Safe Finder took over my computer - now can't remove it or change homepages

There are no logins that are connected to anything unknown

Also, this is now showing up in my quarantined malware for MalwareBytes:

sisinfo.plist

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>isExist</key>

<string>YES</string>

</dict>

</plist>

And this shows that there are no extensions in Safari:

And finally, This shows the Greyed out homepage...

Thx for the instructions, but I had run the Makware program before I posted this text. It didn’t even find Safe Finder. It was the latest version that I downloaded to find the Malware. I have the trial 14 day version running and it still doesn’t find it. Etre check did not find it either. When I open chrome it opens with safe finder although it has been moved to trash and the trach emptied. Safari opens and a Blank window but the homepage is grayed out and it goes to an e-click ad site. I have also cleared out my history and all the websites and the cache for cookies. I also restarted the whole computer and the started Safari holding the Shift key down.

Safe Finder is still in Chrome and Safari is still being held captive by this malware :-(

I have walked through all the manual instructions on how to remove Safe Finder. I continue to get the same file quarantined by MalwareBytes sisinfo.plist. This is the 15th one today. But Safe Finder is still there --

It's NOT in my Apps and it's not in any of the extensions. It does not "show up" anywhere except the browsers... Here is the plist:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>isExist</key>

<string>YES</string>

</dict>

</plist>

As I said in my previous posts, and I certainly understand that you don’t necessarily read all of them, I have done all of the things that you have suggested. There are no other profiles. I have cleaned out my cachet. I have emptied my history. I have deleted all my cookies. I emptied my trash. I ran etrecheck and it found nothing. Malwarebyes quarentines only one file. I have been on the phone with Apple and they can’t seem to help me yet. I am to call them again tomorrow. I have gone through Malwarebytes and actually even tried to contact them but their website continues to freeze when I fill out the “contact us” form. I have gone through all the suggested manual deletes. I have deleted the profile in my systems preferences that came up as an unknown circle with a checkmark in it. There are no extensions in my Safari or my chrome browsers . I found a yahoo browser hidden in my computer users specific HD applications and I deleted that. Still this is in my system hiding someplace.

I do thank you for your suggestions though. I have already done them.

Under Macintosh HD/user/computer/library/preferences I found a series of questionable plist files. I searched the name of the hijacked homepage and found files with the names in them. Also I found this.

www.homesweeklies.com/homepage/ or some file called "key chain reauthorize" seems to be in most of these folders. There’s also a "keyboard tracking" wording on the keyboard file. See below For chrome, I think.

"KeychainReauthorizeInAppSpring2017_!NSNavPanelExpandedSizeForSaveMode_"NSNavPanelExpandedStateForSaveMode_!NSNavPanelExpandedSizeForOpenMode_NSNavLastRootDirectory_)KeychainReauthorizeInAppSpring2017Success_NewTabPageLocation_LastRunAppBundlePath_(NSNavLastUserSetHideExtensionButtonState[{1390, 730} Z{704, 459}Y~/Desktop _whttp://search.getstranto.club/newTab/8080/1391/00549/195/UnitedStates/US/08688437/B15F64C9-8034-5AF5-8166-454FCB4D6009_/Applications/Google Chrome.app@dâ≠∆ÚIKWXcmnË

Maybe I need a new plan of action. Apple seems unable to assist me so far. I have a tech person who has to check with her supervisor after each question I pose. I have sent several files where I see the malware hiding. Malwarebytes is not picking it up. It does pick up one file (I included previously here).

I have walked through the getting-rid-of-malware processes a few times.

I tried to RESTORE Safari from TimeMachine from the day before all this started, but I am unable to restore any of the Apple products.

Safari is still unable to allow for resetting the homepage, although I must have deleted one of the plists because now it does not have the "homesweeklies.com" as the greyed out homepage.

I have found suspect files in Launch Agents, Launch Daemon and several plists.

I uninstalled and reinstalled Chrome - I can now at least open with about:blank and get a blank page.

When I restarted my computer, I got 143 items dumped onto the desktop seemingly copied from Trash, Dropbox, Google Drive.

I am wondering if I have to wipe my system clean and then hope that time machine can reinstall from the day before all this occurred. Does this look like the only thing that will help?

Again, thank you for this community!

I guess I am confused because when I click on these, programs come up to say to download. You also wrote NOT to download any other programs. So I apologize if I am missing the manual download.