search.lexside.com browser hijacker

Discussion in 'OS X Yosemite (10.10)' started by -FlyAuburn-, Aug 7, 2015.

  1. -FlyAuburn- macrumors regular

    Joined:
    Jun 2, 2010
    #1
    So, I just got my new 5k iMac and have been playing around with different things.

    One of them is openemu. Some of the zipped emulator games need 7-zip to unzip them, so I downloaded it and installed it.

    Apparently it had at least two forms of malware embedded in it (at least the download I used).

    The first was "Premier Opinion", which is a fairly nasty piece of spyware that I appear to have removed through both simply deleting it and its Launch Agent lines, and using Malwarebytes.

    The second however is a browser hijacker, that managed to hijack Safari/Firefox/Chrome simultaneously with an obviously nefarious search engine "search.lexside.com". I've deleted it manually from Safari and Firefox, and tried from Chrome, but it keeps coming back.

    My plan when I get home and get a chance is to try Sophos (just learned about it) and AdwareMedic to see if they fix the problem. Malwarebytes didn't.

    I also found this on Apple Support that I will try if those don't work: https://support.apple.com/en-il/HT203987

    Anyway, if those don't work I don't know what to do. Anybody run into this one or have any ideas for solutions?

    Running the latest version of Yosemite.
     
  2. M@C macrumors member

    Joined:
    Jul 30, 2015
    #2
    You should only download software from trusted sites.

    Instead of messing around with multiple spyware/adware/malware remover software, just wipe the HDD clean and do a fresh install (I mean you just got your iMac, right?). After that, download The Unarchiver. It handles 7-Zip.
     
  3. -FlyAuburn- thread starter macrumors regular

    Joined:
    Jun 2, 2010
    #3
    That wasn't very helpful. Yes this Mac is new but I just spent all day restoring from a Time Machine backup and installing Windows 10 via boot camp. I'd really rather not do that again.
     
  4. M@C, Aug 7, 2015
    Last edited: Aug 7, 2015

    M@C macrumors member

    Joined:
    Jul 30, 2015
    #4
    You wrote that you don't know what to do and that you need ideas for solutions. I gave you some.
     
  5. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #5
    Did you look in Safari and Chrome both to see if there are any extensions installed that might be doing this?

    Try running the app Etrecheck and post up the output from the apps report. It will show all login and startup items and may help ID the bugger.

    If you quit Safari, then hold the short key when launching Safari, does that stop the behavior?
     

Share This Page