Solved MyCouponSmart and SearchMine removal for mac

Infected operating system
Mac OS X
Infected device issues
Automatic redirection to certain websites (Yahoo mainly)
WebCam turning on (may be unrelated)
No black dots under open applications in the dock
Dock not automatically staying up (it was before)

funsch

New Member
Thread author
Jan 22, 2020
4
Hi!
I've spent a while trying to remove SearchMine as the default browser and the browser extension MyCouponSmart (both of these showed up at the same time) for Google Chrome. I've tried a lot of different things and nothing seems to be working. The virus seems to be only contained within Google Chrome. This is the first virus I've ever gotten and I'm far from an expert. Is there any way to fix this? MalwareBytes doesn't seem to be helpful with this even though it's a virus.
Thanks in advance!
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Hello and welcome to MalwareTips!
Can you copy chrome://policy into the URL bar and click Enter, then check if there are policies loaded in Chrome.
 

funsch

New Member
Thread author
Jan 22, 2020
4
Thanks for replying. Here's a screenshot.
 

Attachments

  • Screen Shot 2020-01-22 at 7.00.50 PM.png
    Screen Shot 2020-01-22 at 7.00.50 PM.png
    293.6 KB · Views: 393

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Ok, let's fix this:
First, let's check if there's any malicious Profile installed on your mac. To do this go to System Preferences > search for Profiles (if you cannot find any icon that means that you don't have any, which is normal). If you find the Profiles icon, click on it and use the minus "-" sign to remove all profiles.

Next:
  1. Open a new Terminal window: Finder > Go > Utilities > Terminal
  2. Enter the following commands, pressing enter after each line:
    Code:
    defaults write com.google.Chrome HomepageIsNewTabPage -bool false
    defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"
    defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"
    defaults delete com.google.Chrome DefaultSearchProviderSearchURL
    defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
    defaults delete com.google.Chrome DefaultSearchProviderName
  3. Reset your browser settings to default:
    1. On your computer, open Chrome.
    2. At the top right, click More (the 3 vertical dots) > Settings.
    3. At the bottom, click Advanced. Under "Reset Settings," click Restore settings to their original defaults > Reset Settings. Restart computer.
    4. After running these commands, quit Chrome if you haven't already done so, then launch it again and check chrome://policy to see if the same keys are still present (you may need to click the "Reload policies" button for changes to show up).
 

funsch

New Member
Thread author
Jan 22, 2020
4
When I run the code in terminal, when I enter the fourth line it responds with:

2020-01-22 19:17:08.781 defaults[778:234575]
Domain (com.google.Chrome) not found.
Defaults have not been changed.

It does the same for lines 5 and 6. Also, the Reset Settings isn't working (I'm pretty sure this has something to do with MyCouponSmart but I'm not sure). When I press "Reset Settings" it closes down and nothing happens.

Edit: Never mind everything worked the second time. Thank you so much!!
 
Last edited:

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Ok, let's reinstall Chrome.

In many cases, changes to Chrome may not be fixed with a simple browser reset. In such a case, it will be easier to completely remove Chrome and all data, then reinstall. To do this, click the Finder icon, from the menu bar. Choose Go, and click Go to Folder, then paste one of the below paths into the window that opens.

You will need to delete all of the below items, but before doing this be aware that this will delete all data for all Google apps you have installed, such as your bookmarks, so you will need to export them before doing this.

/Applications/Chrome.app
/Library/Application Support/Google/
/Library/Google/
~/Library/Application Support/Google/
~/Library/Google/
~/Library/Preferences/com.google.Chrome.plist
<<<< The "~" indicates that it's the current user's Library which is often invisible in recent versions of macOS. To get to it you must hold down the Option (sometimes labeled Alt) key down and select Library from the Finder's Go menu.

After deleting all of the above files, restart your device. You can now download and re-install Google Chrome on your device. You will need to import any exported bookmarks or other data, and may need to reinstall any other Google apps that you use.


Let me know if these steps fixed your issues.
 

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
As I said in the edit of my last message everything worked out. Thanks so much man, you're a legend.
I'm really happy that I could help! To protect yourself from such programs in the future I would install at least an adblocker for your browser. This will block ads and prevent malicious sites from redirecting your browser.

For Chrome I would recommend: AdGuard AdBlocker or uBlock Origin
For Safari I would recommend: https://apps.apple.com/us/app/adguard-for-safari/id1440147259?mt=12

Stay safe and feel free to post in other threads if you want. All the best!
 

Atzi

New Member
Jun 25, 2022
2
Ok, let's reinstall Chrome.

In many cases, changes to Chrome may not be fixed with a simple browser reset. In such a case, it will be easier to completely remove Chrome and all data, then reinstall. To do this, click the Finder icon, from the menu bar. Choose Go, and click Go to Folder, then paste one of the below paths into the window that opens.

