Can't Remove "Plugins Button" adware from Chrome on MacOS Sierra

Do you have a Brother scanner or all-in-one printer of some sort? Interesting that both you and the OP have that launch agent. The date suggests it's been around for a long time, but dates are easily manipulated.

Could you just open that plist and post its contents so that we can check it's genuine? In Terminal, paste this:

cat /Library/LaunchAgents/com.brother.LOGINserver.plist

OK, that appears genuine enough.

I didn't get the email. It may have been filtered out by yours or mine email provider if they recognised a malware signature in the attachment.

If you send me another email without the attachment, I'll reply with a way you can safely upload it to me.

Thx!

Just wanted to let you guys know that i've fixed the issue! 🙂

BIG THANK YOU to Softwater for your very helpful website and program!!! (def the steps were challenging for someone who isn't that familiar with code)

I've read through it but ultimately running the program and resetting chrome's settings to default solved the issue and i don't see any malware while browsing!!!

Malwarebyte program does still find a file that it thinks is malware while scanning but again, after running Softwater's program the issue was resolved.

Thanks again Softwater, you've saved my computer!!!!!

The code I posted here was diagnostic, so wouldn't have solved anything on its own.

If by my 'program' you mean my app DetectX, I'd really appreciate you going to the Help menu and clicking the 'Report a Problem to Sqwarq Support' menu item. Attach the folder that's created to an email and send to me.

With that info, I should be able to determine what DetectX did to solve the problem and to share it here.

Disclaimer: this post contains a link to my website from which I may derive some form of compensation.

Just sent you the file.

Also just ran the app again and it showed a file that needed to be deleted, but didn't really have any issues before running it, so i'm thinking the files i sent were the one's causing the malware issues.

Using DetectX WORKED!!!! 😀😀➕😀😀

Steps to reproduce the solution that worked for me are below. Time required: about 15/20 minutes:

- download and install DetectX

- Trash everything DetectX finds, and restart

- Run DetectX again, trash anything it finds

- Run malwarebytes as well and removed whatever it found

- Uninstall Chrome

- Go to Macintosh HD/"yourUserName"/Library/Application Support/Google/Chrome and DELETE the whole folder called Chrome

- Run DetectX again just in case, trash anything it finds, if anything

- Reboot

- Redownload Google Chrome, reinstall

- Stupid malware now is gone from the Google Extensions list! And I am now adware free!

Thank you Softwater - I will add a review on to the google extension review page and post this solution there for mac users.

I'm glad that worked for you, but there's more to this issue than DetectX knows about at the moment, and you may find rebooting again returns your unwanted plugin to Chrome.

I've finally figured out how it persists, but I need to both 'reinfect' myself to test my removal procedure, and to check that it's using the same method in other situations.

Could you tell me what this command produces in the Terminal on your machine:

sudo /usr/bin/profiles -P; sudo -K

Hey softwater. Thanks a lot. I have finally managed to get rid of this stupid malware along with other malicious extensions with the help of your method. However, there are a few things that I want to add for tackling the newest version of "Plugins Button".

**Update**

1. Run DetectX to look for threats

2. After identifying the threats, run Terminal as and input the same code: sudo /usr/bin/profiles -D; sudo -K

3. The new "Plugins Button" comes with a managed profile when installing chrome. Therefore to ensure that there are no underlying threats. Type the second code as well. sudo /usr/bin/profiles -P; sudo -K4.

4. Press Enter

5. Type your computer's password and press "y"

6. Run DetectX again to see if there are any threats remaining. Sometimes it reveals no threats, but when you open Chrome, the plugin is still there. If this happens, go on to Step 7

7. In Finder, search all files associated with chrome. You might also want to look for something that ends with ".plist"

8. Delete all those files and empty Trash

9. Uninstall Chrome along with the installation package

10. Reinstall Chrome and see whether the plugin is still there.

11. If the problem persists, repeat this process all over again but remember to uninstall Chrome and DetectX.

[ I don't know why by somehow repeating this about 10 times, it worked] 😀

~hope this helps

I suspect that the reason why you had to keep repeating it is that you ended up in a race condition with the profile configuration.

As I said in the answer, don't remove the threats at step 1 - that's just a confirmation step and you could omit it altogether. Wait till after you've removed the profile configuration and then use DetectX to delete the results of the search.

I wrote up the process here and will update that info if it changes:

http://applehelpwriter.com/2017/07/30/how-to-remove-plugins-button-from-chrome/

Disclaimer: this post contains a link to my blog from which I may derive some form of compensation, financial or otherwise.

Thank you very much it has been very useful

Yes, please, that would be super-helpful.

If you click the 'softwater' icon and go to my profile, there's an email address for me in there.

Hey guys- were you able to figure this out? I have the same issue. It's driving me crazy 😟 Like the OP, I also got it after trying to crack some software.

Thanks, truly appreciate it! 😀