Zeobit Mackeeper Vsearch Pop Up Browser Hijack

If you have problems again, there's a much easier and faster way to delete malware ...

Download and run the adware removal tool here > The Safe Mac » Adware Removal Guide

Safe and only takes a minute or two.

It won't be necessary to reset your Safari preferences using the removal tool.

Thanks for the detailed report of your experience.

The only defense against adware is its recognition and avoidance. For an explanation or how this may have occurred, how to avoid it in the future, and for one possible solution read How to install adware.

There are so many 'recommendations' for programs to help with this problem that actually make things worse.

Yes there are.

tandrewsdds wrote:

if a trusted and reliable company like McAfee doesn't have a program to fix this issue then why would a little no name company, and why would they give it away free??

Because Companies like McAfee produce scanners that look for malware, not adware. I realize that adware is annoying, but it's not trying to do anything harmful to your computer. Some of these applications are actually signed with a valid Apple Developer ID which Apple has so far declined to revoke.

Advertising is the only thing that keeps the Internet free, so unless we are all willing to pay for searches, news, weather, blogs, downloads, etc. then something has to pay the bills. As more and more of us install ad blockers, advertisers must resort to more intrusive means of getting us to click on things. I don't like it any more than you do and would be more than willing to pay my way out of it, but I know I'm in the minority with that one. Sorry, but we can't have our cake and eat it too.

As far as those other removal apps, the one from TheSafeMac was the original and still champion. As far as I know the others were clones of the original one that only removed Genieo and have not been kept up-to-date. You can check up on the author thomas_r. here in the forum as it's malware guru for over eleven years. I doubt that it will ever be in the AppStore as Apple is normally not going to allow any program to do all the things the ART does. It also takes a long time to get even an update of an application approved and posted to the AppStore and right now the Adware scene changes almost daily, so he would never be able to keep it as up-to-date as it is today. Thomas is a colleague of mine and I collaborate with him almost daily, mostly on malware but recently the bigger problems have been with adware, as I'm sure you recognize.

EasyFind and Find Any File are great if you know what you are looking for and I use both extensively, but most of the adware files have names that are not associated with what you see in your browser. Even finding the correct browser extension in Firefox and Chrome is impossible with search utilities.

tandrewsdds wrote:

Once in the trash I suggest using the 'Secure Empty Trash' option to get rid of the files instead of simply just emptying the trash. This is because when you hit empty trash you may get a alert that says certain files cannot be deleted because they are in use or the need another file, etc....

Most of the time we recommend you either log out and back in (or sometimes even reboot) to kill those processes before trying to empty the trash.

I have found the exact same malware you describe to be hosted on a number of allegedly trusted websites including the Merriam-Webster dictionary. It's not a resource I typically use but it is one example of a site people might characterize as respectable.

Adware is to be expected from lowbrow websites but what constitutes that is a matter of opinion. Generally speaking though, it includes most "news" sites and nearly all "entertainment" sites. That about covers 99% of the Internet.

Adware has recently emerged as a significant revenue source for the companies that distribute it. Their willing accomplices are the companies distributing garbage "cleaning" products like MacKeeper and CleanMyMac. Adware's primary enabler is Google, since they're the undisputed King of collecting and maintaining a record of who you are and what you do - including the fact you're using a Mac.

Read these excerpts from some of their websites:

Genieo / InstallMac: "InstallMac is the first and leading Mac Software network specializing in the full monetization of the download process. ... InstallMac is a delivery and installation platform which performs and optimizes the installation of softwares applications developed and/or published by independent software vendors (“ISV’s”)."

Softwares applications, ok.

Yontoo (defunct): "Yontoo is a browser add-on that horizontally crosses the internet rather than the standard vertical website archive."

Huh?

Spigot (Searchme / Slicksavings / eBay & Amazon "shopping assistants"): "Increase your revenue and maximize the monetization potential of your user base with Spigot’s powerful search add-ons. With our simple integration process, complete browser and OS support, and stable, long-standing strategic partnerships with the World’s largest search engines, we can help you unlock the revenue potential of your users and dramatically increase your top and bottom line."

If the above excerpts evoke memories of Enron or Worldcom's 10-K filings you're not alone.

