You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How to get rid of TapuFind browser hijacker

How to safely get rid of TapuFind browser hijacker. It is kind of Safari extension which does not have good reputation. I have also mozzila developer edition and it is infected too...


I checked some advices on google but they always try to make me download anti-virus like softwares. However I got confused because there are also information saying that these softwares are not safe either.


So I tried manually. I could not find it among applications as some tutorials said but in MacintoshHD/Users/Shared and there are many folders named like App_(some long crazy name) containing documents MacAppExtensions.app. One of theme had logo of TapuFind. I cleared the whole folder so there was nothing left. I also typed Tapufind in my finder and looked for whatever file related to it and deleted as well.


After that I restarted my safari, cleaned caches and history and after few days TapuFind is back even when nothing new was installed in those days.


Any safe suggestions?


Thank you very much.


Macbook (2016 or later)

Posted on Jan 9, 2019 2:53 AM

Reply
Question marked as Top-ranking reply

Posted on Jan 9, 2019 4:45 AM

From the report:

Configuration Profiles:

    This computer has configuration profiles installed.


1. Remove any Profile you have not installed knowingly.


     Profiles

     System Preferences > Profiles

     How to remove a configuration profile?  https://support.apple.com/kb/PH25680?locale=en_US




2. I am not familiar with this file.


            Executable: /Applications/Microsoft Teams.app/Contents/TeamsUpdaterDaemon.xpc/Contents/MacOS/TeamsUpdaterDaemon

        Details: Restrictive config permissions - possibly adware



You can remove adware using either  one of these two methods.


  1. Using EtreCheck


Run EtreCheck again.

     Scroll up the sidebar and click the “Security” button.



   “Adware” and the “Unsigned” files will be listed on the right hand side pane along with a “Remove” button.

    Click the ”Remove” button wherever you see “adware”.

    Restart your Mac. Launch Safari holding the “Shift” key down.


2. Using “Malwarebytes for Mac”:


     Use  the latest release of MalwareBytes for Mac to remove malware/adware.


     Install guide:       https://support.malwarebytes.com/docs/DOC-1817

     Uninstall Guide:  https://support.malwarebytes.com/docs/DOC-1190


     The installer may ask you to allow it in Security & Privacy  /System Preference. Allow it.


     Click the blue “Scan Now” button.

     When first scan is done, repeat it.


Please let us know the result.

Similar questions

12 replies
Question marked as Top-ranking reply

Jan 9, 2019 4:45 AM in response to petr113

From the report:

Configuration Profiles:

    This computer has configuration profiles installed.


1. Remove any Profile you have not installed knowingly.


     Profiles

     System Preferences > Profiles

     How to remove a configuration profile?  https://support.apple.com/kb/PH25680?locale=en_US




2. I am not familiar with this file.


            Executable: /Applications/Microsoft Teams.app/Contents/TeamsUpdaterDaemon.xpc/Contents/MacOS/TeamsUpdaterDaemon

        Details: Restrictive config permissions - possibly adware



You can remove adware using either  one of these two methods.


  1. Using EtreCheck


Run EtreCheck again.

     Scroll up the sidebar and click the “Security” button.



   “Adware” and the “Unsigned” files will be listed on the right hand side pane along with a “Remove” button.

    Click the ”Remove” button wherever you see “adware”.

    Restart your Mac. Launch Safari holding the “Shift” key down.


2. Using “Malwarebytes for Mac”:


     Use  the latest release of MalwareBytes for Mac to remove malware/adware.


     Install guide:       https://support.malwarebytes.com/docs/DOC-1817

     Uninstall Guide:  https://support.malwarebytes.com/docs/DOC-1190


     The installer may ask you to allow it in Security & Privacy  /System Preference. Allow it.


     Click the blue “Scan Now” button.

     When first scan is done, repeat it.


Please let us know the result.

Jan 9, 2019 6:01 AM in response to petr113

Sorry.

