views
Removing Suspicious Extensions
Open Safari. Your first step in getting rid of the malware that redirects your searches to Yahoo is to make sure you get rid of any unknown extensions.
Click Safari and select Preferences. The Safari menu is usually in the top left corner of your screen and the Preferences option is in the second grouping of menu items. You can also press Cmd + , to open Preferences if you have Safari open.
Click the Extensions tab. It looks like a puzzle piece with a compass needle inside.
Look for suspicious extensions. The extensions are listed on the left side of the window. You'll want to look for extensions that you don't remember installing, like Yahoo Redirect or Safe Finder. Other extensions that might be malware are named Chill Tab, Search Baron, Search Marquis, Search Mine, Search Pulse, Search Tools Hub, etc. Click the extension to see more information, like the developer's name and the permissions it has.
Click Uninstall. This button is in the top right side of the window under the name of the extension.
Checking Activity Monitor
Open Activity Monitor. You can find it in the Utilities folder in Finder.
Look for any suspicious process. Scroll up and down the list to make sure you recognize all the processes that are running. If you find an unfamiliar process, click it to select it, then Google it to make sure it isn't an important system process. Because there are so many different malicious apps, their names are unique and they are too long to list here. Killing a system process could cause your Mac to freeze.
Click x. You'll see this x on a stop-sign icon in the top left corner of the window. This will close the process that's selected. Click Force Quit when prompted.
Removing Suspicious Apps
Click Go and select Go to Folder. The Go menu is in the menu bar at the top of your screen as long as you don't have any other apps open. If you have Finder open, you can use the keyboard shortcut Cmd + Shift + G instead.
Enter "/Library/LaunchAgents" and click Go. This will bring you to the LaunchAgents folder.
Look for unfamiliar and suspicious file names. The names you're looking for may be pretty common-looking, but a quick Google search for a file name should let you know if it's important or malware. For example, some malicious file names have been "com.pcv.hlpramc.plist," "com.updater.mcy.plist," "com.avickUpd.plist," and "com.msp.agent.plist."
Drag and drop any malicious files to the Trash. Make sure that the files you put here are malicious since deleting important files could make your Mac run slower or not work.
Click Go and select Go to Folder. The Go menu is in the menu bar at the top of your screen as long as you don't have any other apps open. If you have Finder open, you can use the keyboard shortcut Cmd + Shift + G instead.
Enter "~/Library/Application Support" and click Go. You'll be directed to the "Application Support" folder.
Look for unfamiliar or suspicious folder names. The best tip for this is to look for folders that were created more recently and have names that aren't related to Apple products that you've installed, like SystemSpecial, ProgressSite, or IdeaShared.
Drag and drop any malicious folders to the Trash. Make sure that the files you put here are malicious (a quick Google search will let you know if the folder is bad) since deleting important files could make your Mac run slower or not work at all.
Click Go and select Go to Folder. The Go menu is in the menu bar at the top of your screen as long as you don't have any other apps open. If you have Finder open, you can use the keyboard shortcut Cmd + Shift + G instead.
Enter "~/Library/LaunchAgents" and click Go. You'll be directed to the "LaunchAgents" folder in your local directory.
Look for unfamiliar or suspicious file names. Again, these are files that will somehow relate to the Yahoo redirect virus and don't seem relevant to any Apple products that you've installed on your Mac.
Drag and drop any malicious files to the Trash. Make sure that the files you put here are malicious (a quick Google search will let you know if the folder is bad) since deleting important files could make your Mac run slower or not work at all.
Click Go and select Go to Folder. The Go menu is in the menu bar at the top of your screen as long as you don't have any other apps open. If you have Finder open, you can use the keyboard shortcut Cmd + Shift + G instead.
Enter "/Library/LaunchDaemons" and click Go. You'll be directed to the "LaunchDaemons" folder in your library.
