MysteriousStranger

Q: ChumSearch malware/How to get rid of it?

So I accidentally downloaded or somehow ended up with something called ChumSearch, and it's my new default search engine/browser, and i tried just switching it and uninstalling the safari extension, but even after I uninstalled it it's still there. I followed the instructions on this post but they didn't work. Any help would be greatly appreciated (the quickest the better, my parents will kill me if i do anything to my laptop). Thank you!

MacBook Pro (13-inch Mid 2012)

Posted on Mar 22, 2016 7:58 PM

Close

Q: ChumSearch malware/How to get rid of it?

  • All replies
  • Helpful answers

Previous Page 2 of 3 last Next
  • by etresoft,

    etresoft etresoft Mar 23, 2016 7:01 AM in response to MysteriousStranger
    Level 7 (29,335 points)
    Mac OS X
    Mar 23, 2016 7:01 AM in response to MysteriousStranger

    Hello MysteriousStranger,

    Restart your machine and then post another EtreCheck report. I think you have been working to remove software but haven't restarted after the most recent uninstall. Just deleting files doesn't necessarily stop the software. Hopefully, after restarting, mackeeper should be gone. The mds process will likely stay at 100% for a while. That is just what it does - thank Apple for that.

  • by turingtest2,

    turingtest2 turingtest2 Mar 23, 2016 7:40 AM in response to turingtest2
    Level 10 (87,660 points)
    Apple TV
    Mar 23, 2016 7:40 AM in response to turingtest2

    turingtest2 wrote:

     

    I rather suspect this entry will be for something unwanted:

    o1dbrowserplugin: 5.41.3.0 - SDK 10.8 (2016-01-23) [Support]

     

    Sadly I don't know how you go about blocking it.

     

    tt2

     

    A little more searching suggests this is something to do with Google Talk/Google Hangouts, but even then it is hard to find something definitive.

     

    tt2

  • by ~Bee,

    ~Bee ~Bee Mar 23, 2016 9:52 AM in response to etresoft
    Level 7 (31,792 points)
    Mac OS X
    Mar 23, 2016 9:52 AM in response to etresoft

    Thanks, Etresoft.

  • by Linc Davis,

    Linc Davis Linc Davis Mar 23, 2016 4:29 PM in response to MysteriousStranger
    Level 10 (208,017 points)
    Applications
    Mar 23, 2016 4:29 PM in response to MysteriousStranger

    I followed the instructions on this post but they didn't work.

    Which instructions?

  • by Eric Root,

    Eric Root Eric Root Mar 24, 2016 6:33 AM in response to MysteriousStranger
    Level 9 (73,351 points)
    iTunes
    Mar 24, 2016 6:33 AM in response to MysteriousStranger
  • by Lexiepex,

    Lexiepex Lexiepex Mar 24, 2016 9:01 AM in response to MysteriousStranger
    Level 6 (10,519 points)
    Mac OS X
    Mar 24, 2016 9:01 AM in response to MysteriousStranger

    In the following a radical approach: if you need anything I say to remove: you can install it later again.

    1. in SystemPreferences->Users&Groups->LoginItems: remove all entries with the minus sign.

    2. Restart.

    Don't run any app.

    -Run  Antimalware again.

    -Download   DetectX  from   http://sqwarq.com/detectx/

    and run  "all searches" , it will remove macKeeper.

    3. Restart.

    - Safari->Preferences->Extensions: remove/uninstall all extensions.

    - Quit Safari

    - MacintoshHD->Library->InternetPlug-ins:   remove ALL  plugins, except:

    Quicktime plugin

    the two Flashplayer plugins

    DefaultBrowser

    4. Uninstall Valve software according to the developers instructions

    5. MacintoshHD->Library->LaunchAgents:  delete the .....nikeplusconnect... plist

    6. Restart.

    Don't start any app, except run another etrecheck list.

  • by lauraim,

    lauraim lauraim Mar 25, 2016 8:14 AM in response to MysteriousStranger
    Level 1 (4 points)
    Mar 25, 2016 8:14 AM in response to MysteriousStranger

    First I deleted it in my browser bar,  then I went to Safari preferences -- privacy -- "details" under cookies section and found chum search and deleted cookies and then went to Safari General preferences and changed my homepage to original.    It doesn't come up anymore.   I'm not sure I'm fixed however.

  • by MacaddictBV,

    MacaddictBV MacaddictBV Mar 25, 2016 3:10 PM in response to MysteriousStranger
    Level 1 (4 points)
    Mar 25, 2016 3:10 PM in response to MysteriousStranger

    I too have this problem now. Followed everything on this post and I still have it.

    EtreCheck version: 2.9.10 (261)

    Report generated 2016-03-25 18:07:49

    Download EtreCheck from https://etrecheck.com

    Runtime 1:37

    Performance: Excellent

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

    Click the [Remove] links to remove adware.

