Safari hijacked by Search Pulse

[SteveHB]

Google search has been replaced by search pulse.net, it's greyed out homepage so I can't reset it and a search of my Mac can't find an app for me to delete. It appears to be a virus and I'm guessing I need a tool to remove it. any advice please?
Safari Version 13.0.4 (13608.4.9.1.4)

Steve

 

[Slydude]

Give these directions a try. I know it is pushing some removal software but there's no need to download that software just follow the directions. I'm trying to find better directions but everything I'm seeing is pushing some piece of removal software. Don't bother downloading any of the software.

It wouldn't surprise me if one or more of these sites are pushing their software as a means of installing their own little piece of malware. The things that bother me about the sites where I've found directions so far are as follows:
1. They consistently use the term virus to refer to something that is a browser hijack. That may be pedantic but people who take this seriously and aren't trying to scare up customers take that distinction seriously.
2. The proposed fx isn't doing anything a user can't clean up in a few minutes.

 

[SteveHB]

Thanks Kevin

I've deleted the only two extensions and as many associated files as I could find, both Trustear. Deleted all Profiles showing, Appollo search. Deleted a few .plist from the Libraries. Rebooted and so far no sign of the virus.

Cheers

Steve

 

[MacInWin]

There is no virus for the Mac at this time. You can try DetectX Swift (Search for it.) and see what it finds as malware. Not a guarantee, but it's pretty good.

 

[Rod]

Detect X (Swift is the light version) is pretty good and a bit of a benchmark for malware removal these days. You can download it here and its free to run. DetectX – sqwarq | security for your mac
Let us know what it finds, if anything.

 

[Lifeisabeach]

Give these directions a try. I know it is pushing some removal software but there's no need to download that software just follow the directions. I'm trying to find better directions but everything I'm seeing is pushing some piece of removal software. Don't bother downloading any of the software.

It wouldn't surprise me if one or more of these sites are pushing their software as a means of installing their own little piece of malware. The things that bother me about the sites where I've found directions so far are as follows:
1. They consistently use the term virus to refer to something that is a browser hijack. That may be pedantic but people who take this seriously and aren't trying to scare up customers take that distinction seriously.
2. The proposed fx isn't doing anything a user can't clean up in a few minutes.

I've noticed this twice now recently. There's definitely something fishy afoot with this sudden surge in malware removal tools lurking on sites that otherwise have seemingly sound advice to remove something oneself.

 

[Lifeisabeach]

Detect X (Swift is the light version) is pretty good and a bit of a benchmark for malware removal these days. You can download it here and its free to run. DetectX – sqwarq | security for your mac
Let us know what it finds, if anything.

DetectX Swift is actually the current and more feature-rich version replacing the original DetectX. He calls it "Swift" now because it eliminates the live progress update and just scans away, only letting you know when it's done. There's a video demonstrating this and it's crazy fast.
Compare Features – sqwarq | security for your mac

 

[SteveHB]

Well it's certainly swift, scanned so quickly I was sat there waiting for it to start!
This is the result:
Well it would be if I could work out how to get the screenshot to paste. Using attach image seems to put in a line of dead text, is it dead?


Obviously not.

 

[Lifeisabeach]

Wow. Well you are practically overrun with adware. Those all need to go. You should also revisit your internet safety practices. There are stickies and other discussions in the Security Awareness section of the forums here that are worth reading over. At the minimum, get yourself a good adblocker. Malicious ads are a vector for tricking people into downloading adware. Everyone has their favorites here but I've come to prefer AdGuard for Mac. DetectX also has a handy option called Folder Observer that you should enable. It monitors the places that software can be auto loaded from on startup and lets you know if they get modified for any reason, legit or otherwise.

 

[MacInWin]

From the list I would conclude that at some point in the past you had a box pop up saying you needed to update Flash, clicked on the box and installed the "update" that way. And that let the malware get installed with your authority. Legitimate Flash puts an icon in System Preferences that takes you to Adobe.com to get the legitimate updates directly from them. Bad guys have been using Flash as an entry point for a long time and have it to the point where it looks pretty legit. As a safe browsing tip, never click on a popup box to install anything. If you want the software, go to either the Mac App Store or directly to the developer to get the software. Middlemen tend to add stuff that you don't want/need.

I'm with LIAB, get rid of everything in that report.

 

[SteveHB]

Many thanks Jake and LIAB,
Your advice taken, AdGuard on trial, DetectX registered. Memo to self about being careless and not doing the cost/benefit analysis on the cost of security software against the cost of getting ripped off!
Given the cost of my Volvo's EGR issue it really is pennies but that's for another forum.

Cheers