How to remove nova rambler virus

Hi! I solved this problem just today after a very long nightmare. So, try to follow these steps:

- first of all, install another Browser (Firefox)

- export your Favourites if you are afraid to loose them ("Bookmarks", "Bookmarks Manager", "Organize" and choose "Export to HTML files")

- exit from Chrome

- go to the "Applications" folder and drag the Chrome icon into the Trashbox.

- Then click on the "Go" button on the upper Finder tool bar, choose "Go to Folder" and write this command:

~/Library/Application Support/Google/Chrome

- select all the Chrome folders and all the Chrome files displayed (you are inside the Chrome folder that is still inside your OS) and drag all of them inside the Trashbox

Now Chrome is completely uninstalled from your OS. Now:

- open Firefox, download the Chrome.dmg file from the Chrome official site and open it

- drag the Install file inside the "Application" folder

- launch Chrome

Now you have a "virgin" and "clear" Chrome installation. Then You have to:

- sign in with your Google account

- import your Bookmarks (but I think they will be already there after I have logged in)

- uninstall Firefox if You want or use both of them if You want.

I really hope this will help you, let me know if it works.

Bye,

Download a copy of Malwarebytes Anti-Malware for Mac from here:

https://malwarebytes.com/mac/

If it doesn't detect and remove whatever is causing this problem, then I'd like to get more information. One option would be to choose Take System Snapshot from the Scanner menu, in the menu bar at the top of the screen, within Malwarebytes Anti-Malware. Then select the entire contents of the window that opens, copy it and paste into a reply here.

Alternately, if you'd prefer not to post that info publicly on this site, choose Contact Support from the Help menu within Malwarebytes Anti-Malware to send this info directly to Malwarebytes. Include a link to this discussion and my name (Thomas Reed) in the problem description, and I'll see it and respond.

(Note that I work for Malwarebytes, and the link I provided above goes to a Malwarebytes page. There is no need to purchase anything to solve this problem.)

You've got quite a lot of Chrome extensions installed, but I can't identify any of them in particular as adware. Is this problem only happening in Chrome? If so, it's likely that one of them is the culprit. Keep in mind that you may recognize all of those extensions, but it's actually pretty common for abandoned Chrome extensions to be obtained by adware makers and updated with adware code.

Make sure to disable all of your Chrome extensions, regardless of whether you think they're suspicious, and see if that makes a difference.

If it doesn't you may need to reset Chrome, and potentially may also need to reset your Google sync settings. See:

https://support.google.com/chrome/answer/3296214?hl=en

https://support.google.com/chrome/answer/6386691?hl=en

If you're seeing the problem in Safari as well as in Chrome, I don't see anything installed that would explain that. If this is the case, restart the computer in recovery mode by holding down command-R at startup. Once you're in recovery mode, you'll see a window with four options, one of which is Get Help Online. Click that to open a fresh copy of Safari. Browse normally for a while and see if the problem still happens, or if it has gone away. Be sure to browse long enough that you can be sure. Then let me know what the results of that test are.

Hello martire,

I wrote a little diagnostic program to help show what might be causing these problems. Download EtreCheck from https://www.etrecheck.com, run it, and paste the results here. EtreCheck is perfectly safe to run, does not ask for your password to install, and is signed with my Apple Developer ID.

Specifically, I'm interested in the "/etc/hosts" value in your EtreCheck report. I have seen information on the internet that says the PC version of this malware modifies the hosts file. If this is a Mac port, it may work the same way. If so, we can help you correct the problem.

What was this freeware program anyway? Was it the "MEGA" software? It may have been this software or its installer that hacked up your system.

Finally, do you have this problem in Safari too? EtreCheck isn't going to help much with Chrome. It only reports information about Safari extensions. I just can't keep up with Apple and 3rd party software.

Disclaimer: Although EtreCheck is free, there are other links on my site that could give me some form of compensation, financial or otherwise.

etresoft wrote:

Specifically, I'm interested in the "/etc/hosts" value in your EtreCheck report.

John, you can see the hosts contents in the output from Malwarebytes above. It's normal, hasn't been modified.

martire wrote:

I deleted chrome and reinstalled. No issues yet

Did you delete all of Chrome's data files as well, so you were essentially starting from scratch with Chrome. If so, that's an "extreme reset," so to speak, and should solve any Chrome settings or extension issues! 🙂

If you just deleted the Chrome app itself, and not any of the data files, and that solved the problem, that will be very interesting indeed... that would suggest that something modified the Chrome app, which is not something I've seen before. (Firefox, yes, but not Chrome.)

thomas_r. wrote:

etresoft wrote:

Specifically, I'm interested in the "/etc/hosts" value in your EtreCheck report.