     

    Problem: Other problem

    Description:

    chum search

     

     

    Hardware Information:

        MacBook Air

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        MacBook Air - model: MacBookAir6,2

        1 1.7 GHz Intel Core i7 CPU: 2-core

        8 GB RAM Not upgradeable

            BANK 0/DIMM0

                4 GB DDR3 1600 MHz ok

            BANK 1/DIMM0

                4 GB DDR3 1600 MHz ok

        Bluetooth: Good - Handoff/Airdrop2 supported

        Wireless:  en0: 802.11 a/b/g/n/ac

        Battery: Health = Normal - Cycle count = 48

     

    Video Information:

        Intel HD Graphics 5000

            Color LCD 1440 x 900

     

    System Software:

        OS X El Capitan 10.11.3 (15D21) - Time since boot: less than an hour

     

    Disk Information:

        APPLE SSD SM0512F disk0 : (500.28 GB) (Solid State - TRIM: Yes)

            EFI (disk0s1) <not mounted> : 210 MB

            Macintosh HD (disk0s2) / : 499.42 GB (360.34 GB free)

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

     

    USB Information:

        Apple Card Reader 128.71 GB

            StorEDGE (disk1s1) /Volumes/StorEDGE : 128.70 GB (114.09 GB free)

        Apple Inc. BRCM20702 Hub

            Apple Inc. Bluetooth USB Host Controller

     

    Thunderbolt Information:

        Apple Inc. thunderbolt_bus

     

    Gatekeeper:

        Mac App Store and identified developers

     

    Adware:

        ~/Library/LaunchAgents/com.ShoppyTool.agent.plist

        One adware file found. [Remove]

     

    System Launch Agents:

        [not loaded]    6 Apple tasks

        [loaded]    157 Apple tasks

        [running]    73 Apple tasks

     

    System Launch Daemons:

        [not loaded]    42 Apple tasks

        [loaded]    156 Apple tasks

        [running]    90 Apple tasks

     

    Launch Agents:

        [not loaded]    com.adobe.AAM.Updater-1.0.plist (2014-05-26) [Support]

        [failed]    com.adobe.ARMDCHelper.cc24aef4a1b90ed56a...plist (2015-10-18) [Support]

        [loaded]    com.google.keystone.agent.plist (2016-03-02) [Support]

        [loaded]    com.oracle.java.Java-Updater.plist (2015-07-06) [Support]

     

    Launch Daemons:

        [loaded]    com.adobe.ARMDC.Communicator.plist (2015-10-18) [Support]

        [loaded]    com.adobe.ARMDC.SMJobBlessHelper.plist (2015-10-18) [Support]

        [loaded]    com.adobe.fpsaud.plist (2016-03-18) [Support]

        [loaded]    com.google.keystone.daemon.plist (2016-03-02) [Support]

        [loaded]    com.microsoft.office.licensing.helper.plist (2014-02-26) [Support]

        [loaded]    com.oracle.java.Helper-Tool.plist (2015-07-06) [Support]

     

    User Launch Agents:

        [failed]    com.ShoppyTool.agent.plist (2016-03-25) Adware!  [Remove]

        [failed]    com.jdibackup.ZipCloud.autostart.plist (2016-03-25) [Support]

        [loaded]    com.jdibackup.ZipCloud.notify.plist (2016-03-25) [Support]

     

    User Login Items:

        iTunesHelper    Application  (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

        AdobeResourceSynchronizer    Application Hidden (/Applications/Adobe Acrobat Reader DC.app/Contents/Helpers/AdobeResourceSynchronizer.app)

        Dropbox    Application  (/Applications/Dropbox.app)

        Garmin Express Service    Application  (/Applications/Garmin Express.app/Contents/Library/LoginItems/Garmin Express Service.app)

     

    Other Apps:

        [running]    com.garmin.renu.service.9312

        [running]    com.getdropbox.dropbox.97632

        [running]    com.google.Chrome.9632

        [loaded]    393 Apple tasks

        [running]    180 Apple tasks

     

    Internet Plug-ins:

        JavaAppletPlugin: Java 8 Update 77 build 03 (2016-03-25) Check version

        o1dbrowserplugin: 5.41.3.0 - SDK 10.8 (2015-12-15) [Support]

        Default Browser: 601 - SDK 10.11 (2016-01-28)

        AdobePDFViewerNPAPI: 15.010.20060 - SDK 10.8 (2016-03-13) [Support]

        FlashPlayer-10.6: 21.0.0.197 - SDK 10.6 (2016-03-24) [Support]

        Silverlight: 5.1.41212.0 - SDK 10.6 (2016-03-15) [Support]

        QuickTime Plugin: 7.7.3 (2016-01-28)

        Flash Player: 21.0.0.197 - SDK 10.6 (2016-03-24) [Support]

        googletalkbrowserplugin: 5.41.3.0 - SDK 10.8 (2015-12-11) [Support]

