Jump to content

Chill Tab Malware

dmoran442
 Share

Recommended Posts

gammakid

gammakid

Posted
Posted
On 10/12/2017 at 11:47 PM, MellyKM said:

Hello, 

I don't remember where I read this but I did it and it worked.

I restarted my macbook, and ran the malwarebytes immediately. It found 3 things :

/Library/Application Support/Agent/

/Library/LaunchAgents/com.Sambara.plist

/Library/LaunchAgents/macsearch.plist

and I clicked on delete...

The pop-ups stopped ever since then...this was maybe a week ago. and the Chill-tab in my extensions did not reappear...I hope it helps..

Screen Shot 2017-10-09 at 1.07.14 PM.png

This solved it for me with one adjustment:

I had no Sambara.plist. However, there was another file with the same "added on" date as macsearch.plist in the Library/LaunchAgents directory, so I deleted that too and i've had no pop-ups since :)

 

Link to post
Share on other sites
  • 2 weeks later...
  • Replies 71
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

displayNameyo

displayNameyo

Posted
Posted

created an account because i cant get rid of this ####. here are 8 files that i managed to delete from library/launchagents, library/(forgot the name), and users/shared/ safarisetter :

(2) very long file names and the safari setter virus:

     a_F440F599 .... Unix E file

     a_F440F599 .... Folder

          SafariExtInstall .... Application file

(5) random other files found :

     App_457D34... .tar.gz .... GZip archive file

     com.unterminable.wd.plist .... property list file

     macsearch .... Unix E file

     macsearch.plist .... property list file

     SafariSetter.safariextz .... Safari extension file

 

The firs 3 keep repopulating in the Users/Shared/ folder location, which opens Safari and runs chill tab's home page. Pop ups occasionally occur. Once I delete the repopulating files its ok but have not found a permanent solution yet. :/

Link to post
Share on other sites
  • Staff
treed

treed

Posted
  • Staff
Posted
10 hours ago, displayNameyo said:

here are 8 files that i managed to delete from library/launchagents, library/(forgot the name), and users/shared/ safarisetter :

Some of those are things that Malwarebytes for Mac should detect, and others look like temporary files that will not cause any issues and will eventually be removed by macOS automatically. What version of Malwarebytes do you have installed?

Link to post
Share on other sites
MellyKM

MellyKM

Posted
Posted
On 12/19/2017 at 3:37 PM, gammakid said:

This solved it for me with one adjustment:

I had no Sambara.plist. However, there was another file with the same "added on" date as macsearch.plist in the Library/LaunchAgents directory, so I deleted that too and i've had no pop-ups since :)

 

Great news !!! :D

Link to post
Share on other sites
munchie

munchie

Posted
Posted

I got the chill-tab today. Malwarebytes didn't initially pick it up, but after a terrifying restart (where the usual loading icon was replaced with 5 glitchy ones), I ran another scan, which detected some problem files. 

After that, I still manually checked through my files and found a file in Users/Shared called sf.plist that appeared at the same time as I'd accidentally downloaded the malware. 

I deleted it, and then manually changed my search engine back to google and deleted the chill tab search engine. 

Seems to by chill (get it?) now, hopefully doesn't come back. 

Link to post
Share on other sites
munchie

munchie

Posted
Posted (edited)

cont. 

 

I also file in Library/Launch agents that appeared today at the same time (2:30) of my accidental download called com.preacquired.qg.plist

opening it up, I found it called to some other files in my computer that similarly appeared at 2:30. 

<string>/Users/_____/Library/preacquired.qg/preacquired.qg.app/Contents/MacOS/preacquired.qg</string>

also, just in library I found a lonesome file called 'instance' also from 2:30 and a folder called 'ApplicationaContents' which contains two text files 'instance' (another one) and 'uba', which call to 'preacquired.qg' and 'http://i.swiftinstaller.top/c/ci?tm=1&id=' respectively. 

 

one last thing. 

This malware seems to have forced an installation of mackeeper...thoughts?

