Hi, I have a malware browser called Ultrasearchengine that takes over my computer everyday. I go to my Google chrome preferences and delete the extension and I also delete it from my macbook preferences under "Profiles". It still manages to take over my google chrome default browser changing it to Yahoo the very next day. How can I get rid of this?
MacBook Pro 13", OS X 10.10
Accidentally posted.
My Jan 30, 2020 virus infection and removal experience might be useful.
How to catch the virus
Enter in Google “care solutions for elders”. In the results below the ad, find “Care Solutions for Elders - Home | Facebook”. Clicking on this entry brings you to the Facebook page containing the virus link. Clicking (don't do this) http://www.caresolutionsforelders.com on the Facebook page, after many website switches in the address bar, brings you to the familiar "Your current Adobe Flash Player version is out of date.” Please close the webpage before this.
Adobe plans to end support for Flash Player on December 31, 2020.
In addition to
~/Library/LaunchAgents
/Library/LaunchDaemons
/Library/LaunchAgents
Inspect and repair the browsers Safari, Chrome, and Firefox, the Applications folder, the Downloads folder, and System Preferences.
Downloads
Note the date & time on the Adobe Flash installer, and then delete, along with any other installers with the same time stamp. Empty the Trash.
Applications
Delete the application with the same time stamp. In my case that was “SystemNotes.app”, although the virus perpetuators may vary the name. Empty the Trash.
System Preferences
Delete the profile entry “SmartSignalSearch” in “System Preferences->Profiles”. The name my vary.
Safari
Safari->Preferences->Extensions
Delete the extension with the “SafeSearch” label.
Safari->Preferences->Privacy->Manage Website Data
Delete the cookies immediately related to the spammer site. Use the “Search” box.
“caresolutionsforelders.com”
“tncrun.net”
“trackingsys.tech”
“mainsourceoffreeupdate.best”
“akamaihd.net”
Quit Safari
Chrome
In Chrome preference settings: under “Search engine”. See “chrome://settings/search” in the “Chrome” bar at the top of the page.
Select “Search engine” in the list below “Settings” on the left side of the page.
Find “Search engine used in the address bar”
Click the “Disable” button to the right of the text “SmartSearchSignal is controlling this setting”
Select the desired search engine from the popup list. Do not select the bogus “Default”!
Find “Manage search engines”
Find “Other search engines” appended to the bottom of the list.
Find the search engine labeled “Default Search” which uses the url starting with “http://ikysearchds…”
Click to the right on the three vertical dots and select “Remove from list”
Select “Default browser” in the list below “Settings” on the left side of the page.
Clicking “Make default” will make Google Chrome the default browser launched when clicking on a link in an email.
Safari will no longer launch automatically.
Select “On startup” in the list below “Settings” on the left side of the page.
Find “Open the New Tab page”
Click the “Disable” button to the right of the text “SmartSearchSignal is controlling this setting”
Find “Open a specific page or set of pages”
Find “Any Search” with the text “http://ikysearchds…”
Click to the right on the three vertical dots and select “Remove”
Quit Chrome.
Firefox
Start Firefox, then select Preferences->General.
Delete the “Home Page” text http://lkysearchds4743-a.akamaihd.net/…”, then default home page is Mozella.
Quit Firefox
That’s all of the infection I’ve found so far.
Accidentally posted.
My Jan 30, 2020 virus infection and removal experience might be useful.
How to catch the virus
Enter in Google “care solutions for elders”. In the results below the ad, find “Care Solutions for Elders - Home | Facebook”. Clicking on this entry brings you to the Facebook page containing the virus link. Clicking (don't do this) http://www.caresolutionsforelders.com on the Facebook page, after many website switches in the address bar, brings you to the familiar "Your current Adobe Flash Player version is out of date.” Please close the webpage before this.
Adobe plans to end support for Flash Player on December 31, 2020.
In addition to
~/Library/LaunchAgents
/Library/LaunchDaemons
/Library/LaunchAgents
Inspect and repair the browsers Safari, Chrome, and Firefox, the Applications folder, the Downloads folder, and System Preferences.
Downloads
Note the date & time on the Adobe Flash installer, and then delete, along with any other installers with the same time stamp. Empty the Trash.
Applications
Delete the application with the same time stamp. In my case that was “SystemNotes.app”, although the virus perpetuators may vary the name. Empty the Trash.
System Preferences
Delete the profile entry “SmartSignalSearch” in “System Preferences->Profiles”. The name my vary.
Safari
Safari->Preferences->Extensions
Delete the extension with the “SafeSearch” label.
Safari->Preferences->Privacy->Manage Website Data
Delete the cookies immediately related to the spammer site. Use the “Search” box.
“caresolutionsforelders.com”
“tncrun.net”
“trackingsys.tech”
“mainsourceoffreeupdate.best”
“akamaihd.net”
Quit Safari
Chrome
In Chrome preference settings: under “Search engine”. See “chrome://settings/search” in the “Chrome” bar at the top of the page.
Select “Search engine” in the list below “Settings” on the left side of the page.
Find “Search engine used in the address bar”
Click the “Disable” button to the right of the text “SmartSearchSignal is controlling this setting”
Select the desired search engine from the popup list. Do not select the bogus “Default”!
Find “Manage search engines”
Find “Other search engines” appended to the bottom of the list.
Find the search engine labeled “Default Search” which uses the url starting with “http://ikysearchds…”
Click to the right on the three vertical dots and select “Remove from list”
Select “Default browser” in the list below “Settings” on the left side of the page.
Clicking “Make default” will make Google Chrome the default browser launched when clicking on a link in an email.
Safari will no longer launch automatically.
Select “On startup” in the list below “Settings” on the left side of the page.
Find “Open the New Tab page”
Click the “Disable” button to the right of the text “SmartSearchSignal is controlling this setting”
Find “Open a specific page or set of pages”
Find “Any Search” with the text “http://ikysearchds…”
Click to the right on the three vertical dots and select “Remove”
Quit Chrome.
Firefox
Start Firefox, then select Preferences->General.
Delete the “Home Page” text http://lkysearchds4743-a.akamaihd.net/…”, then default home page is Mozella.
Quit Firefox
That’s all of the infection I’ve found so far.
I can't help with Google Chrome specifically, but such things typically insert themselves into one or more of the following three locations:
~/Library/LaunchAgents
/Library/LaunchDaemons
/Library/LaunchAgents
Examine them.
To open those respective folders, copy and paste the entire line in the Finder's Go menu > Go to Folder... field. For example, the first one should look like this:
... then click the Go button.
A Finder window will open. Take a screenshot showing all that folder's contents, and post it in a reply. To learn how to do that please read the Appendix in the following User Tip: Writing an effective Apple Support Communities question.
Repeat for the other two folders—three in total. Notice their pathnames are all unique.
Please be sure to include or otherwise indicate the name of the folder that corresponds to each screenshot, so that you and I can keep track of which ones they are.
Although you're on the right track by resetting Google Chrome's Preferences and deleting the rogue Profiles those other files need to be identified and eradicated to prevent it from being created again. That requires a methodical approach.
There are many references to fixes for this virus. On Jan 30, 2020 my infection started with a virus piggybacked on a Flash Player update, so beware. Also notice that Adobe plans to end support for Flash Player on December 31, 2020
Great! Thanks for the update.
Thank you for the response. I found the file in Launch agents and have deleted it. Much appreciated!
Malware search engine on Macbook
