Jump to content

.mitmproxy and Additionalchannelsearch removal


Recommended Posts

I have been having problems with a very slow Mac and even slower internet connection making the internet unusable including email not connecting.

After running Malwarebytes .mitmproxy and additionalchannelsearch get quarantined and everything runs well 

This happens each time I turn the computer on

How can I find out how to remove these problems rather than quarantine them on startup?

I did find an article about .mitmproxy however I followed the steps to remove a keychain certificate but couldn't find one.

Link to post
Share on other sites

I'm guessing you read this article: https://blog.malwarebytes.com/threat-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/ which states, in part that

Quote

 

Malwarebytes for Mac will detect and remove the components of this malware, which is detected as OSX.SearchAwesome. However, it will not remove the components of mitmproxy, since that is a legitimate open-source tool. If you are infected, you should remove the mitmproxy certificate from the keychain (using Keychain Utility).

 

The way I read that would seem to indicate that mitmproxy components are not being removed on purpose, in case you have installed that tool on purpose. Unfortunately there doesn't appear to be any instructions on how to remove it from glancing through the documentation. If it had been installed using brew, then it would be easy to uninstall, but that won't help in your case.

I see there are appear to be at least three components involved:

  • mitmdump
  • mitmproxy
  • mitmweb

but I don't know where they are located on your Mac and I doubt that Spotlight or Finder will be able to find them, so maybe use Easy Find.

If that doesn't help then you might have to wait until the Malwarebytes staff person who analyzed this infection comes to work on Monday.

Link to post
Share on other sites

Thanks @alvarnell for replying.

yes that's the document that I read and have tried searching using finder but as you say, it didn't give any results.

I have easy find installed but have forgotten that I had it, I searched for mitmproxy and additionalchannelsearch, the only locations found were in Malwarebytes folders. So I'm not sure how its appearing again on startup...

 mitmdump and mitweb didn't show any results

Link to post
Share on other sites

  • 1 year later...

Despite Malwarebytes protestations, it does NOT remove this Adware. Yes it finds, it, yes it tells you it is quantising it, yes you can then delete it from the quarantine. But the next time you use it it's back. You can go to Apple logo drop-down, preferences, network, advances, proxies and see Socks proxy ticked...again!

My solution was a joint effort using Apple support and upgrading to the latest edition. I'll let you know when I hear back from Malwarebytes...yawn, don't wait up, it's been 9 days so far!!!

Link to post
Share on other sites

  • 3 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.