Jump to content

Recommended Posts

I read on one forum that someone used Adware Doctor from the app store to remove it. It has good reviews. It is $9.99 and will remove it automatically.

Share this post


Link to post
Share on other sites

The VSearch malware responsible for this changes almost daily, so it's difficult for any singly scanner to work every time. About all you can do for now is to keep trying each of the solutions offered here and submitting samples of anything found.

Share this post


Link to post
Share on other sites
1 hour ago, Duvall2417 said:

I read on one forum that someone used Adware Doctor from the app store to remove it. It has good reviews. It is $9.99 and will remove it automatically.

Do not use Adware Doctor! I'm not sure which of the three Adware Doctor apps that are on the Mac App Store you're referring to, but it really doesn't matter... they're all junk apps.

Share this post


Link to post
Share on other sites
1 hour ago, alvarnell said:

The VSearch malware responsible for this changes almost daily, so it's difficult for any singly scanner to work every time. About all you can do for now is to keep trying each of the solutions offered here and submitting samples of anything found.

Actually, the confusing thing to me is that I've only ever seen one particular VSearch variant installing Chill-Tab, and Malwarebytes has been detecting it for a while now. Even on this thread, it's always the same file installed: macsearch.plist. So I'm not sure where the difficulty lies with removing it.

Share this post


Link to post
Share on other sites

I'm also suffering from the Chill-Tab problem on OSX Sierra.  Chill-Tab adds itself to Chrome as the search engine (yes, I remove it each time).

I first used Antirus Zap which found and removed some stuff.  

Then after still suffering from the Chill-Tab problem, I tried Malwarebytes.

It found a removed a few more things.

But the Chill-Tab problem remains.  I scan and it finds no more threats.

I'm a veteran software developer and know what I'm doing on a computer, so if you need files/tests/whatever to help track down this issue so that Malwarebytes can remove this nasty adware virus, let me know.

Thanks,

Thomas

 

 

Share this post


Link to post
Share on other sites
14 minutes ago, ThomasFredrik said:

I'm also suffering from the Chill-Tab problem on OSX Sierra.

Can you clarify what the problem is that you're seeing? Are you seeing repeated attempts to install this extension? Do you actually have the Chill-Tab extension installed? Or is it something else?

Share this post


Link to post
Share on other sites

I typically use Google Chrome as my browser, and of course google for things all day long.  After a search, I'll notice that the icon in the browser tab which I've just used for the search is a purple Y, used by Yahoo, signaling me that something is wrong (since I use google for the default search engine).  Upon search, Chill-Tab seems to do some redirects (generating views for paid ad-content I assume) and then the search results come up (provided by yahoo I believe).  So I'll open Chrome preferences with Command-comma, and under search engines see that Chill-Tab is listed as the default search engine.  I turn that off, and then remove it from the list.  At some point it will just appear again.

The details are from memory - I'll verify when it happens again that it's actually Yahoo doing the eventual search etc, but you get the idea.

As I mentioned I'm a developer, so have looked in /Library/LaunchAgents, /Library/LaunchDaemons, and ~/Library/LaunchAgents for suspect .plist files that might be launching something, but I don't see anything obvious - just things from adobe, google, device drivers I know I use, etc.

I have scanned with Malwarebytes, which finds nothing.  I've done this also immediately after a reboot, immediately after removing Chill-Tab as a search engine, etc.  No luck.

 

Share this post


Link to post
Share on other sites

Hi everyone

I found that Chill tab created files called macsearch, SafariSetter.safariextz, SafarExtInstall and sf.plist, then created a whole host of GUID named folders and tar.bz files, all in the Shared folder. I deleted these and the problem seemingly went away until I rebooted. It came back up afterwards, but after installing Malware Bytes, it picked up a few other .plist malware files and quarantined them. Have restarted a few times and now the problem hasn't occurred.

If you can't be fussed with installing MWB, I'd do a search for any .plist and .safariextz files that were created after you noticed the problem happening, just quarantine all of them and see if the problem keeps occurring.

Hope this helps!

Edited by dirango
updated information

Share this post


Link to post
Share on other sites

If you choose the manual approach, just be careful about what .plist files you remove. You should only remove them from LaunchAgents or LaunchDaemons folders, and should be aware that removing the wrong .plist files could disable or damage legitimate software. Sometimes it can be difficult to know which ones are legitimate and which ones aren't, and I've seen people trash their systems with manual removal attempts.

Share this post


Link to post
Share on other sites

the highlighted file here is the one that I found was doing the damage, SafariSetter.safariextz, haven't got it since its been removed, to get here go into your computer/macintoshhd or whatever and then in users, and then into shared. at the bottom you should find... "the problem"Screenshot_2017_09_25_17_31_16.png.3fa0db4c3f96609e265fb643dfd4f49e.png

Share this post


Link to post
Share on other sites

Hello, 

I don't remember where I read this but I did it and it worked.

I restarted my macbook, and ran the malwarebytes immediately. It found 3 things :

/Library/Application Support/Agent/

/Library/LaunchAgents/com.Sambara.plist

/Library/LaunchAgents/macsearch.plist

and I clicked on delete...

The pop-ups stopped ever since then...this was maybe a week ago. and the Chill-tab in my extensions did not reappear...I hope it helps..

Screen Shot 2017-10-09 at 1.07.14 PM.png

Share this post


Link to post
Share on other sites

MellyKM,

Underrated post. Thank you so much. I've been searching all over the internet how to get rid of this chill-tab virus. I went into Finder, to Library>Application Support>Agent and "mac search", was right in there and the date of that file matched same time frame when I first got the virus. I deleted it and restarted and it's gone from my Firefox. Before it would set chill-tab as both my home page and search engine even after I'd manually change it, every time I opened Firefox it would be back again. But now it's gone! And I didn't have to install any MacKeeper or MacSweeper like nearly all the other websites said to do

Edited by Tiff94

Share this post


Link to post
Share on other sites

You are welcome @Tiff94..I hope it won't come back lol. This was so annoying, I had the same problem...chill-tab would always add itself back every time.. and popups all the time ! 

Edited by MellyKM

Share this post


Link to post
Share on other sites

I've been having the same problem for about two weeks. Here's what worked for me:

I stumbled upon this article http://applehelpwriter.com/2017/07/23/terminal-tricks-for-defeating-adware/ and while it was informative, I'm not super tech-savvy so I didn't understand half of it. However, at the very end, he offers a program called DetectX Swift Beta (https://sqwarq.com/detectx/detectx-swift-beta/). Sure enough, after downloading and running the program, there were multiple files in various locations under the Macintosh HD/Library system files. After I got those deleted/quarantined, I rebooted and all was well.

I also suggest checking under Macintosh HD/Users/Shared folder -- I found that each restart spawned 3 new install files from the malaware.

Hope this helps you!

Share this post


Link to post
Share on other sites

Hello. I am new and I found out about malwarebytes but googling this same question. After installing and running your software I still have the chillware virus :(  any ideas on how to rid this? Its starting to piss me off.

Share this post


Link to post
Share on other sites

First, make sure you have read and tired each an every one of the tips that have already been posted above.

If none of those completely solve your issues then give us something we can respond to. Tell us exactly what you are seeing in great detail and include screen-shots if necessary.

Share this post


Link to post
Share on other sites

Ok... Thank u @alvarnell for getting back to me. I read your reply & did everything I saw here. Found out thru the the app that @thepoppunkqueen recomended that I had a "keylogger" virus (whatever the hell that is? Didnt sound good tho) and had several different services similar to yours try their magic all to no avail. I tried running malwarebytes again after last restart and got this...

Untitled.thumb.png.15ba5552638b99b365edba1bb35c1651.png

i am running...

 

5a311d695f397_ScreenShot2017-12-13at5_30_01AM.png.dd29d6efbaddf34ab7a4860b63719e65.png

 

sorry if i am breaking any forum rules guys... i am completely computer illiterate and I try to be up on the way all this works but I am not... not at all. Any help is appreciated. thx

Share this post


Link to post
Share on other sites

For some possible solutions to the "Background service is offline" problem, see:

https://support.malwarebytes.com/docs/DOC-2120

If upgrading to Malwarebytes for Mac 3.1 solves the problem, it was caused by a bug in macOS that results in abnormal operation of the system keychain file. This bug can cause other problems, such as an inability to store new wifi passwords. If you are seeing such issues, you should contact Apple Support for help resolving that keychain problem.

https://support.apple.com

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.