Jump to content
PastorJGP

Chrome browser hijacked by "Search Encrypt" on MBP running OSX 10.10

Recommended Posts

My wife's  MacBook Pro (Mid 2012) running Yosemite (10.10.5) had its Chrome browser hijacked by "Search Encrypt" 3 days ago.  I spent the evening following online recommendations:

1) removing the offending extension or app - NONE FOUND

2) within Chrome "Restore settings to their original defaults" - DIDN'T WORK

3) Remove Chrome and various files & pref's from Library;  

    3A) Downloaded and ran Malwarebytes - Didn't find anything

    3B)  and then download and do fresh install of Chrome.  - This worked - UNTIL she re-synced bookmarks, etc from her Google account.  Chrome was immediately re-hijacked as before.

4)  For now, I've re-deleted Chrome,  and she's using Safari, though it is greatly impeding her normal work flow in her school classroom.

 

SO...  I need help!  I assume that Search Encrypt has hidden something in what's synced to her Google account, and it may be synced into her Android phone also, though she hasn't mentioned any problems there yet.  

 

Any recommendations would be appreciated!

 

Share this post


Link to post
Share on other sites

Actually, it looks like you've done almost everything listed in How to remove WeKnow malware (and others) and it's seems clear it's related to re-syncing which almost always means that the  issue is coming from another computer/device with the same account. My guess would be the same as yours, the Android.

Still worth making sure you've done everything covered in that other article, but the phone could still be the culprit without showing the same systems since the OS and browsers are different.

Share this post


Link to post
Share on other sites

Thanks for the input, Alvarnell.  I haven't gotten to do anything on my wife's MBP yet, except to recheck that there was no Profiles icon in System Preferences, hence no malicious profiles.  

Since google stores everything from Chrome sync in its cloud, I doubt that somehow finding and deleting something on the Android will save the day.  But I would welcome any recommendations about how to isolate whatever might be coming back in a sync from Google.  My wife would be very disappointed if we have to delete all her bookmarks.

Anybody out there have ideas on this??

 

Share this post


Link to post
Share on other sites

Here are some thoughts on that topic from the Windows Forum: 

 

Share this post


Link to post
Share on other sites

Ok, Alvarnell, that looks promising.  It may be a bit, but I'll re-post after trying that.  Thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.