Edited by munchie
forgot to mention something
Link to post
Share on other sites
thisisromel

thisisromel

Posted
Posted (edited)

I just got hit with Chill Tab today, and I've literally tried everything recommended on this thread. I created an account just so I can continue this.

I have managed to stop the adds from popping up in safari, but not firefox after downloading Malwarebytes.

I re-installed firefox after deleting it to see if that would help change anything since safari stopped showing popups, but nope still there.

I deleted all the files that people have mentioned but still nothing.

I'm on mac OS sierra

Edited by thisisromel
Link to post
Share on other sites
  • Staff
treed

treed

Posted
  • Staff
Posted

Some general advice for folks posting on this topic:

  1. Make sure you are using the latest version of Malwarebytes for Mac, downloaded from here, and not any previous version:
  2. Scan with Malwarebytes for Mac, remove anything detected, and restart the computer
  3. Review your browser settings, and fix them if necessary:
  4. If you have done all this and you're still seeing requests to install Chill Tab that are appearing on their own, not in response to something you're trying to install, please submit a support ticket here:
    • https://support.malwarebytes.com/community/consumer/pages/contact-us
    • Be sure to select Malwarebytes for Mac as the product
    • Run the Get System Profile script that is attached to this message and attach the file it creates to your support request
    • Do not post the output of that script directly here, as it may contain information that you don't want made public; this is why I ask that you submit via a support ticket instead.

Get System Profile.zip

Link to post
Share on other sites
Patrizio

Patrizio

Posted
Posted (edited)

I'm so damn grateful to Malwarebytes -- created this account just to thank you people. 

Got the "chill tab" thing exploding some days ago -- almost thought the mac was gonna burn. But got Malwarebytes up n' running, and for now (some hours) its back to good normal. Have to say that thing was sooo bad though, that I worry its still in there somewhere...

A note on where I think I got it: Downloaded what seemed to be a free adobe (or might have been office). Opened the installer the usual way -- everything looking normal. Then, once adobe or office or whatever it was was installed, these things exploded with the extensions-issue in the browser, non-responding apps and in general almost non-usable software all over.

Edited by Patrizio
Link to post
Share on other sites
  • 1 month later...
mobyj

mobyj

Posted
Posted (edited)

ive tried all the things i could understand in this thread and downlaoded malwarebytes. but unfortunate im using os 10.9.5 so its not available for my os.. HALP?

ive fixed chrome and safari (looks to me like it, theres no pop ups for aforementioned browsers) but firefox keeps reinstalling chill tab and making it default search engine and homepage.

Edited by mobyj
Link to post
Share on other sites
vicsylo

vicsylo

Posted
Posted (edited)

Hi All,

I got the virus about 8 hours ago and read through all the comments and I guess I removed it.  it hasn't popped up and no redirects either; rebooted my computer and everything. 

Here are the steps I took.

1. Download Malwarebyte and Ran It. Remove all threats.  Reboot, rerun it again.  Click Quarantine -> Show Files -> Manually Removed Them

2. Pop Up still showed up -> Opened Activity Monitor (in Utilities) -> Found a file called SafariExtInstall (or something similar) - used the "i" icon to find the file (copy the folder path and paste it Finder > Go > Go To Folder .  Remove SafaraiExInstall File.

3. Replaced my Chrome and Safari Search Settings Back to Google.com

4. Pop Up still showed up ->  go to Folder and copy and paste this path like in Step 2. "~/Library/LaunchAgents" .  Remove a file called Tapufind.plist (or something like that)

5.  Rebooted computer and its been 6 hours with no redirects and no pop ups.  Hope that helps!  

Edited by vicsylo
Link to post
Share on other sites
  • 1 month later...
Bawaal

Bawaal

Posted
Posted

Hey, thank you so much. This post helped me to solve my Chill-tab extension problem. This used to pop up everytime and kinda heated up my Mac and also drained the battery. 

 

 

I used Malwarebytes to delete few files and deleted some files in Macintoshd>library>launch agents/applicationsupport/applicationcontents/launchdaemon manually which were created on the same day the malware infected my Mac.

 

Thanks to all the people discussing their problems and experiences in this post and hope chill tab extension does not bother us anymore. peace XOXO

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.