Remove a configuration profile.

The link I posted is not opening the page.


     Profiles


     System Preferences > Profiles


     Launch System Preferences. Do you see any profiles added to the pane at the bottom?



     If you see Profiles listed, click on it. 


     When the Profiles pane opens, select the profile and click the “-“  button at the bottom left corner to remove it.

Jan 9, 2019 4:06 AM in response to petr113

      Download EtreCheck: https://etrecheck.com/maspro.  and post the report here.


      Click “Click to Download” button,  open Downloads folder, click on it to open, and then select ”Open”.

      Click on the bouncing  EtreCheck icon in the Dock.

      “Choose a problem” from the popup menu box, and then “Start EtreCheck” in the dialog.


      Click “Share Report” button in the toolbar, select “Copy to Clipboard” .

      Please  post the report here when you reply.

Jan 9, 2019 4:13 AM in response to dominic23

EtreCheck version: 5.1 (5020)

Report generated: 2019-01-09 13:10:24

Download EtreCheck from https://etrecheck.com

Runtime: 1:50

Performance: Excellent

Sandbox: Enabled

Full drive access: Disabled


Problem: Other problem

Description: 

        Browser Hijacker TapuFind


Major Issues:

    Anything that appears on this list needs immediate attention. 


    No Time Machine backup - Time Machine backup not found.

    Unsigned files - There are unsigned software files installed that could be adware and should be reviewed.


Minor Issues:

    These issues do not need immediate attention but they may indicate future problems. 


    Configuration profiles present - This machine has configuration profiles. These are sometimes used by adware and malware.

    32-bit Apps - This machine has 32-bits apps that may have problems in the future.

    Limited drive access - More information may be available with Full Drive Access.



Jan 9, 2019 4:15 AM in response to petr113


Hardware Information:

    MacBook Pro (13-inch, 2017, Two Thunderbolt 3 ports)

    MacBook Pro Model: MacBookPro14,1

    1 2,3 GHz Intel Core i5 (i5-7360U) CPU: 2-core

    16 GB RAM - Not upgradeable

    BANK 0/DIMM0 - 8 GB LPDDR3 2133 ok

    BANK 1/DIMM0 - 8 GB LPDDR3 2133 ok

    Battery: Health = Normal - Cycle count = 61


Video Information:

    Intel Iris Plus Graphics 640 - VRAM: 1536 MB

    Color LCD 2880 x 1800


Drives:

    disk0 - APPLE SSD AP0256J 251.00 GB (Solid State - TRIM: Yes)

    Internal PCI-Express 8.0 GT/s x4 NVM Express

        disk0s1 - EFI [EFI] 315 MB

        disk0s2 [APFS Container] 250.69 GB

            disk1 [APFS Virtual drive] 250.69 GB (Shared by 4 volumes)

                disk1s1 - Macintosh HD (APFS) (Shared - 124.58 GB used)

                disk1s2 - Preboot (APFS) [APFS Preboot] (Shared)

                disk1s3 - Recovery (APFS) [Recovery] (Shared - 517 MB used)

                disk1s4 - VM (APFS) [APFS VM] (Shared - 3.22 GB used)


Mounted Volumes:

    disk1s1 - Macintosh HD 250.69 GB (122.18 GB free)

        APFS

        Mount point: /

        Encrypted


    disk1s3 - Recovery [Recovery] 250.69 GB (122.18 GB free)

        APFS

        Mount point: /Volumes/Recovery


    disk1s4 - VM [APFS VM] (Shared - 3.22 GB used)

        APFS

        Mount point: /private/var/vm


Network:

    Interface en6: iPhone

    Interface en4: iPad

    Interface en0: Wi-Fi

        802.11 a/b/g/n/ac

        Proxy Auto Discovery

    Interface en3: Bluetooth PAN

    Interface bridge0: Thunderbolt Bridge


System Software:

    macOS Mojave 10.14.2 (18C54) 

    Time since boot: About 20 days


Configuration Files:

    /etc/hosts - Count: 4


Configuration Profiles:

    This computer has configuration profiles installed.


