Remove Adware from Safari

What is the computer doing that makes you think you have adware?

It will be hard to suggest what to do without using some 3rd party software since we have no idea of what is on your computer. The two most recommended programs are Etrecheck and for removal, Malwarebytes.

Try running this program in your normal user account, then copy and paste the output in a reply. The program was created by etresoft, a frequent contributor.  Please use copy and paste as screen shots can be hard to read. Click “Share Report” button in the toolbar, select “Copy Report” and then paste into a reply. This will show what is running on your computer. No personal information is shown. 

Etrecheck – System Information    10.10 and later

If the log won’t post, try posting it in Pastebin and provide a link in a reply        Pastebin

or Malwarebytes as suggested above.

Quoting from below linked article

"If you might have installed adware or other unwanted software on your Mac

If you see pop-ups on your Mac that just won’t go away, you might have inadvertently downloaded and installed adware (advertising-supported software) or other unwanted software. Certain third-party download sites might include programs that you don’t want with the software that you install.

If you think that you might have malware or adware on your Mac, update to the latest version of macOS. If your Mac is already running the latest version, restart it. macOS includes a built-in tool that removes known malware when you restart your Mac.

Check your Applications folder to see if you have any apps that you didn’t expect and uninstall them. If you continue to see advertising or other unwanted programs on your Mac, contact Apple.'

How to block pop-ups in Safari - Apple Support

When you restart your Mac, Adware Removal Tool built in by default in macOS kicks in.

Manually removing every bit of malware is an impossible task.

Malware vendors add files to many folders.

They mimic Apple file names.

Even though I know where this files can be placed, I will never be sure of the file name to be deleted.

I wouldn't dare name a file to be removed that may damage your system and may require a reinstall of macOS to correct.

Apps like Malwarebytes for Mac and EtreCheck have access to databases that can identify genuine Apple files and malware files.

These two apps are developed for helping Apple Support Community members first.

Developers of these apps are active members of this community.

When you visit these sites, you will never see a third party ad and is not ad supported.

Times have changed.

Automating the task with reliable, responsible and effective apps is the way to go.

 1. Use  the latest release of Malwarebytes for Mac to remove malware/adware installed on your Mac.

     Install guide:       https://support.malwarebytes.com/docs/DOC-1817

     Uninstall Guide:  https://support.malwarebytes.com/docs/DOC-1190

     The installer may ask you to allow it in Security & Privacy  /System Preference. Allow it.

     Click the “Scan Now” button.

     Repeat the scan please.

     Once done quit Malwarebytes for Mac.

     Restart the computer, relaunch Safari holding the shift key down.

     Remove unknown profiles (1), unknown extensions(2), reset search engine (3) and reset Homepage (4 & 5)

     listed under Additional steps.

2. Additional steps to take, if necessary.

  1. Remove unknown profiles.

      System Preferences > Profiles

      Open System Preferences, click the “Profiles” icon ( a checkmark on a gear) .

      When Profiles pane opens, select the unknown profile and click the minus button at the bottom.

  2. Remove unknown extensions: https://support.apple.com/guide/safari/use-safari-extensions-sfri32508/mac

  3. Reset search engine:    https://support.apple.com/guide/safari/customize-your-search-ibrwe75c2a3c/mac

  4. Reset  Homepage.   https://support.apple.com/guide/safari/set-your-homepage-ibrw1020/mac       

   5. Ref: https://forums.malwarebytes.com/topic/236261-how-to-remove-weknow-malware-and-others/

Manual method to remove malware .

First open Activity monitor via spotlight , search the malware name select it and click on cross sign to quit so that it will stop running in the background .

Go to system preferences and click on users and groups open the pad lock by entering admin name and password ( in case if it is an admin account ) , select login items , if you see unknown app select it and click on minus sign to get deleted .

In system preferences itself click on Security and privacy , click on Accessibility then privacy select the unknown app click on minus sign to get deleted .

Click on finder and search in Applications and download folder . 

The next step would be enter in System Library .

Click on Finder , take cursor on top menu bar click on Go - Computer - Macintosh HD - Library 

You have to manually search malware in some folders where they reside .

1.Application Support 

2.Caches 

3.LaunchAgents

4.LaunchDaemons

5.Logs 

6.PriviledgedHelperTools

7.Startup-items

8.Receipts

9.Preferences - the plist of malware is to be removed , if there is com.apple .xxxx .plist.lockfile or com.apple.xxx.plistlockfile its an indication ( xxx denotes malware .plist ) and the small folder before it will turn black it's a symptom of the malware , and it could also be com.apple.xxx.plist 

10.Extensions

11.Frameworks

12.internet Plug -ins

13.Input Methods

14.ScriptingAdditions

Then enter in User library - click on finder > Go > hold option key > Library

Search Malware in folders 

1.Application Support 

2.Caches

3.Cookies

4.Safari

5.Logs

6.Saved Application State

7.LaunchAgents

8.Internet Plug -ins

9.Input Methods

10.Preferences - com.apple.xxx.plist ( xxx - denotes the malware .plist ) 

11.Containers are also to be checked .

Then again click on Finder - Go - Macintosh HD - System - Library - Frameworks - search the malware in Framework folder .

Right click on malware from the above folders and move to the trash , restart the computer and empty the trash .

What is your objection to third-party software?

Installing and running Malwarebytes is likely the fastest and easiest way to manage your problem -- https://www.malwarebytes.com/mac-download/ .