John, you can see the hosts contents in the output from Malwarebytes above. It's normal, hasn't been modified.

OK. I see that now. However, you shouldn't automatically post the contents of that file. It can have sensitive information in it. It can also have thousands of lines. A better idea is just to post the number of non-default entries. That will tell you all you need to know.

But even if the hosts file isn't modified, there are other ways to accomplish the same thing. If malware authors ever figure out how to write decent Mac software, it will be much more difficult to detect and remove. Thankfully, Apple makes writing decent Mac software really hard.

Todouskots wrote:

Can you explain how to clean the data files?

Clean what data files?

I don't feel comfortable telling you to delete files based on no information whatsoever, so I would refer you back again to my previous posts on this topic.

Hello there.

Yesterday I made a rookie mistake because I wanted to install some controllers to play PES 16 on my macbook pro.

I installed 3 things: 1) A suspicious zip file which I had no idea what was going to do -I was just following instructions like a dumb desperate rookie- (*********
); 2) The 360Controller driver (https://github.com/360Controller/360Controller/releases) which didn´t work and I already deleted; 3) USB Overdrive 3.3 (developed by Alessandro Levi Montalcini) which worked, but I uninstalled and the problem persists.

I´m pretty sure that the trojan came from the 1st file, which I installed and nothing happened after. No application appeared in the Apps folder.

The result is that now I´m infected with this nova.rambler.ru spyware. This malware replaced Google on my browser (just Google Chrome, Safari works fine). This means that every time I want to search something in Google, it changes URL and website to this nova.rambler.ru.

I already did all of the things you mentioned before: deleted and reinstalled Chrome. The problem disappeared for a while, and then came back. I reseted all the extensions and downloaded 2 anti spyware programs: Malwarebytes Anti-Malware and an app store app called Adware Doctor. None of them could find nor delete the infection.

Do you have any idea of what/where could this be?

Open Chrome (or Safari) while holding the shift key,

remove all the extensions in the browser,

reset the HomeFolder to the one you want,

in the menu Clear all history and website data.

Then you can restart the browser normally.

I have the same problem, from yesterday.

So, try that:

- after You have trashed the Chrome Icon from "Applications" Folder and You have deleted files and folders writing the command ~/Library/Application Support/Google/Chrome, click again "Go to Folder" and write:

~/Library/Application Support/Google

As You can see, a folder called "Chrome" is still there; delete it.

Then, again, choose "Go to Folder" and write: ~/Library/Application Support

Look at some suspected files and, if you find them, trash them (for example, I found some folders that I thought I had deleted).

EtreCheck is a simple little app to display the important details of your system configuration and allow you to copy that information to the Clipboard. It is meant to be used with Apple Support Communities to help people help you with your Mac.

http://www.etresoft.com/etrecheck

phong113 wrote:

All the methods you guys mentioned above, I have tried them all. They don't work.

It (nova.rambler.ru) comes back after 2 days.

Thus far, from what I can determine, this is not due to any kind of adware or malware installed on your computer. It seems to be a changed setting hidden somewhere deep in Chrome's settings, or perhaps the Chrome app. However, I really don't know for sure yet. (I've talked to quite a few people with this problem now, and it's very odd how none of them will give me a straight answer to all my questions.)

My recommendation is to completely delete Chrome and all Chrome settings files. Follow the instructions here for uninstalling Chrome on the Mac, including removal of the profile data:

https://support.google.com/chrome/answer/95319?co=GENIE.Platform%3DDesktop&hl=en

If you are willing to work with me to identify the cause of this problem - which will mean you'll need to trust me with your Chrome profile info - get a copy of Malwarebytes Anti-Malware for Mac and choose Contact Support from the Help menu within that app. In the description of the problem, mention nova.rambler.ru, my name (Thomas Reed), and that you're willing to help identify the cause.

I've tried all of the above procedures, but none have proven positive, in my case only Google Chrome directs any search to nova.rambler.ru. I've done checks with several anti-virus, anti-malware, but they do not find anything.
If I can help with anything, I'm willing to