Q. Are Spigot Mac Extensions or SearchMe malware?

A. No, Spigot extensions and SearchMe are not malware. Spigot Mac extensions and SearchMe do not and will never harm your computer. They come bundled with software you have previously purchased or downloaded – and can quickly be uninstalled. To uninstall Spigot Mac extensions follow the instructions above.

Right.

Who benefits from the use of these products? Hint: not you.

The only way to convince end users to download and install these products is through deception.

...

Do you ever notice that many recommendations to use certain software appear to be cut and paste jobs?? That is to say it's not someone who is trying to really help but just sell you software.

Certainly. The "safest" source for Mac software is the Mac App Store. Having said that there are an abundance of completely useless apps on the App Store, but at least they won't cause any permanent adverse effects. You can choose to obtain Mac software from other sources, but you simply have to be mindful of their potential for harm. The defense against that possibility falls to you. Does the source appear to be reliable? Knowledgeable? Literate? Details matter, no more so than with software in which a single misplaced character can result in disaster.

Downloading anything from some random popup window that recommends it is always a bad idea. Installing a magical cure-all to fix problems caused by other magical cure-alls is also a bad idea.

I really just wish apple, google or microsoft would just solve this problem directly in their programs, there should be no need for 3rd party programs.

The only way Apple is going to do that is to prevent system modifications entirely, in a manner similar to iOS. At present Mac users are still free to trash their systems to the extent they wish, given an Administrator's name and password. Apple's Gatekeeper is available for you to use as you see fit.

The adware you referenced requires a user's consent. Their respective end user license agreements state explicitly what they're going to do. Of course no one bothers to read them. If they did, they failed to comprehend them. Otherwise, they would never have installed the garbage to begin with.

As for Google and Microsoft, they are the problem.

I would like to know what the distinction is between 'malware', and 'adware' because when I lose control of my browser and functions such as search tools it's no longer just annoying.

Discussing the differences is an academic exercise that is not likely to be productive. Whatever you want to call it, Mac malware is not the product of spontaneous generation. If you don't want garbage on your Mac, don't install it. Don't blindly supply your password to some popup that demands it. Think before you act, know what you're about to do, and have a contingency plan to address consequences you do not expect. The User Tip I posted illustrates the effects of failing to observe those common-sense principles.

... companies like McAfee make programs their consumers want and will pay for, so if a adware program hijacks my browser I want and will pay for a way to easily remove it, therefore it should behoove them offer such a program with their existing software suites.

McAfee is trash, as are all the other commercial "anti-virus" programs for the Mac, whose relative worthlessness vary only by degree. They are completely ineffective against the kinds of threats that exist today, a fact that Symantec admitted a short time ago, declaring "anti-virus" software "dead" while petulantly admitting the real reason is that it doesn't make any money.

AV companies built their empires on the inherently virus-prone Windows platform, and they're desperate to assert their continued relevance in a world that is rapidly becoming dominated by mobile devices and iOS. One day Apple may decide to make OS X just as impervious to modifications as iOS, and the epoch in computer history marked by the dominance of Windows and its predilection for viruses will finally end.

tandrewsdds wrote:

I would ask for feedback, there may be things that I missed however my browsers are working perfect again.

Before I forget again, I remembered something in the middle of trying to get some sleep.

VSearch is sometimes called the Downlite adware and there are two files that don't contain "vsearch" that you probably missed.

/Library/LaunchDaemons/Jack.plist

/Library/PrivilegedHelperTools/Jack

tandrewsdds wrote:

I would like to know what the distinction is between 'malware', and 'adware' because when I lose control of my browser and functions such as search tools it's no longer just annoying.

I basically agree with John that it's an academic discussion which may or may not be worth discussing, but since you asked I will try to lay out my own interpretation of the differences and why it matters.

To me the dividing line lays in the motivation of the developer when writing such things. I think you would agree that if they are out to steal something from you (e.g. login credentials, credit card numbers, ID theft, money) that's clearly malware and is something every single A-V software scanner is looking for. At the other extreme are applications either given away or sold at low cost which depend strictly on advertising to make their money honestly. Examples are Google, Yahoo, AOL and early versions of Genieo which was a simple and configurable news site tailored to your desires. My guess with the latter was that when adblockers prevented them from turning a profit, they partnered up with Installmac, Omnibar and eventually C|Net download.com and Softonic to aggressively or intrusively force advertising on users to pay the bills.