Security:

    GatekeeperEnabled

    System Integrity ProtectionEnabled











Jan 9, 2019 4:16 AM in response to petr113


Unsigned Files:

    Launchd: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Helper-Tool.plist

        Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool

        Details: Exact match found in the whitelist - probably OK


    Launchd: /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

        Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool

        Details: Exact match found in the whitelist - probably OK


    Launchd: /Library/LaunchDaemons/com.microsoft.teams.TeamsUpdaterDaemon.plist

        Executable: /Applications/Microsoft Teams.app/Contents/TeamsUpdaterDaemon.xpc/Contents/MacOS/TeamsUpdaterDaemon

        Details: Restrictive config permissions - possibly adware


    Launchd: /Library/LaunchAgents/com.ysoft.client.agent.plist

        Executable: /Applications/YSoft SafeQ Client.app/Contents/MacOS/YSoft SafeQ Client

        Details: Exact match found in the whitelist - probably OK


    Launchd: /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

        Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/JavaUpdater.app/Contents/MacOS/JavaUpdater -bgcheck

        Details: Exact match found in the whitelist - probably OK


    Launchd: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Java-Updater.plist

        Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/JavaUpdater.app/Contents/MacOS/JavaUpdater -bgcheck

        Details: Exact match found in the whitelist - probably OK


    Launchd: /Library/LaunchDaemons/net.tunnelblick.tunnelblick.tunnelblickd.plist

        Executable: /Applications/Tunnelblick.app/Contents/Resources/tunnelblickd

        Details: Exact match found in the whitelist - probably OK


    Launchd: /Library/LaunchDaemons/com.ysoft.service.DHCPOption.plist

        Executable: /usr/libexec/cups/backend/sqport --dhcp-sync

        Details: Exact match found in the whitelist - probably OK


    Launchd: ~/Library/LaunchAgents/net.tunnelblick.tunnelblick.LaunchAtLogin.plist

        Executable: /Applications/Tunnelblick.app/Contents/Resources/launchAtLogin.sh

        Details: Exact match found in the whitelist - probably OK


32-bit Applications:

    10 32-bit apps


System Launch Agents:

    [Not Loaded] 16 Apple tasks

    [Loaded] 148 Apple tasks

    [Running] 134 Apple tasks

    [Other] One Apple task


System Launch Daemons:

    [Not Loaded] 38 Apple tasks

    [Loaded] 171 Apple tasks

    [Running] 125 Apple tasks

    [Other] One Apple task


Launch Agents:

    [Not Loaded] com.oracle.java.Java-Updater.plist (? a7e56f0b - installed 2018-09-01)

    [Running] com.adobe.GC.AGM.plist (Adobe Systems, Inc. - installed 2018-12-28)

    [Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Systems, Inc. - installed 2018-10-26)

    [Loaded] com.ysoft.client.agent.plist (? 3f61a8bb - installed 2017-06-05)

    [Not Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-12-28)






Jan 9, 2019 11:45 AM in response to petr113

petr 113 wrote:


In the profiles there is only my Eduroam profile for wifi authentication. Do you think there is possibility it can cause the mess?

I got rid of the Teams Microsoft thing and new report is attached
<report 2.log>

If Eduroam is a known configuration profile, we dont have to worry about it.

Is it easy to remove and reconfigure it?



  Use  the latest release of MalwareBytes for Mac to remove malware/adware. 


     Install guide:       https://support.malwarebytes.com/docs/DOC-1817

     Uninstall Guide:  https://support.malwarebytes.com/docs/DOC-1190


     The installer may ask you to allow it in Security & Privacy  /System Preference. Allow it.


     Click the “Scan Now” button. Do another scan. Let us see how it can help us here.



How to get rid of TapuFind browser hijacker

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.