        SharePointBrowserPlugin: 14.6.1 - SDK 10.6 (2016-03-09) [Support]

        AdobePDFViewer: 15.010.20060 - SDK 10.8 (2016-03-13) [Support]

        DirectorShockwave: 12.1.8r158 - SDK 10.6 (2015-04-16) [Support]

     

    Safari Extensions:

        chumsearch (2016-03-25)

     

    3rd Party Preference Panes:

        Flash Player (2016-03-18) [Support]

        Java (2016-03-25) [Support]

     

    Time Machine:

        Auto backup: YES

        Volumes being backed up:

            Macintosh HD: Disk size: 499.42 GB Disk used: 139.08 GB

        Destinations:

            Time Machine Backups [Local]

            Total size: 500.11 GB

            Total number of backups: 19

            Oldest backup: 11/14/14, 10:30 AM

            Last backup: 3/7/15, 4:00 PM

            Size of backup disk: Adequate

                Backup size 500.11 GB > (Disk used 139.08 GB X 3)

     

    Top Processes by CPU:

             5%    WindowServer

             2%    kernel_task

             1%    aslmanager

             1%    fontd

             0%    cloudpaird

     

    Top Processes by Memory:

        774 MB    kernel_task

        287 MB    Google Chrome Helper(2)

        221 MB    mds_stores

        147 MB    Dropbox

        131 MB    Google Chrome

     

    Virtual Memory Information:

        4.25 GB    Free RAM

        3.75 GB    Used RAM (1.35 GB Cached)

        0 B    Swap Used

     

    Diagnostics Information:

        Mar 25, 2016, 06:01:49 PM    Self test - passed

     

  • by Amateur_user1,

    Amateur_user1 Amateur_user1 Mar 27, 2016 6:25 AM in response to MacaddictBV
    Level 1 (12 points)
    Notebooks
    Mar 27, 2016 6:25 AM in response to MacaddictBV

    How to remove Chumsearch from my Macbook Air. Tried to uninstall but still cannot. I see it in my Applications. By double-clicking on Chumsearch in Applications, I was able to delete all the content in the folder called ChumSearch or at least that's what I see but not sure what's going on.

     

    Here are the results from the Etrecheck report. PLEASE HELP

     

     

  • by Lexiepex,

    Lexiepex Lexiepex Mar 27, 2016 6:59 AM in response to MacaddictBV
    Level 6 (10,519 points)
    Mac OS X
    Mar 27, 2016 6:59 AM in response to MacaddictBV

    Please don't hack this thread: if you "have the same problem" you can follow the discussion to see how it could be solved. Otherwise start a new thread.

  • by Griff5516,

    Griff5516 Griff5516 Jun 4, 2016 10:54 AM in response to MysteriousStranger
    Level 1 (4 points)
    Jun 4, 2016 10:54 AM in response to MysteriousStranger

    This just happened to me today. So far, my solution has been far more simple. Getting rid of Chumsearch on a web browser was as simple as deleting it from my default search engines. As for Mega uploader and MacKeeper, I was able to uninstall them both after hard closing both applications in the Activity Monitor. Not sure if this problem is still troubling anybody in this thread, but hopefully this information helps anyone.

  • by Alexvh11,

    Alexvh11 Alexvh11 Aug 12, 2016 7:38 PM in response to Allan Eckert
    Level 1 (19 points)
    Mac OS X
    Aug 12, 2016 7:38 PM in response to Allan Eckert

    I accidentaaly acquired mega backup and chumsearch. As such, I haven't been able to use my browsers. I was able to upgrade to OSX El Capitan. Am waiting for the update to finish. Hoping I can get to my browsers. When it finishes what programs do you recommend for me to be sure the malware junk is gone?

  • by etresoft,

    etresoft etresoft Aug 12, 2016 7:48 PM in response to Alexvh11
    Level 7 (29,335 points)
    Mac OS X
    Aug 12, 2016 7:48 PM in response to Alexvh11

    Hello Alexvh11,

    This thread is several months old. If you want to get good answers, you need to start your own thread.

  • by Alexvh11,

    Alexvh11 Alexvh11 Aug 12, 2016 9:29 PM in response to etresoft
    Level 1 (19 points)
    Mac OS X
    Aug 12, 2016 9:29 PM in response to etresoft

    Thank you! I did figure it out though using Linc's old thread and my ingenuity

    Hopefully I'm done with the malware.


  • by BrodieMack,

    BrodieMack BrodieMack Aug 31, 2016 4:31 PM in response to ~Bee
    Level 1 (8 points)
    Mac OS X
    Aug 31, 2016 4:31 PM in response to ~Bee

    I did, and it didn't find chumsearch so I am in the same boat.

Previous Page 2 of 3 last Next