jbgriffee
Level 1
(4 points)
Appear that I downloaded malware. I removed MegaBackup and Mac Defender but now safari goes to a blank window with a search field and the web address is ChumSearch. How do I get rid of this and get back to having Safari go to my preference search engine?
Q: malware
Below is a suggested procedure to inactivate the malware you installed.
Please back up all data before making any changes.
The numbers refer to the items in the screenshots, in the order shown. Use the screenshots as a guide. #1 would be the topmost item, #2 the one below, and so on.
The names in quotes refer to malware types, not to the names of the files. Don't expect the files to have similar names. For example, if you installed the "VSearch" malware, usually none of the files will have the word "VSearch" in the name. Malware attackers don't make it that easy for you.
You may be prompted for your administrator name and/or password when you delete some of the files listed below, or you may be prompted to confirm because a file is locked.
In the first folder arranged as shown in the screenshots, delete these items:
#1 and #2 ("VSearch")
In the second folder:
#1 and #2 ("Flashmall")
In the third folder:
#3 through #5 ("Genieo")
#7 and #8 ("Flashmall")
Restart the computer. Until you've done that, the malware will still be active, even after you delete the files.
Uninstall any Safari extensions you don't know you need. If in doubt, remove all of them. None is needed for normal operation.
Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
Reset the Safari home page and search engine, if either was changed. You may need to do the same in the other browsers.
From the Applications folder (not shown in the screenshots), delete items with any of the following names:
MPlayerX
PDF Pronto
Open your home folder by clicking the house icon with your name in the sidebar of a Finder window. If there is a subfolder named "Applications" (different from the main Applications folder), remove anything in it that you don't recognize.
These steps will permanently inactivate the malware, as long as you never reinstall it. A few small files may remain in hidden folders, but they have no effect.
I would very much appreciate your help getting Chumsearch off my computer. I installed MacKeeper before fully researching it to try to solve that problem, and I hope I have successfully uninstalled it. I also found Mega Backup in my applications, and I put it in the trash. All this trouble came from my trying to update Adobe and not paying enough attention to what I was doing.
I followed Linc's instructions here and it was a big help. But I had to do one more thing to insure the adware was gone. What was happening on my iMac was when I startup, after everything loads from the system, the following files were created and placed in private/var/tmp
If dit8.tgz is allowed to decompress, it installs a folder in tmp called Injector. Inside this folder is bad stuff that creates the files Linc discusses. The injector files infects browsers with adware selling virus removal software. What a surprise, right? Deleting the files Linc recommendes got rid of the source but I also needed to delete the files from private/var/tmp.
theratter
