Express

disk0s1 - EFI [EFI] 315 MB

disk0s2 [APFS Container] 250.69 GB

disk1 [APFS Virtual drive] 250.69 GB (Shared by 4 volumes)

disk1s1 - Macintosh HD (APFS) (Shared - 124.58 GB used)

disk1s2 - Preboot (APFS) [APFS Preboot] (Shared)

disk1s3 - Recovery (APFS) [Recovery] (Shared - 517 MB used)

disk1s4 - VM (APFS) [APFS VM] (Shared - 3.22 GB used)

Mounted Volumes:

disk1s1 - Macintosh HD 250.69 GB (122.18 GB free)

APFS

Mount point: /

Encrypted

disk1s3 - Recovery [Recovery] 250.69 GB (122.18 GB free)

APFS

Mount point: /Volumes/Recovery

disk1s4 - VM [APFS VM] (Shared - 3.22 GB used)

APFS

Mount point: /private/var/vm

Network:

Interface en6: iPhone

Interface en4: iPad

Interface en0: Wi-Fi

802.11 a/b/g/n/ac

Proxy Auto Discovery

Interface en3: Bluetooth PAN

Interface bridge0: Thunderbolt Bridge

System Software:

macOS Mojave 10.14.2 (18C54)

Time since boot: About 20 days

Configuration Files:

/etc/hosts - Count: 4

Configuration Profiles:

This computer has configuration profiles installed.

Security:

GatekeeperEnabled

System Integrity ProtectionEnabled

Reply

Answer 6

petr113 Author

Level 1

8 points

Jan 9, 2019 4:16 AM in response to petr113

Unsigned Files:

Launchd: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Helper-Tool.plist

Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool