My mac has just been infected with chumsearch malware. How do I remove it?

Try https://www.malwarebytes.com/antimalware/mac/

You may have installed a variant of the "Flashmall" trojan. To remove it, start by backing up all data.

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

1. Please triple-click anywhere in the line below on this page to select it:

/Library/LaunchAgents

Right-click or control-click the highlighted line and select

Services ▹ Open

from the contextual menu.* A folder named "LaunchAgents" should open.

In the folder, there may be one or more files with a name that begins in either of the following ways:

com.EasyShopper

com.SoftwareUpdater

Move each such file to the Trash. You may be prompted for your administrator password.

2. Open this folder as in Step 1:

~/Library/LaunchAgents

Move to the Trash any files with one of the names listed in the last step.

3. Log out or restart the computer.

4. Open the Applications folder in the Finder. It may have subfolders with any of these names:

EasyShopper

mediaDownloader

SoftwareUpdater

Move each such subfolder to the Trash. Empty the Trash.

5. From the Safari menu bar, select

Safari ▹ Preferences... ▹ Extensions

Uninstall all extensions you don't know you need, including one called "SearchAssist," if it's present. If in doubt, remove all of them. None is required for normal operation.

If the search engine setting was changed, change it back in the Search tab. You may also need to change the home page setting in the General tab.

Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return.

See the note at the end of my earlier comment.

If Safari is not affected, you may have installed a malicious Chrome extension such as "Adblock Super" or "News Ticker Remover." Remove all extensions you don't know you need. If in doubt, remove all of them.

If an extension is not causing the problem, create a new Chrome user profile. Note that you can salvage your bookmarks from the existing profile.

Chrome can sync your account settings between devices, so if you enable that feature, malicious profile data can spread from one to another in a virus-like way.