Zap adware in OS X with The Safe Mac’s Adware Removal Tool

BurnIconXDoes your Mac have adware installed on it? Chances are that it does not, but if you are seeing odd redirections to ads that have you suspecting something is up, then how do you know? While there is relatively little adware for OS X, it does exist and can be stumbled upon inadvertently when installing software packages (even legitimate ones including some security tools).

Adware is any program on your system that attempts to offer you unsolicited offerings, either by analyzing your behaviors and targeting products to you, or by changing your home page, displaying popups in browsers and other programs, and otherwise pushing ads your direction. While not specifically malicious in nature—intending to steal from you, or force you to unwittingly include your system’s computing power in botnets for nefarious purposes—adware is a frustrating byproduct of commerce where vendors will sometimes go to great lengths to inform you of their products and services.

Yontoo adware running in OS X

The old Yontoo adware, as described by security firm Dr. Web, injects ads into legitimate Web sites when you browse them (click image for larger view).

While easy to install, once adware programs are on your system they often prove exceptionally difficult to uproot and remove. Even if they come with uninstallers, these may be ineffective and not completely rid your system of the adware, leaving you with odd browser extensions or background services that may continue to push ads, or cause system instability and slow-downs that can be frustrating to deal with.

Furthermore, sometimes adware can be somewhat malicious in nature, where developers disguise it, or come out with odd variants that change its behavior once tools are developed that target and remove it.

If you are seeing ads and odd product notifications on your Mac, and are concerned about adware (and perhaps other malware in general), then one recommendation I strongly suggest is to first get properly informed about the nature of adware, and then take the proper precautions to remove it from your system. For some adware like Genieo I have some step by step instructions, but adware comes in many more flavors than that.

Unfortunately, learning about and properly identifying adware can be a challenge. Have you ever heard of “Spigot” or “MacVX” or “ChatZum”? These are only three of a few dozen adware programs out there, and my guess is you likely do not have the time to dig into how these are properly removed from your system. For these, the following files are only part of what may be needed to remove them:

Spigot:

~/Library/Application Support/Spigot/
~/Library/Application Support/Google/Chrome/External Extensions/hbcennhacfaagdopikcegfcobcadeocj.json
~/Library/Application Support/Google/Chrome/External Extensions/hjalolmjgklbjgaomjjofphdjnajmnim.json
~/Library/Application Support/Google/Chrome/External Extensions/icdlfehblmklkikfigmjhbmmpmkmpooj.json
~/Library/Application Support/Google/Chrome/External Extensions/mhkaekfpcppmmioggniknbnbdbcigpkk.json
~/Library/Application Support/Google/Chrome/External Extensions/pfndaklgolladniicklehhancnlgocpp.json
~/Library/Application Support/Firefox/Profiles/extensions/saamazon@mybrowserbar.com.xpi
~/Library/Application Support/Firefox/Profiles/extensions/saebay@mybrowserbar.com.xpi
~/Library/Application Support/Firefox/Profiles/extensions/savingsslider@mybrowserbar.com.xpi
~/Library/Application Support/Firefox/Profiles/extensions/searchme@mybrowserbar.com.xpi

Any file who's name contains "searchme", "slick savings", "slicksavings", "amazon shopping assistant", or "ebay shopping assistant" in the
 ~/Library/Safari/Extensions/ folder

MacVX:

~/Library/Safari/Extensions/extension.safariextz
Any file containing MacVX in the extensions folders for other browsers such as Firefox or Chrome

ChatZum:

/Applications/ChatZumUninstaller.pkg
/Library/Application Support/SIMBL/Plugins/SafariOmnibar.bundle
/Library/Internet Plug-Ins/uid.plist
/Library/Internet Plug-Ins/zako.plugin

If finding these and removing them seems like a daunting task, then you’re right! It is! This is where the use of a trusted adware removal tool will come in handy. While there are plenty of commercial anti-malware tools available, with some of them being able to target and remove adware, often these will install their own background services that can at times be frustrating to have on your Mac. Therefore, for removing adware, I recommend the simplest approaches, which are to use well-made scripts that specifically target installation locations for known adware, and not rely on any programs that use behavioral algorithms or heuristics to determine where such programs may be installed.

TSMART running in OS X

When run, TSMART will check in with The Safe Mac Web site to ensure you have the latest version available (click image for larger view).

There are a few such programs out there, but one that I recommend is The Safe Mac Adware Removal Tool (TSMART), that is developed and maintained by Thomas Reed, a long-standing security analyst of malware on the Macintosh. This AppleScript-based tool will target many adware programs (even if they are part of larger legitimate programs), let you know they are on your system, and remove them if known to be of no use. For those that are part of programs you likely intended to install, TSMART will give you the option to remove them or leave them be.

While there are no perfect approaches to clearing out unwanted software, tools like TSMART are perhaps the easiest approaches for tackling the small but growing amount of adware that is out there for OS X. Beyond this, your best bet is to inform yourself about adware, and adopt the online practices that will help you best avoid adware and other unwanted software packages.

Once you have ensured your Mac is free from suspected adware, consider setting up methods for monitoring system folders to prevent the installation of files you do not intend, and otherwise check out tips and tricks for securing your Mac, to better keep a handle on your system and the data you keep on it.

2 thoughts on “Zap adware in OS X with The Safe Mac’s Adware Removal Tool

  1. Michael Elliott

    Great. Now can somebody please tell me how to stop these stupid AdChoices popups over double-underlined words in pages? Happens to me all the time on macnn.com. Wish I could reliably reproduce it.

  2. David Anders

    The Safe Mac’s Frank Reed released an application in September “AdwareMedic”
    http://adwaremedic.com

Comments are closed.