User Name
Password
AppleNova Forums » Genius Bar »

Safe Finder virus removal


Register Members List Calendar Search FAQ Posting Guidelines
Safe Finder virus removal
Page 1 of 2 [1] 2  Next Thread Tools
sciccors
New Member
 
Join Date: Jun 2020
 
2020-06-11, 12:06

Hello all!

This is my first post on here but have been reading this forum for ages

I was wondering if anyone knows exactly how to remove the Safe Finder virus.

I have it on Firefox, Safari and Chrome.

I found many articles online on how to remove it but none of them work— I was able to somehow get rid of it from Firefox and Safari for two days, but its back on both browsers this morning.

Does McAfee remove it? I cannot find any info on that! its all the same suggestions to remove extensions, change home page, clear all history, bookmarks etc. Not sure if I want to go through all that again if it will just pop back up in two days... ugh! its really annoying this virus!!!

Looking forward to hearing from anyone who has dealt with this successfully.

Best
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2020-06-11, 12:18

Welcome to the world of posters here!

I will tell you what you likely don't want to hear; save your important data and do a clean install. Manually install the apps you want and copy over the files you need.

Sure there is likely a way to remove it manually, but the hassle isn't worth it for the peace of mind that you have a clean system.

Second, don't use an administrator account as your daily account. Always create two accounts on your PC/Macs. One that is admin and one that is your "normal" user. Since you know that admin username and password you can enter it any time you need to do an admin function without having to switch accounts.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
sciccors
New Member
 
Join Date: Jun 2020
 
2020-06-11, 12:21

Thanks for your reply Turtle

I was thinking about doing clean install but was reading a lady on the Apple forums did that and it came back? Not sure how that’s possible?

Did you do a clean install and it worked for you?

Best and thanks!
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2020-06-11, 12:30

I've not been infected with anything on a Mac personally because I limit permissions by not using an Admin level user. If it comes back after a clean install then it is either in the recovery partition (for those Macs that have it) or it is being infected again.

Put the macOS installer on a thumb drive and then erase and repartition the HDD/SSD. Then you will have a truly clean install.

Be cautious of the apps you install and ensure they are from reputable sources. While I don't think you need to rely on Gatekeeper, if you aren't sure if the app is clean or not then find a different app you know and trust.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
sciccors
New Member
 
Join Date: Jun 2020
 
2020-06-11, 12:41

Oh man I am not that advanced!!!

Will have to read up on how to actually do all of that correctly.
Weekend project it is!

Thanks for all your help.
Best
  quote
sciccors
New Member
 
Join Date: Jun 2020
 
2020-06-11, 12:44

Do you happen to know how to check if computer has the "recovery partition"?
The computer in question is a Macbook Pro from 2015.
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2020-06-11, 12:58

Hi, Sciccors. Welcome to AppleNova! For context, I have been the senior salesman at MacLife in Boise for 15+ years, and regularly deal with the type of issue you are having.

First, You do not have a virus, you have malware. Second, Knowing what OS you are on will help.

Before you go to any great lengths, try this:

1) Download Malwarebytes and run it on your computer. You will need to give it full disk access (follow the instructions).

2) If Malwarebytes does not automatically restart your machine, then make sure you restart.

3) After restarting, look in System Preferences for "Profiles". If there are any profiles in there (and you didn't add them) delete them.

4) Come back and tell us how things went. There may be some items in your LaunchDeamons and LaunchAgents folders, or Startup Items, which are all somewhat hidden. If the problem persist I'll guide you through that, as well as some additional cleanup items.

A full system wipe may be way overkill. Browser hijackers are actually easy to remove once you know what to do.

P.S. Please learn to avoid those "Adobe Flash Player is out of date" messages. You most likely clicked on one of those and inadvertently installed Safe Finder.

P.P.S. The most likely reasons the problem is returning for the other person from a clean install is that either A) the install is followed by a Time Machine restore, which would put the issue back onto the machine along with all the other files that were backed up; or B) the person is repeating the same mistake (i.e. getting tricked into "updating Adobe Flash" which, by the way, is a discontinued product no longer in need of updating.)

- AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :)
- Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9)

Last edited by kscherer : 2020-06-11 at 13:56.
  quote
Yontsey
*AD SPACE FOR SALE*
 
Join Date: Apr 2005
Location: Cleveland-ish, OH
 
2020-06-11, 13:21

This is actually a relatable thread for me currently. About 2 weeks ago every day at 3pm (weird) my system slows down to a crawl. No idea what happened. I have 16GB RAM and 500SSD, though an older machine, it's still a beast for what I'm doing.

Yesterday I updated to 10.15.5 and it literally took me 3 hours. Right afterwards, my email got hammered by SPAM and then my work card was hit with fraudulent charges. No idea what happened as I'm usually very good about not going to dumb sites or clicking links or anything like that. It's a work computer too so I don't really do much personal stuff on here. Safari, Quickbooks, Pages, Numbers, Mail, ect. I ran that Malwarebytes and had no hits so well see if I get the slow down again today. Very annoying.

Any other suggestions? Sorry, not trying to hijack your thread!!!!

Die young and save yourself....
@yontsey
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2020-06-11, 13:30

OK, Yontsey, some things to try:

1) Check for Profiles in System Preferences

2) Also in System Preferences and under Users and Groups, look in Startup Items for random crap and nuke anything you don't want loading when you log in.

3) Look in both the user Library folder and the system Library folder*. Find the LaunchDaemons and LaunchAgents folders. Anything in there that is older than 2020 or that doesn't make sense to you should be deleted. These folders contain items that load at boot (System Library) and user login (User Library). There may be a bunch of junk in there along with some hidden crap. Loading at boot/login is why many of these turds keep floating back to the surface.

4) Again in System Preferences, look in Energy Saver under Schedule and make sure there isn't anything going on in there.

Your CC getting hit is likely from somewhere outside the computer. The slowdown is, obviously, from inside it.

* If you don't know where these are, say so.

- AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :)
- Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9)

Last edited by kscherer : 2020-06-11 at 13:56.
  quote
Yontsey
*AD SPACE FOR SALE*
 
Join Date: Apr 2005
Location: Cleveland-ish, OH
 
2020-06-11, 13:42

Would this be for the LaunchAgents folder in Library? The only 2 I have from 2020 are 2 Google items, everything else is older. Valve, Spotify (which I dont use anymore), DropBox, and one other item I dont recognized.

I didn't see any extra profiles or anything out of the ordinary in Startups. That was actually the first place I looked.

Die young and save yourself....
@yontsey
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2020-06-11, 13:55

Yes, LaunchAgents. My bad.

Remove the thing you don't recognize.

Did you look in both Library folders?
  quote
Yontsey
*AD SPACE FOR SALE*
 
Join Date: Apr 2005
Location: Cleveland-ish, OH
 
2020-06-11, 13:56

I only went in Finder > Go > Go To Folders > ~/Folders > LaunchAgents
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2020-06-11, 15:14

There are two Library folders. One in root, and one in /user.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2020-06-14, 20:53

What can I say, I'm heavy handed when it comes to virus/malware cleanup because if they got infected with anything it is always a good thing to start fresh. Plus, the inconvenience of having to get everything "right" again helps with the mentality of not letting it happen again.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
Yontsey
*AD SPACE FOR SALE*
 
Join Date: Apr 2005
Location: Cleveland-ish, OH
 
2020-07-01, 14:42

I have found that Mail is the culprit. It's eating up CPU and causing the kernel_task to skyrocket with the fans going full tilt. As soon as I quit Mail and give it a couple minutes, the CPU usage drops and everything goes back to normal. Very annoying.

Die young and save yourself....
@yontsey
  quote
Kickaha
Veteran Member
 
Join Date: May 2004
 
2020-07-01, 19:56

Disable your Exchange account in Mail.

Watch it behave.

#wurked4me
  quote
Yontsey
*AD SPACE FOR SALE*
 
Join Date: Apr 2005
Location: Cleveland-ish, OH
 
2020-07-01, 20:24

I could but I use that for my business account. Is there another way or a way to fix that?
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2020-07-01, 21:44

Try Spark? I left the official Apple client because it is brutal. Spark seems much better and works with iOS and macOS.
  quote
Yontsey
*AD SPACE FOR SALE*
 
Join Date: Apr 2005
Location: Cleveland-ish, OH
 
2020-07-02, 06:50

Hmmm actually now that you mention it, I think I have Spark but have never used it. I’ll try that today. Thanks for the idea.
  quote
Yontsey
*AD SPACE FOR SALE*
 
Join Date: Apr 2005
Location: Cleveland-ish, OH
 
2020-07-02, 08:16

I set up Spark on my work computer and the CPU for Spark is between 150-250% just like Mail is. Something weird is going on.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2020-07-02, 08:18

How many emails do you have in your "Inbox"?

