Jump to content

Recommended Posts

I have a Macbook running Sierra.  The computer has been infected with the Chumsearch virus.  The Profile icon is greyed out and other local admin accounts are affected as well.   Safari and Chrome have been affected by this issue. On both browsers, nothing appears in Extensions.

I have tried the following with no luck.

Reset both browsers, did not fix it

Ran Malwarebytes, did not fix it

Ran Avast, did not fix it

Nothing in Applications to remove

Chrome- Cleared the cache images and files.  Cleared cookies and other site data

Safari- Removed website data

I don't want to wipe the drive and start from scratch. I want to fix the problem.  I am not sure how to remove Chumsearch.  I am sure there is something I am missing.

Share this post


Link to post
Share on other sites

I'm guessing when you say the Profile icon, you are referring to System Preferences->Profiles? If you don't have and never have had a profile installed, then there shouldn't be any Profile Icon there at all, and if it's greyed out then that could well be an indicator of the source of your problem. Best information I can find is that if it was installed it would be in /var/db/ConfigurationProfiles/ somewhere.

There are some instructions at the bottom of this article New Crossrider variant installs configuration profiles on Macs that may be useful. 

Share this post


Link to post
Share on other sites

When you say the Profile icon is grayed out, can you provide more details about what you're seeing? Make a screenshot by following the directions here:

http://support.apple.com/kb/HT5775

Attach the screenshot file, which will be found on the desktop, to a reply to this message.

Share this post


Link to post
Share on other sites

The Profile icon is greyed out means exactly that. You can't click on it or do anything with it. This issue has everything to do with the configuration profile.  This statement "the configuration profile that is installed forces both Safari and Chrome to always open to a page on chumsearch[dot]com. This also prevents the user from changing that behavior in the browser’s settings" is exactly what is going on. 

Although it is not clearly stated in the article, I am guessing if I run this command:

sudo profiles -R -p com.chumsearch.www

It should remove the threat?

Share this post


Link to post
Share on other sites

So, I am looking for some variant of com.myshopcoupon.www which is associated with chumsearch.  If Malwarebytes doesn't find any threats then how do I remove anything associated with myshopcoupon?

Share this post


Link to post
Share on other sites

What did you get when you ran

sudo profiles -L

or, if running 10.13.x

sudo profiles list

That should tell you the name of any profiles you have installed and help identify the one you need to remove.

Share this post


Link to post
Share on other sites

I didn't run anything yet.  I wanted to know if I run 

sudo profiles -R -p com.myshopcoupon.www

Does this remove the threat and anything associated with chumsearch?

Share this post


Link to post
Share on other sites

That command should remove this profile, but I'm not sure why the Profiles icon would be grayed out. Is this machine managed by your employer? If so, you may not have the ability to remove profiles. If that's the case, I can't say whether that command will actually work.

Share this post


Link to post
Share on other sites

We can't be sure that the profile is named "com.myshopcoupon.www" until you run the first command to list all the profiles. It's possible that it has a different name that's why you have to run the list command first.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.