Troubleshoot "Search Encrypt" taken over Chrome, can't shake it after reinstall of Chrome on MBP running OSX 10.10

Status
Not open for further replies.
Infected operating system
Mac OS X 10.10.5
Infected device issues
Chrome Browser hijacked by malware "Search Encrypt", can't get rid of it. See details in text of what I wrote.
P

PastorJGP

New Member
Thread author
Nov 30, 2015
1
My wife's MacBook Pro (Mid 2012) running Yosemite (10.10.5) had its Chrome browser hijacked by "Search Encrypt" 3 days ago. I spent the evening following online recommendations:
  1. removing the offending extension or app - NONE FOUND
  2. within Chrome "Restore settings to their original defaults" - DIDN'T WORK
  3. Remove Chrome and various files & pref's from Library;
3A) Downloaded and ran Malwarebytes - Didn't find anything
3B) and then download and do fresh install of Chrome. - This worked - UNTIL she re-synced bookmarks, etc from her Google account. Chrome was immediately re-hijacked as before.
4) For now, I've re-deleted Chrome, and she's using Safari, though it is greatly impeding her normal work flow in her school classroom.

SO... I need help! I assume that Search Encrypt has hidden something in what's synced to her Google account, and it may be synced into her Android phone also, though she hasn't mentioned any problems there yet.

Any recommendations would be appreciated!
 
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Hello,

Can you please check if there's an AdminPrefs file on the device. If it's there, you should remove it.

  1. Go to System Preferences.
  2. Click Profiles.
  3. The list will include an item “AdminPrefs“. Select this and click the remove “” button in the lower left corner.


To completely remove this browser hijacker from Chrome, we will need to uninstall the browser and delete all data, then reinstall. To do this, delete all of the following items:

Code: 
/Applications/Chrome.app

/Library/Application Support/Google/

/Library/Google/

~/Library/Application Support/Google/

~/Library/Google/

~/Library/Preferences/com.google.Chrome.plist

Be aware that this will delete all data for all Google apps you have installed, such as Chrome bookmarks. Export any data you want to keep beforehand.

If you're not sure how to find these folders, choose Go to Folder from the Go menu in the Finder, then paste one of those paths into the window that opens. Be sure to delete the correct item, as deleting the wrong item could cause data loss or even damage to your system or other apps.

After deleting all these files, restart the computer. Then re-download Chrome and reinstall. You will need to import any exported bookmarks or other data, and may need to reinstall any other Google apps that you use.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top