Apple Event: May 7th at 7 am PT

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Level 1

11 points

Uninstall Chill-tab "Virus" from Safari

Hello, everyone. I have had a problem for the last month with the "Chill-tab Virus". I'm not sure how I got this virus, but I know its VERY annoying to deal with everyday. Every time I start up my early 2015 MacBook pro and start teaching the internet I get this annoying pop up [IMAGE BELOW]. I have literally visited hundreds of websites trying to find a fix for this virus.. It's annoying to have to force quit Safari and reopen it just to be able to use it.

I have tried lots of ways to remove this virus. I have installed virus cleaner, deleted everything in the Shared folder, deleted all Safari cash, searched chill-tab(Even SafariExtInstall) in finder and deleted everything, I have went through maybe websites an done step by step. Can someone just tell me the real way to remove this for good? Also MacKeeper came with the virus but I think I removed it.

Here is some stuff about my mac if it'll help:

Hardware Information: ⓘ

MacBook Pro (Retina, 13-inch, Early 2015)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro12,1

1 2.7 GHz Intel Core i5 (i5-5257U) CPU: 2-core

8 GB RAM Not upgradeable

BANK 0/DIMM0

4 GB DDR3 1867 MHz ok

BANK 1/DIMM0

4 GB DDR3 1867 MHz ok

Handoff/Airdrop2: supported

Wireless: en0: 802.11 a/b/g/n/ac

Battery: Health = Normal - Cycle count = 172

iCloud Quota: 4.75 GB available

Video Information: ⓘ

Intel Iris Graphics 6100 - VRAM: 1536 MB

Color LCD 2560 x 1600

Disk Information: ⓘ

APPLE SSD SM0128G disk0: (121.33 GB) (Solid State - TRIM: Yes)

[Show SMART report]

EFI (disk0s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB

(disk0s2) <not mounted> [CoreStorage Container]: 120.47 GB

Recovery HD (disk0s3 - Journaled HFS+) <not mounted> [Recovery]: 650 MB

USB Information: ⓘ

USB30Bus

Broadcom Corp. Bluetooth USB Host Controller

Thunderbolt Information: ⓘ

Apple Inc. thunderbolt_bus

Virtual disks: ⓘ

Apple SSD SM0128G Media (disk1 - Journaled HFS+) / [Startup]: 120.12 GB (19.10 GB free)

Encrypted AES-XTS (Unlocked)

Physical disk: disk0s2 120.47 GB Online

System Software: ⓘ

macOS Sierra 10.12.6 (16G29) - Time since boot: less than an hour

Gatekeeper: ⓘ

Mac App Store and identified developers

Possible adware: ⓘ

Adware: /Library/LaunchAgents/macsearch.plist

One possible adware file found. [Remove/Report]

Clean up: ⓘ

/Library/LaunchDaemons/com.htGzWBDa.plist

/Library/htGzWBDa/htGzWBDa.app/Contents/MacOS/htGzWBDa

Executable not found!

One orphan file found. [Clean up]

Kernel Extensions: ⓘ

/Library/Application Support/AVGAntivirus/components/fileshield/unsigned

[loaded] com.avg.FileShield (3.0.0 - SDK 10.9) [Lookup]

/System/Library/Extensions

[not loaded] wch.usb.usb (1.1.1 - SDK 10.6) [Lookup]

System Launch Agents: ⓘ

[not loaded] 7 Apple tasks

[loaded] 178 Apple tasks

[running] 97 Apple tasks

System Launch Daemons: ⓘ

[not loaded] 40 Apple tasks

[loaded] 176 Apple tasks

[running] 102 Apple tasks

Launch Agents: ⓘ

[not loaded] com.adobe.AAM.Updater-1.0.plist (Adobe Systems, Inc. - installed 2017-08-14)

[loaded] com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2017-08-14)

[running] com.avg.update-agent.plist (AVG Technologies CZ, s.r.o. - installed 2017-09-08)

[loaded] com.avg.userinit.plist (Shell Script 59a6db8e - installed 2017-09-08)

[loaded] com.oracle.java.Java-Updater.plist (? 4b51aa1f 72ac4dde - installed 2017-08-13)

[loaded] macsearch.plist (? e85a6e27 4f77794f - installed 2017-09-02) Adware! [Remove/Report]

/Library/Application Support/Agent/macsearch

Launch Daemons: ⓘ

[running] com.adobe.adobeupdatedaemon.plist (Adobe Systems, Inc. - installed 2017-08-14)

[running] com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2017-08-14)

[not loaded] com.apple.installer.cleanupinstaller.plist (? ? ? - installed 2017-08-13)

[loaded] com.avg.init.plist (Shell Script d34ba41 - installed 2017-09-08)

[loaded] com.avg.uninstall.plist (Shell Script ced238bd - installed 2017-09-08)

[loaded] com.avg.update.plist (Shell Script 7a885bf0 - installed 2017-09-08)

[failed] com.htGzWBDa.plist (? f8813c98 0 - installed 2017-09-02) - /Library/htGzWBDa/htGzWBDa.app/Contents/MacOS/htGzWBDa: Executable not found!