Do you archive into subfolders? If not that is likely the problem. Generally speaking, email programs suck CPU hard when there are hundreds or more emails in the "mailbox" you are looking in. It has to sync and sift through all of them to be able to preview and display them.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
Yontsey
*AD SPACE FOR SALE*
 
Join Date: Apr 2005
Location: Cleveland-ish, OH
 
2020-07-02, 09:27

I haven't archived anything since I started using Gmail or my business email. Gmail has to have been at least 15 years worth, ha. What's the best way to go about that?

Die young and save yourself....
@yontsey
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2020-07-02, 09:33

I would think the web UI would be best. Log into your exchange online and archive there with multiple selections. Spark also has a guide on using their app to do this. However, when you are dealing with thousands of emails it is better to do them in groups of 100. Use search and filter to purge things.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
Kickaha
Veteran Member
 
Join Date: May 2004
 
2020-07-02, 11:08

Quote:
Originally Posted by Yontsey View Post
I set up Spark on my work computer and the CPU for Spark is between 150-250% just like Mail is. Something weird is going on.
Spark may be using the same sync service on the back end that Mail does. I ended up using Outlook Web Access to connect to that account, no problems since.
  quote
Kickaha
Veteran Member
 
Join Date: May 2004
 
2020-07-02, 11:09

Quote:
Originally Posted by turtle View Post
How many emails do you have in your "Inbox"?

Do you archive into subfolders? If not that is likely the problem. Generally speaking, email programs suck CPU hard when there are hundreds or more emails in the "mailbox" you are looking in. It has to sync and sift through all of them to be able to preview and display them.
I have over 61k mails in my Inbox.

Under 10.14, it worked fine, Exchange account included.

Upgraded to 10.15, *BOOM*. Instant CPU chaos.
  quote
Yontsey
*AD SPACE FOR SALE*
 
Join Date: Apr 2005
Location: Cleveland-ish, OH
 
2020-07-02, 13:52

Well now I’m wondering if it’s actually a Mail/Spark issue. I have both closed and kernal_task is running CPU between 400-600%. This all started about three weeks ago. Moreso happens in the afternoons too. It’s practically the same time every day.
  quote
Yontsey
*AD SPACE FOR SALE*
 
Join Date: Apr 2005
Location: Cleveland-ish, OH
 
2020-07-06, 14:39

Two things I did today, install iStat and get out a can of Duster and spray the vents really good. I thought maybe the fans were sticking or being disrupting and it was heating up. The fans have been running full blast but so far I havent had hardly any kernel_task spikes. Nothing like I've had the last couple weeks.

Die young and save yourself....
@yontsey
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2020-07-06, 15:22

You might have a bad temp sensor?
  quote
PB PM
Sneaky Punk
 
Join Date: Oct 2005
Location: Vancouver, BC
Send a message via Skype™ to PB PM 
2020-07-06, 23:23

It could also be a case of the thermal paste on the CPU is getting crusty and not working as well as it once did.
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2020-07-07, 10:53

By the way, is it a desktop or laptop?
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Page 1 of 2 [1] 2  Next

Post Reply

Forum Jump
Thread Tools
Similar Threads
Thread Thread Starter Forum Replies Last Post
Flashback removal tool Rod General Discussion 10 2012-05-01 02:12
The Safe Food Patrol (Is This Lettuce Safe?) drewprops AppleOutsider 29 2010-08-29 19:46
Recurring reddish sink stain. Rust? Removal? Brad AppleOutsider 20 2009-02-07 21:20
Norton Anti-Virus is a true Virus Quagmire Genius Bar 6 2005-02-06 16:03


« Previous Thread | Next Thread »

All times are GMT -5. The time now is 21:38.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2024, AppleNova