Uninstall Chill-tab "Virus" from Safari

Steps I did:

1. **I won't take any responsibility if following my steps cause your mac to misbehave.
2. Goto "[username]/Library/LaunchAgents/", remove 2 .plist file which involved in some process like "macsearch" and "bination". You might need to open the plist to check code inside.
3. Goto "[username]/Library/", remove "bination.lz" folder. Inside has an .app file.
4. Goto "[username]/Library/Caches/", remove suspicious files and folder.
   • **Below are the files i deleted, I won't take any responsible if deleting it affect your mac.
   • All files related to mackeeper
   • macsearch
   • searchinstaller
   • Linkury.SafariExtInstall
   • All folders like "a_A1SFG2XXXX"
   • ChromeAndFirefoxSetter
5. Goto "~/Users/Shared", remove
   • sf.plist
   • SafariSetter.safariextz
   • All executable files like "a_A1SFG2XXXX"
   • All "App_A123JXXX" zip files and folders
6. If you are using Google Chrome too, go to Preference > Manage search engines > Other search engines, look for Chill-tab and remove it.

I do not sure the "bination" files are related to this issue. I might mixed up or missed out some files to delete between the Caches and Shared folder, but you should get the idea, delete all files look similar. Check for suspicious files, I believe the malware might using different folder name for different device. Hope it helps.

Chill-Tab

You will have to do this after starting up in Safe Mode to prevent adware

from interfering with the removal of adware .

1. Shut down the computer.

Press the power button. Immediately after you hear the startup sound,

press and hold the Shift key.

The Shift key should be pressed as soon as possible after startup,

but not before the startup sound.

Release the Shift key when you see the Apple logo on the screen.

Startup will take longer than usual.

Screen flickering is normal in Safe Mode.

Login to your account. Launch Safari.

Enter this address https://www.malwarebytes.org/antimalware/mac/

in the Safari address bar.

Download, Install , open, and run it by clicking “Scan” button to remove adware, if present.

Once done, quit MalwareBytes.

2. Turnoff or uninstall extensions.

Section: Manage extensions: https://support.apple.com/guide/safari/use-safari-extensions-sfri32508/mac

3. Choose a search engine.

Delete all text in the Smart Search field, click the magnifying glass , then choose a search engine from the list.

https://support.apple.com/guide/safari/customize-your-search-ibrwe75c2a3c/mac

4. Set your Home Page. https://support.apple.com/guide/safari/set-your-homepage-ibrw1020/mac

5. Restart your Mac.

6. Launch Safari holding the Shift key down.

I have this too. This guy from Malware Bytes jumps into each forum and claims to have fixed it and kills the forum. It does not fix it, it just removes the chill-tab extension the malware still sends the ads. Strangely every sites claiming a permanent fix links to Mackeeper.com who supposedly have a fully formed tool to remove it and no-one else does, also the instructions to fix without Mackeeper tend to be non-functional. It looks complex to unpick, too complex for me at least. A rebuild seems easier or restore a saved image if you have one.

MalwareBytes worked for me. I had to run it twice from a fresh boot, then reboot again. The first time it removed 6 threats... the second time it cleared 2 more including chill-tab. Then reset Firefox (help > troubleshooting > refresh) and Chrome (settings > search engine)... might have to do similar to Safari.

I also have this. Install first Malwarebytes and restart your Mac. Then restart your Mac and start safari and wait till chill tab is running. Then start Malwarebytes ans start scan. It finds 3 files. Clear it.

So I had a problem like this too. I got it all figured out and I think google is your problem. Google was the source of the problem for me so I deleted it. Anyways, when it was all done, this weird icon/emoji appeared on the top right of my screen. It wasn't an emoji, just a weird icon. It was this weird Black and white circle face, and the only thing that was showing was the eyes. Then, after I got scared, the green light showing that my camera was on, turned on. I was on FaceTime with my friend and she looked it up and it means that someone is looking through my camera. I then realized that this person had access to my computer, and to the network I was on, and all of me and my family's personal info. After I got scared, Siri gave me a notification saying that voice reader thing was activated. She said it was overrided by my password, which I never typed in. I then realized that the person was listening to me, and then a google document opened up (even tho I had deleted google) and was saying something and then my computer turned off. It took about 30 minutes for my computer to turn on, and when I turned it on and logged in, my computer flashed and a bunch of weird code and information came up, and then it just went away. I am really freaked out because I saw some websites saying that Chill-tab gave u false websites, and your information could be hacked easily. I got it removed, but I feel as if the person was on before I removed chill tab. I fell like this is being watched right now and I need help quickly. Someone please help!

