Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Ad Ware Infected

T

tobyreal

macrumors newbie
Original poster
Jul 13, 2020
5
0
Hi, I’m new here

I had a problem with a possible adware that I accidentally installed by being tricked in supposedly update an adobe software.

When I managed to block the fake "Safari virus notifications “ I now have another problem :Every time I open a new Safari Browser window or use my web address field ( which was set to google search ) it opens a website : “ www.searchsnow.com “ which is set nowhere as default website !

I ran “ Detect X Swift “ but that didn’t find any software that is connected to that.
 
My guess would be a rogue Safari extension. See if there are any and disable them to see if it helps, then close Safari by pressing option + command + Q to close all windows.

Try EtreCheck (Mac App Store) to see if it finds anything. It is more verbose than DetectX. You can post the report here or look for LaunchAgents, LaunchDaemons and Safari extensions in particular. The app is free, you don’t have to pay for the upgrade package for these purposes.
 
  • Like
Reactions: tranceking26 and Apple_Robert
Did it start with an email titled "Edit PDFs on the Fly"? If so, I got that one too.

1594684326854.png
 
KALLT said:
My guess would be a rogue Safari extension. See if there are any and disable them to see if it helps, then close Safari by pressing option + command + Q to close all windows.

Try EtreCheck (Mac App Store) to see if it finds anything. It is more verbose than DetectX. You can post the report here or look for LaunchAgents, LaunchDaemons and Safari extensions in particular. The app is free, you don’t have to pay for the upgrade package for these purposes.
Click to expand...

Great, thanks!
there was nothing in the extension folder of the library ( see screenshot).

… but .. wow nice… the Etre Software pulled them all up ( see screenshot)
… so I guess I I click remove right !?
 

Attachments

  • EXT.jpg
    EXT.jpg
    21.2 KB · Views: 114
  • Etre 1.jpg
    Etre 1.jpg
    251.2 KB · Views: 141
  • Etre 2.jpg
    Etre 2.jpg
    212.1 KB · Views: 142
  • Etre 3.jpg
    Etre 3.jpg
    217.4 KB · Views: 119
@BasicGreatGuy I will try Malwarebytes too
@Namara it was actually more of a website I got promoted to which really looked like the Adobe Website that prompted me to update the flash to display the website I wanted to view ( which was an website of a lawfirm, so I new it was a legit page .. but they have been hacked ) and it even opened up an installer that had the adobe logo in the dock .
 
tobyreal said:
Great, thanks!
there was nothing in the extension folder of the library ( see screenshot).
Click to expand...

In recent versions of Safari, these legacy extensions do not work anymore. Safari extensions are baked into apps. You should check Safari preferences to make sure that there aren’t any extensions that you don’t recognise. Also make sure that your starting page/new tab page do not default to a weird website. You can check all of that in Safari preferences.

tobyreal said:
… but .. wow nice… the Etre Software pulled them all up ( see screenshot)
… so I guess I I click remove right !?
Click to expand...

A LaunchAgent with an executable in a hidden directory is a strong indicator of adware/malware. You should remove those LaunchAgents from your user library and remove these hidden directories as well. To make the user library and the hidden directories appear in Finder, you can use the following shortcut: command + shift + .
 
  • Like
Reactions: Apple_Robert
Adding to KALLT's comment


  1. Check which extensions are installed by going to Safari -> Preferences -> Extensions
  2. Run this command to list all system extensions: systemextensionsctl list
  3. Run this command to list all kernel extensions: kextstat | grep -v com.apple
 
  • Like
Reactions: Apple_Robert
I have checked the Safari preferences and also the Library also after I ran 2 different virus softwares to find the names of the files that I’m specifically looking for. Since I didn’t find them.
I decited to just purchase the software ( they only let you identify the problems with the free versions but to delete it if you can’t find them manually you have to buy the pro versions… which is ok because they should some interesting data about where all my storage is used up and other junk.
I use CleanMyMac X and Comb Cleaner.
CleanMyMac X actually found another adware which was “MacOSDefener” which seams to be populare aw well as the redirectory to the fake searchmachine searchnow . com which was set in my browsers. Everything is running smooth now.. but I guess the times when you didn’t have to worry about viruses as a Mac owner are over !!...
[automerge]1594789009[/automerge]
Another great free software is etresoft.com which a good customer service that helps me get ride of the redirectory
 
Last edited:
combo clean is another good one I found..
maybe buy one and double check system with the free version of the other and when something is till there take advantage of the 30 day money back guarantee like I did) Both softwares are pretty helpful with identifying where you have a lot of junk , duplicate files and other storage taken up … can all be done fro free but may take you hours or days… )
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back