You will need to delete all of the below items, but before doing this be aware that this will delete all data for all Google apps you have installed, such as your bookmarks, so you will need to export them before doing this.

/Applications/Chrome.app
/Library/Application Support/Google/
/Library/Google/
~/Library/Application Support/Google/
~/Library/Google/
~/Library/Preferences/com.google.Chrome.plist
<<<< The "~" indicates that it's the current user's Library which is often invisible in recent versions of macOS. To get to it you must hold down the Option (sometimes labeled Alt) key down and select Library from the Finder's Go menu.

After deleting all of the above files, restart your device. You can now download and re-install Google Chrome on your device. You will need to import any exported bookmarks or other data, and may need to reinstall any other Google apps that you use.


Let me know if these steps fixed your issues.
Hey I'm having a similar problem where my Chrome says "managed by your organisation" when I check tutorials they say there's a policy that needs to be deleted? The one I think needs removing is "ExtensionInstallForcelist", previously I had an extension that wasn't installed by me but I was able to get rid of it, however that didn't change my chrome being managed. I've tried so many things including everything you said in this thread, most tutorials say to remove the policies with the terminal but I tried that and got the same message
Domain (com.google.Chrome) not found.
Defaults have not been changed.

I even installed a "Chrome policy remover for Mac" and after using it, nothing changed.
Then I followed the reinstall Chrome steps you gave, I was able to get a completely fresh, new chrome but the one thing that stays the same is it's still showing "managed by your organisation" and the policy is still there. Any help please? I've been trying to fix this for hours.
 

Attachments

  • Screenshot 2022-06-25 at 18.01.04.png
    Screenshot 2022-06-25 at 18.01.04.png
    836.4 KB · Views: 152
  • Screenshot 2022-06-25 at 18.06.38.png
    Screenshot 2022-06-25 at 18.06.38.png
    1 MB · Views: 159

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Hey I'm having a similar problem where my Chrome says "managed by your organisation" when I check tutorials they say there's a policy that needs to be deleted? The one I think needs removing is "ExtensionInstallForcelist", previously I had an extension that wasn't installed by me but I was able to get rid of it, however that didn't change my chrome being managed. I've tried so many things including everything you said in this thread, most tutorials say to remove the policies with the terminal but I tried that and got the same message
Domain (com.google.Chrome) not found.
Defaults have not been changed.

I even installed a "Chrome policy remover for Mac" and after using it, nothing changed.
Then I followed the reinstall Chrome steps you gave, I was able to get a completely fresh, new chrome but the one thing that stays the same is it's still showing "managed by your organisation" and the policy is still there. Any help please? I've been trying to fix this for hours.

Let's do a quick check-up:


STEP 1. Let's check if there are any malicious profiles installed on your Mac:

  1. Go to System Preferences.
  2. Click Profiles.
  3. The list will include the item “AdminPrefs“, “Chrome Profile“, or “Safari profile”. Select this and click the remove “–” button in the lower-left corner.
If there isn’t a Profiles icon, you don’t have any profiles installed, which is normal.

STEP 2: Let's reset the Chrome Policies:

  1. Quit Chrome and open a new Terminal window: Finder > Go > Utilities > Terminal
  2. Enter the following commands, pressing enter after each line:
    defaults write com.google.Chrome HomepageIsNewTabPage -bool false
    defaults write com.google.Chrome NewTabPageLocation -string “https://www.google.com/”
    defaults write com.google.Chrome HomepageLocation -string “https://www.google.com/”
    defaults delete com.google.Chrome DefaultSearchProviderSearchURL
    defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
    defaults delete com.google.Chrome DefaultSearchProviderName
    defaults delete com.google.Chrome ExtensionInstallSources
    defaults write com.google.Chrome BrowserSignin
    defaults write com.google.Chrome DefaultSearchProviderEnabled
    defaults write com.google.Chrome DefaultSearchProviderKeyword
    defaults delete com.google.Chrome HomePageIsNewTabPage
    defaults delete com.google.Chrome HomePageLocation
    defaults delete com.google.Chrome ImportSearchEngine
    defaults delete com.google.Chrome NewTabPageLocation
    defaults delete com.google.Chrome ShowHomeButton
    defaults delete com.google.Chrome SyncDisabled
  3. After running these commands, quit Chrome if you haven't already done so, then relaunch it and check chrome://policy to see if the same keys are still present (you may need to click the "Reload policies" button for changes to show up).
    If they're gone, reset your browser settings to default:
    1. On your computer, open Chrome.
    2. At the top right, click More (the 3 vertical dots) > Settings.
    3. At the bottom, click Advanced. Under "Reset Settings," click Restore settings to their original defaults > Reset Settings.
 
  • Like
Reactions: [correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top