Jump to content

JakeM

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I had this problem as well last night. I have a cold and mistakenly installed a fake Adobe Flash Player (something I normally would never have done...) on my MacBook Air. I am attaching some screenshots here that are not in the above posts, so that if someone else is trying to fix their computer, they will know they are on the right track. If I had stopped to check the Custom Installation options of this fake Adobe Flash Player, I would have noticed something was wrong. It was installing things called MyShopcoupon, WeKnow, and Mac Cleanup Pro: Since I didn't check the Custom Install options, though, my first clue was only when the installer opened a Terminal script window while the installation was in progress. Then when I opened up Chrome and Safari, they were both taken over by new home pages and weird search engines. In Chrome, it was as shown in the original post - where Google is normally written on the google homepage, instead the word "search" appeared with the letters in Google colors, and with a button for "Smart Search" below it. I first installed Malware Bytes. It found some bad files that it quarantined that were part of the MyShopcoupon mess, and then required a restart. After restarting though, Safari and Chrome were both still hijacked. I then searched a bunch and eventually found this thread. Thanks a bunch to you guys here for the good advice! I entered the six lines into Terminal as suggested by the original poster (tacoma). It didn't fix the problem with the hijacked browsers, but I still think they were good measures to take. I then followed the link in Alvarnell's post above, which led to a post in this forum by Treed entitled "How to remove WeKnow malware (and others)". This was extremely helpful. Be sure to also follow the link in this post to remove fake profiles that are installed, as well. Here are what the fake profiles looked liked on my laptop, when I opened System Preferences and then Profiles (Normally the Profiles icon is not even listed in System Preferences on my laptop. This Malware had just created two new profiles - one each that modified Safari and Chrome, which you can see if you scroll down to the "DETAILS" section). Then I selected each of them and clicked on the minus sign to remove each one. Here are screenshots showing what the two bad profiles looked like: I then followed the rest of the instructions in Treed's post for cleaning up Safari and Chrome. I mostly use Chrome, so I first exported my bookmarks before deleting Chrome, so they wouldn't get erased. I restarted my laptop, imported the bookmarks and everything looks good so far! I am appreciative of this forum and all of its great advice. I waded through a lot of junk and ineffective advice to remove this malware before finding this post. A lot of the bad advice included instructions to install other programs to remove the malware. Some google searching revealed that these programs are themselves malware. Fortunately I knew enough to not install programs like that, or I would next be searching forums to figure out how to remove the new malware! I still worry a little whether there are lingering files or spyware, even though everything looks back to normal (probably an irrational fear). I would be curious to hear from others that have followed the same steps, about whether their computer has remained totally clean after employing the fixes above.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.