browser hijacker

Discussion in 'OS X Yosemite (10.10)' started by -FlyAuburn-, Aug 7, 2015.

  1. -FlyAuburn- macrumors regular

    Jun 2, 2010
    So, I just got my new 5k iMac and have been playing around with different things.

    One of them is openemu. Some of the zipped emulator games need 7-zip to unzip them, so I downloaded it and installed it.

    Apparently it had at least two forms of malware embedded in it (at least the download I used).

    The first was "Premier Opinion", which is a fairly nasty piece of spyware that I appear to have removed through both simply deleting it and its Launch Agent lines, and using Malwarebytes.

    The second however is a browser hijacker, that managed to hijack Safari/Firefox/Chrome simultaneously with an obviously nefarious search engine "". I've deleted it manually from Safari and Firefox, and tried from Chrome, but it keeps coming back.

    My plan when I get home and get a chance is to try Sophos (just learned about it) and AdwareMedic to see if they fix the problem. Malwarebytes didn't.

    I also found this on Apple Support that I will try if those don't work:

    Anyway, if those don't work I don't know what to do. Anybody run into this one or have any ideas for solutions?

    Running the latest version of Yosemite.
  2. M@C macrumors member

    Jul 30, 2015
    You should only download software from trusted sites.

    Instead of messing around with multiple spyware/adware/malware remover software, just wipe the HDD clean and do a fresh install (I mean you just got your iMac, right?). After that, download The Unarchiver. It handles 7-Zip.
  3. -FlyAuburn- thread starter macrumors regular

    Jun 2, 2010
    That wasn't very helpful. Yes this Mac is new but I just spent all day restoring from a Time Machine backup and installing Windows 10 via boot camp. I'd really rather not do that again.
  4. M@C, Aug 7, 2015
    Last edited: Aug 7, 2015

    M@C macrumors member

    Jul 30, 2015
    You wrote that you don't know what to do and that you need ideas for solutions. I gave you some.
  5. Weaselboy Moderator


    Staff Member

    Jan 23, 2005
    Did you look in Safari and Chrome both to see if there are any extensions installed that might be doing this?

    Try running the app Etrecheck and post up the output from the apps report. It will show all login and startup items and may help ID the bugger.

    If you quit Safari, then hold the short key when launching Safari, does that stop the behavior?

Share This Page