Solved MyCouponSmart and SearchMine removal for mac

Operating System
Mac OS X
Current issues and symptoms
Automatic redirection to certain websites (Yahoo mainly)
WebCam turning on (may be unrelated)
No black dots under open applications in the dock
Dock not automatically staying up (it was before)

funsch

New Member
Jan 22, 2020
4
Hi!
I've spent a while trying to remove SearchMine as the default browser and the browser extension MyCouponSmart (both of these showed up at the same time) for Google Chrome. I've tried a lot of different things and nothing seems to be working. The virus seems to be only contained within Google Chrome. This is the first virus I've ever gotten and I'm far from an expert. Is there any way to fix this? MalwareBytes doesn't seem to be helpful with this even though it's a virus.
Thanks in advance!
 

Jack

Administrator
Verified
Staff member
Jan 24, 2011
9,314
Hello and welcome to MalwareTips!
Can you copy chrome://policy into the URL bar and click Enter, then check if there are policies loaded in Chrome.
 

funsch

New Member
Jan 22, 2020
4
Thanks for replying. Here's a screenshot.
 

Attachments

  • Screen Shot 2020-01-22 at 7.00.50 PM.png
    Screen Shot 2020-01-22 at 7.00.50 PM.png
    293.6 KB · Views: 151

Jack

Administrator
Verified
Staff member
Jan 24, 2011
9,314
Ok, let's fix this:
First, let's check if there's any malicious Profile installed on your mac. To do this go to System Preferences > search for Profiles (if you cannot find any icon that means that you don't have any, which is normal). If you find the Profiles icon, click on it and use the minus "-" sign to remove all profiles.

Next:
  1. Open a new Terminal window: Finder > Go > Utilities > Terminal
  2. Enter the following commands, pressing enter after each line:
    Code:
    defaults write com.google.Chrome HomepageIsNewTabPage -bool false
    defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"
    defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"
    defaults delete com.google.Chrome DefaultSearchProviderSearchURL
    defaults delete com.google.Chrome DefaultSearchProviderNewTabURL
    defaults delete com.google.Chrome DefaultSearchProviderName
  3. Reset your browser settings to default:
    1. On your computer, open Chrome.
    2. At the top right, click More (the 3 vertical dots) > Settings.
    3. At the bottom, click Advanced. Under "Reset Settings," click Restore settings to their original defaults > Reset Settings. Restart computer.
    4. After running these commands, quit Chrome if you haven't already done so, then launch it again and check chrome://policy to see if the same keys are still present (you may need to click the "Reload policies" button for changes to show up).
 

funsch

New Member
Jan 22, 2020
4
When I run the code in terminal, when I enter the fourth line it responds with:

2020-01-22 19:17:08.781 defaults[778:234575]
Domain (com.google.Chrome) not found.
Defaults have not been changed.

It does the same for lines 5 and 6. Also, the Reset Settings isn't working (I'm pretty sure this has something to do with MyCouponSmart but I'm not sure). When I press "Reset Settings" it closes down and nothing happens.

Edit: Never mind everything worked the second time. Thank you so much!!
 
Last edited:

Jack

Administrator
Verified
Staff member
Jan 24, 2011
9,314
Ok, let's reinstall Chrome.

In many cases, changes to Chrome may not be fixed with a simple browser reset. In such a case, it will be easier to completely remove Chrome and all data, then reinstall. To do this, click the Finder icon, from the menu bar. Choose Go, and click Go to Folder, then paste one of the below paths into the window that opens.

You will need to delete all of the below items, but before doing this be aware that this will delete all data for all Google apps you have installed, such as your bookmarks, so you will need to export them before doing this.

/Applications/Chrome.app
/Library/Application Support/Google/
/Library/Google/
~/Library/Application Support/Google/
~/Library/Google/
~/Library/Preferences/com.google.Chrome.plist
<<<< The "~" indicates that it's the current user's Library which is often invisible in recent versions of macOS. To get to it you must hold down the Option (sometimes labeled Alt) key down and select Library from the Finder's Go menu.

After deleting all of the above files, restart your device. You can now download and re-install Google Chrome on your device. You will need to import any exported bookmarks or other data, and may need to reinstall any other Google apps that you use.


Let me know if these steps fixed your issues.
 

Jack

Administrator
Verified
Staff member
Jan 24, 2011
9,314
As I said in the edit of my last message everything worked out. Thanks so much man, you're a legend.
I'm really happy that I could help! To protect yourself from such programs in the future I would install at least an adblocker for your browser. This will block ads and prevent malicious sites from redirecting your browser.

For Chrome I would recommend: AdGuard AdBlocker or uBlock Origin
For Safari I would recommend: https://apps.apple.com/us/app/adguard-for-safari/id1440147259?mt=12

Stay safe and feel free to post in other threads if you want. All the best!
 
Top