So, far I've found various residual components of chill-tab. Most of it's functioning is in the browser preferences. Go through each preference icon (search, security, privacy, etc.). For instance, in Search, Manage Websites, remove its insertion data. Remove anything referencing chill-tab. I have multiple browsers, it even changed Firefox's default search engine. As I write this, I'm still on a seek & destroy chill-tab mission. Looking for help brought me here. So, far so good. Hope this helps.

First, I was skeptical about downloading another app, but Malwarebyte did it for me. I waited for the pop up that asks to trust or cancel chill tab before I scanned using malwarebyte, lo and behold there were 4 items scanned and deleted. Then Malwarebytes asked to restart imac, it hasn't made a pop ad since.

I've been having the same problem for about two weeks. Malwarebytes did NOT work for me -- however, here's what did:

I stumbled upon this article http://applehelpwriter.com/2017/07/23/terminal-tricks-for-defeating-adware/ and while it was informative, I'm not super tech-savvy so I didn't understand half of it. However, at the very end, he offers a program called DetectX Swift Beta (https://sqwarq.com/detectx/detectx-swift-beta/). Sure enough, after downloading and running the program, there were multiple files in various locations under the Macintosh HD/Library system files. After I got those deleted/quarantined, I rebooted and all was well.

I also suggest checking under Macintosh HD/Users/Shared folder -- I found that each restart spawned 3 new install files from the malaware.

Hope this helps you!

this solution it works for me, however, the chill-tab is getting pretty clever, their names their files and folder with certain program (in my case, with adobe update manager, but have a weird words attached into it).

thanks buddy for ur solution!

This is what I did:

1. Search your entire mac for 'Chill-tab' and include system files in your search. Any file that doesn't seem right. delete it.

2. Delete MacKeeper from application and repeat the first step for 'MacKeeper' and delete all the system files for MacKeeper.

3. Open Safari, Go to Extensions under preferences, uninstall the extension that is not needed and uncheck automatic update of extensions option.

4. Open finder, go to library, by pressing little 'alt' key and library folder will appear in the 'Go' menu. Open Safari>Extensions folder and delete all the unnecessary extensions manually.

5. Under Safari preferences, click privacy tab and then 'manage website data'. If you see chill-tab or MacKeeper entry, delete it.

6. Empty Trash.

7. Optional - Clear history and delete all cookies in case these cookies are still lurking around.

Hope that helps. You don't have to follow the steps in sequence. As long as you do all above will get rid off the problem. I prefer not to install any anti-virus because it slows my old MacBook :-)

I had this problem for a week. I was freaking out when I read all the comments on this tab. Thankfully I found something that works for me.

Reset settings to default in Chrome/ Safari.

Delete extensions from the browsers and on the computer.

Delete apps that are unknown, for me that was mackeeper which didn't do a thing.

Download Avast - Avast Free Mac Security | Antivirus Software for Mac

Scan- It quarantined 4 items, and also found 26 infections. I deleted all the paths and files it found through the software. Very effective.

I also ran Malware Bytes - Malwarebytes | Free Cyber Security & Anti-Malware Software

Malware bytes made me restart my computer to clean out some virus threats.

Using both of them, this problem seems to be resolved for me.

Why don't you use the "Remove" and "CleanUp" buttons in the etrecheck list ?? they are there especially for it.

But you also have s**t software on your mac:

MacKeeper,

AVG Antivirus,

MemoryClean,

which you should correctly uninstall !!

• I guess for safari the problem is this file:
• SafariSetter.safariextz
• When I double click it it will pop-up the dialogue of installing chill tab

Restart Safari with the Shift key down.

Download and run Malwarebytes.

Malwarebytes | Malwarebytes for Mac

BTW, it’s not a virus, just malware/adware.