Troubleshoot Mac Cleanup Pro / search-operator stuck on my computer

Infected operating system
Mac OS high Sierra 10.13.1
Infected device issues
My chrome is being "managed by your organization" and unable to change homepage/new tab page. I've tried Malwarebytes, combo cleaner, AVG, manually went through caches, deleted sketchy programs....nothing is working. this has presented itself on my computer as Mac Cleanup Pro, and search-operator.
Browsers affected by infection
  1. Chrome
Browser Settings: Homepage and Default Search Engine
the search engine is set to search-operator. View attachment 215764View attachment 215765
Browser extensions
There are no extensions currently installed (that I can see) I did delete "search-operator"

USBholes

New Member
Thread author
Jun 28, 2019
5
I HAVE TRIED EVERYTHING. I went to my friends website, it told me I needed a flash update, I clicked it (stupidly), stopped the install half way through, but it was too late. My chrome is being "managed by your organization" and I'm unable to change the homepage. I've deleted all extensions, ran Malwarebytes, AVG and combo cleaner. I've manually cleared caches, uninstalled sketchy applications, uninstalled/reinstalled chrome.....everything. Nothing is working.
 

Attachments

  • Screen Shot 2019-06-28 at 6.06.27 PM.png
    Screen Shot 2019-06-28 at 6.06.27 PM.png
    341.7 KB · Views: 511
  • Screen Shot 2019-06-27 at 3.37.43 PM.png
    Screen Shot 2019-06-27 at 3.37.43 PM.png
    637.5 KB · Views: 437

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Hello,
First, let's check if there's an AdminPrefs file on the device. If it's there, you should remove it.

  1. Go to System Preferences.
  2. Click Profiles.
  3. The list will include an item “AdminPrefs“. Select this and click the remove “” button in the lower left corner.
If there isn’t a Profiles icon, you don’t have any profiles installed, which is normal.

Next, to completely remove this browser hijacker from Chrome, we will need to uninstall the browser and delete all data, then reinstall.
To do this, make sure you’re in the Finder, click on Go > Go to Folder, then go to the below folders and delete the below files or folders.


Code:
/Applications/Chrome.app
/Library/Application Support/Google/
/Library/Google/
~/Library/Application Support/Google/
~/Library/Google/
~/Library/Preferences/com.google.Chrome.plist

Be aware that this will delete all data for all Google apps you have installed, such as Chrome bookmarks. Export any data you want to keep beforehand.

Be sure to delete the correct item, as deleting the wrong item could cause data loss or even damage to your system or other apps. Once they're moved to the trash, click Empty.

After deleting all these files, restart the computer. Then re-download Chrome and reinstall. You will need to import any exported bookmarks or other data, and may need to reinstall any other Google apps that you use.
 
  • Thanks
Reactions: USBholes

USBholes

New Member
Thread author
Jun 28, 2019
5
Hey Jack - thanks

unfortunately, I did all these steps but I'm still seeing that I'm being managed by an organization. When I go into the other accounts on my mac and open chrome, I'm not having this problem, which I find odd. Below is a screenshot of the policies this "organization" has set. Any other ideas? Thanks again.
216506
 
Last edited:

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Lets reset the Chrome Policies:
  1. Open a new Terminal window. (Finder > Go > Utilities > Terminal)
  2. Enter the following commands, pressing enter after each line:
    Code:
    defaults write com.google.Chrome HomepageIsNewTabPage -bool false
    defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"
    defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"
    defaults delete com.google.Chrome DefaultSearchProviderSearchURL
    defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
    defaults delete com.google.Chrome DefaultSearchProviderName
  3. After running these commands, quit Chrome if you haven't already done so, then launch it again and check chrome://policy to see if the same keys are still present (you may need to click the "Reload policies" button for changes to show up). If they're gone, you should be able to change your search engine and home page back to your preferred defaults in Chrome's settings.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top