User profile for user: jazzygram
jazzygram Author
User level: Level 1
5 points

the secure Aviator Browser is available for Mac. How do I remove it?

I do not remember installing it. It showed up in my Utilities/Disk Utility. When rebooting from shutdown a folder with a ? in the center of it flashes and the only way my Mac will startup is by disconnecting from power for 30 mins or more. Yesterday day I spent several hours cleaning machine,after installing Onyx. I was able to remove the Aviator with the com.whitehatsec.aviator.dmg. It is back today following another cleaning with Onyx. I must have checked something in the preferences of Onyx that restored it It will not erase or eject using my Disk Utility. When using Verify Disk it stips saying that it is not live supported.

After removing it yesterday reboot was fine without the ?folder flashing. Please help me remove this for good. Thank you so much.

iMac, OS X Mavericks (10.9.3)

Posted on Jun 7, 2014 2:50 PM

Reply
11 replies
Sort By: 
User profile for user: Carolyn Samit
Carolyn Samit
User level: Level 10
165,685 points

Jun 7, 2014 3:01 PM in response to jazzygram

You need to contact Aviator Browser support for uninstall instructions > WhiteHat Aviator - The most secure browser online



When you see the ? on boot, it means your Mac cannot locate a system folder to boot from.


Statup your Mac while holding down the Option key. That should launch the Startup Manager window where you can select the startup disk then click Restart.


A flashing question mark appears when you start your Mac

Reply
User profile for user: jazzygram
jazzygram Author
User level: Level 1
5 points

Jun 11, 2014 3:07 PM in response to Carolyn Samit

Thank you for this info which did solve the reboot problem. To the right of the Snow Leopard startup disk is a disk called 'Recovery 10.9.2. Is there any way to remove this? It is not in my Utilities/Startup Disk only on screen when using the options button on startup.

Reply
User profile for user: solmaker
solmaker
User level: Level 1
4 points

Jul 2, 2014 2:28 AM in response to jazzygram

I am having some of the same problems futilely trying to remove Whitehat Aviator. It seems it may be a TROJAN, possibly associated with Google. According to the following review, Aviator is built on Chromium, reports itself to be Chrome, and imitates Chrome:

http://tosbourn.com/review-whitehat-aviator/


Whenever I try to remove com.whitehatsec.aviator.dmg from my Library/Caches so that it doesn't show up in Disk Utility, I can't empty the trash without rebooting because it's claimed to be actively in use. After trashing, it always comes back into some variant of Library/Caches/UpdateEngine-Temp or UpdateEngine.503, which is a mechanism used by Google Update Engine. I trashed my only two Google programs (Chrome and Earth), but these unwanted updates are still happening. I wonder whether Whitehat Aviator has insinuated itself as malware into Google's update mechanism by pretending to be Chrome.


In any case, I don't trust Whitehat Aviator and want it off my system. Unfortunately, whitehatsec.com doesn't provide an uninstaller, support forum, or much of anything without setting up an account with them. There is very little hard useful information on their website, just hype about how virtuous they are.

Reply
User profile for user: solmaker
solmaker
User level: Level 1
4 points

Jul 2, 2014 3:02 AM in response to jazzygram

Further searching turned up the following:


Library/Aviator (containing com.aviatorupdate.agent, RunUpdate, UpdateAviator, etc.)

Library/Caches/Aviator

Library/Caches/AviatorEngine

Library/Caches/UpdateEngine-Temp/com.whitehatsec.aviator.dmg-etc.

Library/Caches/UpdateEngine.503/Downloads/com.whitehatsec.aviator.dmg

Library/LaunchAgents/com.aviator.agent.plist


After trashing all these questionable files, rebooting, and emptying trash, I think I may have finally removed the Whitehat plague off my system. As an additional benefit, my Mavericks system no longer hangs for a minute with a spinning wheel on shutdown!

Reply
User profile for user: Copa2
Copa2
User level: Level 1
0 points

Jul 2, 2014 2:21 PM in response to solmaker

Begin forwarded message:


From: Apple Support Communities Updates <discussions-updates@apple.com>

Subject: https://discussions.apple.com/iMac (Intel) - the secure Aviator Browser is available for Mac. How do I remove it? https://discussions.apple.com/v16fmp-3k7oo-fm85m

Date: July 2, 2014 at 5:28:15 AM EDT

To: Copa2

Reply-To: discussions-replies <discussions-replies@apple.com>


>


<Email Edited by Host>

Reply
User profile for user: babowa
babowa
User level: Level 9
78,489 points

Jul 2, 2014 4:46 PM in response to jazzygram

You should not remove the recovery partition. It is a hidden recovery system (by design) with Mavericks to help you boot from Apple's servers in case you need to wipe your drive and/or reinstall your OS. It will show in the Startup Manager (holding Option key while rebooting) and it can also be activated by holding the Command + Option + R keys during bootup.

Reply
User profile for user: Second MUYB
Second MUYB
User level: Level 1
16 points

Oct 19, 2014 4:37 PM in response to solmaker

There's one extra thing you have to check. Go into Terminal, and do "ls /Volumes"


Aviator (or whatever this thing is) does a covert, persistent mount which you can discover in Disk Utility, or by doing the above in terminal. You will also find it doesn't want to unmount, you have to force it. Use "sudo unmount force " plus the name of the drive (the quickest way is to type "com." and hit the Tab key for the shell to auto-complete - saves typing). Once you've ripped the drive out of the system you can go clean up, because it refreshes itself from that location (you can see it in the scripts on that drive). Without the resource, no refreshing. Then do a complete reboot and check if it doesn't mount itself again (I'm not aware where OSX lists what to mount on bootup, it doesn't follow the usual Unix convention of having a list somewhere in /etc - would appreciate it if someone could enlighten me).


I think I'm going to check where my Hands Off! license is - time to shut the gates properly by denying disk writes as well as network connections..

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

the secure Aviator Browser is available for Mac. How do I remove it?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up