Yesterday my wife came home from a very busy day as her office switches from locally hosted software to web based. She is the one spearheading the project and yesterday they went live on the new system. Naturally there are some first-day pains as the staff try to figure out how to do things using the new and unfamiliar software. To make matters worse, my wife's Mac picked up some malware.
I happened to be in an online meeting when my wife came home and so when the meeting ended, I left my office to ask my wife how her day went. She seemed extremely frazzled and started talking quickly about how the new software has everyone anxious and to top things off, her computer had a virus. My wife is not very technical and so I asked how she knew her computer has a virus. She opened her laptop and showed me a message about "AccessibleEngineSearch will damage your computer."
The message told me that the Mac operating system smartly caught the problem. Unfortunately it rendered the computer unusable. When I clicked on the message to dismiss it, I had about 3 seconds before the message reappeared. It is a good thing I have another computer in the house to help me fix the problem. I quickly did an Internet search and came across several websites explaining how to remove the offending program.
AccessibleEngineSearch is a browser hijacker that throws up unwanted advertisements in your browser. The trick to eliminating it is hunting down all of the files that have infected the computer and removing them. I started with the documented ones:
- ~/Library/Application Support/com.AccessibleEngineSearch/AccessibleEngineSearch
- ~/Library/Application Support/com.AccessibleEngineSearchDaemon/AccessibleEngineSearch
- ~/Library/LaunchAgents/com.AccessibleEngineSearch.plist
- ~/Library/LaunchDaemons/com.AccessibleEngineSearchDaemon.plist
I then emptied the trash and rebooted the computer. Things improved but I still kept getting the message and so I did a bit more searching. This time I pulled out my Unix skills and opened the command prompt. I then ran the following "find" command to look for all instances of AccessibleEngineSearch on the computer:
find / -name AccessibleEngineSearch -print
If you are not familiar with the "find" command found in all flavors of Unix and Linux, the first argument tells the command where to start looking. I specified the / or root directory so that it would search the entire file system. The next argument is where you specify the name of the file you are looking for. Finally there is the -print on the end that specifies to print the results on the screen.
Naturally I got a lot of "permission denied" errors because I ran it as a user and not the superuser. It still gave me 2 directories that I found and deleted. Once again, I rebooted the machine and the errors disappeared.
Reading through various websites on this issue, I saw the recommendation to install Malwarebytes. I installed the free version and ran a scan of the computer. It found 30 other files infected with some sort of malware. I quarantined the files in question hoping that the computer is clean. Then I rebooted the computer once more.
Unfortunately there is a message about AccessibileEngineSearch when I start the computer and log in. Once I dismiss the message, it doesn't reappear and so I imagine there is one more file hanging around in the system loading area. It probably is in one of those directories I didn't have permission to read when I ran my find command above. I can rerun the command prefaced with "sudo" and eliminate the problem for good.
One of my favorite things about the Mac is that it doesn't get many computer viruses or malware. Unfortunately that has made me a little lazy about protecting them. As shown by the scan on my wife's computer, they do exist and are need to be addressed. You can say I've learned my lesson.
No comments:
Post a Comment