Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Resolved Help - Rocket Tab/MegaOffers malware on Chrome for Mac OS X

bijtis

bijtis

macrumors newbie
Original poster
Jan 22, 2016
17
4
Hey all,

I've somehow managed to infect my MBP with software that randomly opens new tabs and pop-up windows in Chrome, as well as embedding fake ads at the top of google search pages, usually marked "Rocket Tab by MegaOffers" or something similar.

I'm obviously concerned for the wider security risk this poses, but I don't know where to start with it's removal. Google searches on the subject produce a number of dubious sounding solutions, which may or may not be promoted by the virus itself.

The same behaviour isn't replicated in other browsers, e.g. Safari, so it's latched onto chrome in particular, but I can't see any odd extensions or plugins/apps. I installed AVG to scan my system and it turned up nothing, and a search of my system turned up nothing for "MegaOffers" or "Rocket Tab".

Can anyone help me find and remove this malware?

Thanks in advance.
 
Thanks, but it did not. It found and removed Spigot, but after restarting, the same behaviour persists.
 
Still no use... thanks for the suggestions so far though.
 
If you have Chrome sync setup it's going to re-add extensions when you re-install Chrome. Double-check the extensions and other advanced settings.

Check your Applications folder for any spurious apps you don't recognize, also.
 
If MalwareBytes didn't get it, it's very likely this is due to an Extension (MalwareBytes doesn't clean Extensions). Also, check your settings for the default home page and search engine.
 
Nothing suspicious whatsoever in my Applications folder, and when I check out chrome://extensions I'm redirected to chrome://apps, which then forces me to go to the Chrome web store to check my extensions. In any case the only two I have are ABP and Go****ingWork - or at least they are the only two listed.

I logged into my Google account through Safari to see if there were any odd services attached to my account, but there was nothing at all.

Nothing is out of place in my Chrome settings, no weird toolbars or anything installed.

The unwanted activity is spreading to other sites, with obviously non-kosher ads appearing on websites that I know don't have any advertising. I'm increasingly concerned about the safety of my personal information. Anyone have any other ideas?
 
Give removing Chrome and its system stuff a try again.

Applications/Google Chrome

In user folder:

~/Applications/Chrome Apps
~/Library/Application Support/Google
~/Library/Google

Then reinstall. Don't log back into Google and don't add any extensions. Test.
 
BrianBaughn said:
Give removing Chrome and its system stuff a try again.

Applications/Google Chrome

In user folder:

~/Applications/Chrome Apps
~/Library/Application Support/Google
~/Library/Google

Then reinstall. Don't log back into Google and don't add any extensions. Test.
Click to expand...

Tested, worked, logged back into google, still worked. I had forgotten the extent to which application files persist in hidden folders after "uninstalling". Thanks for your help, Brian!

Fishrrman said:
Well, you could always just dump Chrome completely… ;)
Click to expand...

I wish! I've become so reliant on many of it's features... maybe next time I have a couple of weeks off to reorganise my entire... well, life!

Thanks for the input everybody!
 
BrianBaughn said:
Give removing Chrome and its system stuff a try again.

Applications/Google Chrome

In user folder:

~/Applications/Chrome Apps
~/Library/Application Support/Google
~/Library/Google

Then reinstall. Don't log back into Google and don't add any extensions. Test.
Click to expand...

AHH this thread is old now, but I'm having the same problem. I'm not super computer savvy, so do you mind giving the "dummies" version of this solution? Do I go to "Go-->Go to Folder" and then paste the above three things into the search bar? And if so, once I find those things, do I just delete everything in them? Any help is so appreciated. This is making my computer (and me) miserable.
 
Quit and delete the Google Chrome app.
  1. Go to Folder>~/Applications/Chrome Apps and delete everything in there (you can re-add later if you need to)
  2. Go to Folder>~/Library/Application Support/Google and delete the "Chrome" folder
  3. Go to Folder>~/Library/Google and delete everything in there
Use another browser to re-download and install Google Chrome.
 
I didn't want to reset Chrome and lose all my browsing history, cache, cookies, etc.

I found another solution here:

I was not seeing a "Rocket Tab" extension anywhere, nor an application on my mac. One of the comments in that video above, suggested that "Youtube Downloader" was loading rockettab. So I removed Youtube Downloader extension and that solved my problem!

Hope this helps someone else ツ
 
  • Like
Reactions: micokeman
jordoday said:
I didn't want to reset Chrome and lose all my browsing history, cache, cookies, etc.

I found another solution here:

I was not seeing a "Rocket Tab" extension anywhere, nor an application on my mac. One of the comments in that video above, suggested that "Youtube Downloader" was loading rockettab. So I removed Youtube Downloader extension and that solved my problem!

Hope this helps someone else ツ
Click to expand...
Worked!
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back