Level 1

10 points

Suspected malware after installing FileZilla. How much trouble am I in?

Hey all - I'm trying to help myself as much as possible, and I've been doing a lot of reading, but please accept my apologies if I missed something obvious.

Computer: iMac Pro, running 10.13.3

SITUATION: 

Opened Chrome (which I do not usually use) and received a warning that an extension called "Search Manager 10.1.2.64" is trying to set my default search bar to srchbar.com

Did some digging and found the extension was installed about a week ago, right after I installed FileZilla.

Did some more digging, and found "runChmm" in my login items, also installed at the same time. I haven't restarted since this, so hadn't encountered it yet. This launches something called Chromium that I never installed, which defaults to what seems to be a sketchy knockoff of Yahoo search. 

I've noticed Safari lagging like crazy when typing in the URL box, and now I wonder if this is related.

No extensions show as installed in Safari.

Currently running BitDefender.

Ran MalwareBytes and it came up clean.

QUESTIONS:

• How freaked out should I be?

• Do I need to wipe my system drive?

• Reinstall OS?

• Wipe other stuff? Like, can my personal files be infected?

• Can I trust my Time Machine backup from before the date in question or could that be compromised too, so restoring from it just reinfects me?

• Do I need to worry that passwords and personal data stored on my machine are compromised?

• Is there a way to know for sure what happened, and what else is installed?

THANKS SO MUCH!

Posted on Feb 21, 2018 3:16 PM

Similar questions

22 replies

perry_k Author

Level 1

10 points

Feb 21, 2018 6:00 PM in response to John Galt

Thanks John! This is reassuring.

I will probably roll back with Time Machine.

Is it safe to rollback the OS only, and keep personal documents from past the time of the incident? I.e., could something malicious hide in my documents and reactivate, or does rolling back the OS kill everything?

Feb 21, 2018 3:39 PM in response to perry_k

FWIW, Chromium is the open source version of Google Chrome.

https://en.wikipedia.org/wiki/Chromium_(web_browser)

perry_k Author

Level 1

10 points

Feb 21, 2018 3:51 PM in response to Kurt Lang

Thanks Kurt. In your experience, is this stuff more likely to be nuisance (i.e., adware) or malicious (i.e., skimming my passwords, stealing data, etc.)

Feb 21, 2018 4:14 PM in response to perry_k

I agree with John about BitDefender. I'm surprised no one had suggested uninstalling it already.

perry_k Author

Level 1

10 points

Feb 21, 2018 4:24 PM in response to CountryGirl56

Cool. I'm on the same page, re: not keeping something like this running during normal use. I just want to know what I should run RIGHT NOW to scan for malware.

Feb 21, 2018 4:36 PM in response to perry_k

The only thing I saw you mention was a browser "hijacker". Technically they aren't malware and are easily dealt with. As macjack first mentioned for Safari.

perry_k Author

Level 1

10 points

Feb 21, 2018 4:31 PM in response to CountryGirl56

The problem is, neither of those did find anything and I haven’t taken any actions to uninstall the two pieces that I personally located yet… So that makes me a little nervous that I have no way to know if I found all of it or not.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Suspected malware after installing FileZilla. How much trouble am I in?