[loaded] com.oracle.java.Helper-Tool.plist (Shell Script e3fefdd2 - installed 2017-08-13)

Internet Plug-ins: ⓘ

JavaAppletPlugin: Java 8 Update 144 build 01 (installed 2017-08-13) Check version

AdobeAAMDetect: 3.0.0.0 (installed 2017-08-14)

QuickTime Plugin: 7.7.3 (installed 2017-07-15)

3rd Party Preference Panes: ⓘ

Java (installed 2017-07-22)

Time Machine: ⓘ

Time Machine not configured!

Top Processes by CPU: ⓘ

7% WindowServer

7% kernel_task

4% hidd

0% fontd

0% sysmond

Top Processes by Memory: ⓘ

1.30 GB com.apple.WebKit.WebContent

722 MB kernel_task

388 MB com.apple.WebKit.WebContent

143 MB WindowServer

131 MB Finder

Top Processes by Network Use: ⓘ

Input Output Process name

1 MB 254 KB com.apple.WebKit.Networking

73 KB 28 KB mDNSResponder

43 KB 37 KB apsd

8 KB 2 KB com.avg.daemon

5 KB 4 KB assistantd

Top Processes by Energy Use: ⓘ

24.58 WindowServer

12.44 Finder

3.42 hidd

1.06 sysmond

Virtual Memory Information: ⓘ

2.98 GB Available RAM

465 MB Free RAM

5.02 GB Used RAM

2.52 GB Cached files

0 B Swap Used

Software installs: ⓘ

Memory Clean 2: 1.4 (installed 2017-08-14)

Microsoft Remote Desktop: 8.0.27312 (installed 2017-08-19)

Speedtest: 1.3 (installed 2017-08-24)

Microsoft Remote Desktop: 8.0.27319 (installed 2017-08-24)

Memory Clean 2: 1.5 (installed 2017-08-24)

WhatsApp: 0.2.5863 (installed 2017-08-27)

Unity: 2017.2.0b9 (installed 2017-09-02)

MonoDevelop for Unity: 2017.2.0b9 (installed 2017-09-02)

Unity Documentation: 2017.2.0b9 (installed 2017-09-02)

Unity Standard Assets: 2017.2.0b9 (installed 2017-09-02)

iOSSupport: 2017.2.0b9 (installed 2017-09-02)

Bitbox Installer: (installed 2017-09-02)

MacKeeper: (installed 2017-09-02)

AVG AntiVirus: 17.2 (installed 2017-09-02)

Lame Library v3.99.5 for Audacity: (installed 2017-09-03)

Install information may not be complete.

Diagnostics Information: ⓘ

2017-09-11 15:59:54 com.apple.WebKit.WebContent High CPU use

2017-08-31 22:07:29 Kernel Panic

3rd Party Kernel Extensions: None

Posted on Sep 12, 2017 7:36 PM

Best reply

Byron Boh

Level 1

9 points

Posted on Dec 14, 2017 2:30 AM

Steps I did:

**I won't take any responsibility if following my steps cause your mac to misbehave.
Goto "[username]/Library/LaunchAgents/", remove 2 .plist file which involved in some process like "macsearch" and "bination". You might need to open the plist to check code inside.
Goto "[username]/Library/", remove "bination.lz" folder. Inside has an .app file.
Goto "[username]/Library/Caches/", remove suspicious files and folder.
- **Below are the files i deleted, I won't take any responsible if deleting it affect your mac.
- All files related to mackeeper
- macsearch
- searchinstaller
- Linkury.SafariExtInstall
- All folders like "a_A1SFG2XXXX"
- ChromeAndFirefoxSetter
Goto "~/Users/Shared", remove
- sf.plist
- SafariSetter.safariextz
- All executable files like "a_A1SFG2XXXX"
- All "App_A123JXXX" zip files and folders
If you are using Google Chrome too, go to Preference > Manage search engines > Other search engines, look for Chill-tab and remove it.

I do not sure the "bination" files are related to this issue. I might mixed up or missed out some files to delete between the Caches and Shared folder, but you should get the idea, delete all files look similar. Check for suspicious files, I believe the malware might using different folder name for different device. Hope it helps.

View in context

23 replies