TechEmpireSearch Pop UP???

[MacInWin]

I am researching DetectX - a bit leary of such "cleaners".

No need to be leery of DetectX Swift. It works well, does exactly what it claims to do. Detects and offers to eliminate malware. It will do a better job at getting rid of malware than you can do manually. So if it finds TechEmpireSearch stuff, it will delete it for you.

The user "root" means it started at boot, before any user logged in, and is "owned" by the system. That is also why it doesn't show under login items in your profile at System Preferences. Let DetectX get rid of it for you. It may have also spread around other files with ambiguous or unrelated names. That's how malware works.

If you want to try to get rid of it yourself, boot into Safe mode, verify that it is NOT running (it should not be) and then search for where the three files are and delete them, then empty the trash. Reboot into normal mode and see if that killed it.

 

[Lifeisabeach]

I am researching DetectX - a bit leary of such "cleaners".

I looked at the Activity Monitor again and did a search on any app starting in "tech". See below. Note that all 3 entries are owned by "root". That's the "admin", right? If one goes into the terminal emulator as "root" are there tools or things one can do to get rid of stuff root owns? Are there any suggested links that one can educate themselves about these matters?

Thank you, All, for helping with this. ))

I can assure you... all the regulars here are leary of "cleaners" and regularly caution against them. But there are utilities that do have real value and DetectX is one of them. I didn't even know of it myself until having seen it mentioned a few times since getting a bit more active here lately.

 

[judger]

Bit the bullet and downloaded free version of DetectX Swift and ran it. It found only 6 items. Five of them were related to TechEmpireSearch. Two were in /Users/.../Library folders - "..." replaces sensitive iMac ownership information. Two were in /var/root/.TechEmpireSearch/ folders. One was in /Library/LaunchDaemons/com.TechEmpireSearchP.plist/. Deleted these 5 and rebooted as requested.

Now I will just wait and see if the pop-up is gone.

Appears that the DetectX Swift recommendation is a good one. Thank you very much.

 

[Lifeisabeach]

Bit the bullet and downloaded free version of DetectX Swift and ran it. It found only 6 items. Five of them were related to TechEmpireSearch. Two were in /Users/.../Library folders - "..." replaces sensitive iMac ownership information. Two were in /var/root/.TechEmpireSearch/ folders. One was in /Library/LaunchDaemons/com.TechEmpireSearchP.plist/. Deleted these 5 and rebooted as requested.

Now I will just wait and see if the pop-up is gone.

Appears that the DetectX Swift recommendation is a good one. Thank you very much.

Good to hear. You are the second member today to be rescued by this piece of software.
Safari hijacked by Search Pulse

 

[MacInWin]

Two were in /var/root/.TechEmpireSearch/ folders.

That would have caused you some trouble to get rid of manually. The "." in front of the folder name makes it hidden. You can get there, but it is definitely harder and was an attempt by the bad guy to hide his software. Glad you got it sorted out.