Another way of looking at it is how these ends are accomplished. Malware attempts to install itself either by exploiting a known vulnerability in your software suite (browser, flash, java, etc.) in a way that you never have to approve it or even know that it's been installed until it affects your computer experience (ads, crashes, outgoing communications, etc.) or to trick you through a Trojan into thinking you need to install or look at something else. Examples here are codecs to view a video, FlashPlayer or Java updates, package delivery receipts or instructions, fake images or pdf files and many others. Adware, on the other hand almost always asks you to opt-out of installer such software, often as unobtrusively as possible, hoping you won't even read it, but it then becomes your fault and the developer is observed of all legal responsibility for any damage to your computer or unhappiness on your part. The fact that your browser no longer operates the way it used to is your fault, not the adware distributor. So A-V scanners either ignore this type of software altogether or identify it as something potentially unwanted and leave it's removal up to you.

I'm actually surprised that your friend Thomas has not sold his program to a large company if it works so well.

I don't think it's in his DNA to do so. For most of his years here in the ASC and with regard to his web site he contributed everything for free and has only recently decided that it was taking enough time away from his paying job to accept contributions. I know there was a huge increase in these donations after his ART came out and wouldn't be surprised to hear that it fully pays for both his site and his time these days, it's been that popular. I'm just not sure what company would be interested given the industry.

BTW, this is probably a good time to point out that users with a minimal understanding of AppleScript can always determine exactly what the program does by opening it in AppleScript Editor. Of course, that also means someone can harvest all his ideas and use them to produce their own version, which has occurred. Unfortunately he has just about reached the limits of what AppleScript is able to do with regard to analyzing files and I expect a more robust approach will show up in the near future making such transparency no longer available.

I really just wish apple, google or microsoft would just solve this problem directly in their programs, there should be no need for 3rd party programs.

I certainly agree with that. I may have mentioned earlier that a couple of us have approached Apple directly about being more aggressive in the screening of browser extension which most adware is, but so far they have both declined to address the issue and refused to revoke the Developer ID's of some of the apps and installers that are registered with them. Clearly Apple makes some of their money through advertising themselves, so this represents somewhat of a slippery slope for them.

As far as Google is concerned, their Android model is a security nightmare and there are a lot of folks trying to figure out how to deal with all that, so I doubt that they will put any more resources into addressing Browser issues in the near timeframe. MicroSoft seems to have finally woken up after all these years. But they still have a steep climb ahead of them and I think the ghost of XP will be with them for much longer than they ever planned.

I was actually having the exact same problem. I tried the 'The Safe Mac' application and it appears to have worked. Thank you Carolyn Samit for posting it and MadMacs0 for recommending it. I'll let you know if the problem returns, but all looks good so far. Thanks! 🙂

I would actually feel much better downloading a program like that for money then getting it free, as the expectations change as soon as you give someone cash. When the program is being given away free the developer can justify some of their dubious actions, selling data, Adware, etc....

I'm actually surprised that your friend Thomas has not sold his program to a large company if it works so well.

If you do not trust Thomas' site, then frankly, I'm a bit surprised that you would trust anyone here. There are no Apple employees here - we are all other users like yourself. And we volunteer our time in order to help others - so does Thomas. So do others who test scenarios with various OS versions on their own machines, rendering them useless until they reinstall - all just so they can answer a question from another user. I spent several days testing various options of using the regular and internet recovery partitions/functionalities/results for Lion, Mountain Lion, and Mavericks on an SL machine.

I certainly do not download anything from someone I'm not familiar with, but Thomas has tested malware/adware incessantly, installing it purposely just to figure out how to get rid of it. If someone's solution is recommended here by a long time contributor, I would certainly trust it.

And, FWIW, I choose not to use the app store (except for the OS) because I do not agree with the terms I would be forced to accept. That applies equally to free or paid apps.

Dr. Andrews --

I've been a volunteer here for over ten years. Thomas has been here for eight years, and has always fought very hard against any attempts to damage anyone's Mac. He tests for new threats every day, and informs us often of new garbage we need to look out for when we're out there helping ASC posters.

He has been quoted often in national computer publications as the expert in malware / trojan / virus protection. And he does not sell his app! He will accept a donation, if you insist. If a person is reluctant to download his app, he gives them the manual instructions.

Just saying'.