Look for unfamiliar or suspicious file names. These are files that will somehow relate to the Yahoo redirect virus and don't seem relevant to any Apple products that you've installed on your Mac. They can have names like, "com.pplauncher.plist," "com.startup.plist," and "com.ExpertModuleSearchDaemon.plist."
Drag and drop any malicious files to the Trash. Make sure that the files you put here are malicious (a quick Google search will let you know if the folder is bad) since deleting important files could make your Mac run slower or not work at all.
Click Go and select Applications. This will show you the Applications you have installed on your Mac in a Finder window. You can instead press Cmd + Shift + A.
Look for any unfamiliar apps and move them to the Trash. You can scroll up and down the page to browse for any apps that you don't remember installing or any that you think may be the culprit for your Yahoo redirect virus. To move them to the Trash, simply drag and drop the app icon to the trash can icon in the Dock. Some apps may require you to enter your Mac admin password to move it to the Trash. Make sure to empty the Trash to permanently delete those files. To do this, click and hold the Trash icon and select Empty Trash.
Deleting Unknown Profiles
Open System Preferences. You can get to this window by clicking the apple logo in the menu bar and selecting System Preferences. The malware might've had permissions to make new profiles, and you'll want to delete them in order to eradicate any traces of the Yahoo redirect virus.
Click Profiles. The icon looks like a silver star with a checkmark inside it. If you have only 1 profile, you won't see this option.
Look for any suspicious profiles that you didn't make. The profiles are listed in the panel on the left side of the window. They might be named something like "AresLookup," "TechSignalSearch," "MainSearchPlatform," "AdminPrefs," and "Chrome Settings." If you find an unfamiliar profile, click it to select it and you'll see more details about it, such as when it was installed.
Click -. This minus button is below the list of profiles on the left side of the window and will remove the selected profile from your Mac.
Checking Login Items
Open System Preferences. You can do this by clicking the apple logo in the menu and selecting System Preferences. Some malicious coding will prompt the Yahoo redirect virus to act as soon as you log into your profile, so you'll want to make sure that doesn't happen to you.
Click Users & Groups. The icon looks like a pair of avatars on a grey background.
Click Login Items and look for any listed items that you didn't install. The items are listed in the panel on the right side of the page while the profiles are listed in the panel on the left. If you see a locked padlock icon, you'll need to click it to make any changes. Enter your admin password to continue.
Click -. This minus button will be below the list of login items and will remove the selected item from the login list.
Changing Homepage Settings
Click General. This tab looks like a light switch. If you don't have Preferences open anymore, re-open it by pressing Cmd + ,.
Click the drop-down next to "Homepage" and set your preferred Homepage. If this doesn't list a suspicious page, you can skip this step. Most people set this to "google.com" or their favorite website.
Click Search. It looks like a magnifying glass near the top of the window and will bring you to the search tab.
Click the drop-down next to "Search engine" and set your preferred search engine. This can be Google, DuckDuckGo, or any other search engine other than "Yahoo."
Close Safari. To do this, click the x at the top of the Safari page.
Clearing History and Cache Data
Open Safari. This app looks like a blue and white compass that you can find in the Dock or Applications menu.
Click Safari and select Preferences. The Safari menu is usually in the top left corner of your screen and the Preferences option is in the second grouping of menu items. Skip this step if you already have the "Develop" tab visible in the menu bar.
Click the check box next to "Show Develop menu in menu bar" to enable it. This will show a new option in the Safari menu bar that's at the top of your screen. Skip this step if you already have the "Develop" tab visible in the menu bar.
Click Develop and select Empty Caches. Clearing your cached data is one part of what you'll need to do to get rid of any traces left by that Yahoo redirect virus. Alternatively, press Opt + Cmd + E on your keyboard with Safari open.
Click History and select Clear History. The History tab is in the menu bar for Safari and the Clear History button is the last option in the drop-down menu.
Click the drop-down and select all history and click Clear History. This will clear all your history from your web browser, thus getting rid of the traces left by the Yahoo redirect virus.
Comments
0 comment