Free to learn how poev9yal0.com viruses manifest themselves and remove them from Mac using a security procedure.
▼ REMOVE IT NOW Get FREE scanner and check if your computer is infected.
Our researcher finds the Pirrit adware (also known as ssp.zryydi.com) variant today. We call it “poev9yal0.com”. If your web browser randomly pops up unwanted tabs
which sometimes could not be opened because of “Access to poimeej7x.com was denied”, it means your Mac is infected by this adware.
What is poev9yal0.com adware
“poev9yal0.com” could create scheduled tasks, opening your browser and presenting content you may not want to see such as gambling related content or even pornography. The ads “poev9yal0.com” opens the most are the Mackeeper and fake apple support. Whichever way, the redirection is never a pleasant experience. Before you successfully remove this malicious malware, it is important to understand its mode of operation.
In fact, I spent a few days last week dissecting an OS X port of the poev9yal0.com adware that shows attackers are going after Mac machines. This adware has been targeting Windows machines for a while but it is new to Macs: Antivirus software still can Not detect this adware so far.
Here are some components that I discovered in this adware:
– “poev9yal0.com” does not use any exploits to compromise a Mac system. It infects machines by using a simple social engineering trick, deceiving people into providing their login details for a fake Flash Update or fake cracked software. This mechanism is generally known as bundling and ensures that “poev9yal0.com” successfully hijacks the normal installation process. With this hijack, users may think they are actually installing an adobe flash player while in reality an attack on the system is ongoing.
– “poev9yal0.com” hijackers do not just exploit the vulnerability of the system; they use Apple Script to carry out their attack. The Apple Script tells users to open malicious advertisement pages automatically according to locations and cookies. This means the Apple Script was probably written by someone with a Linux background with only a little knowledge about OS X. in some computers, we also noticed “poev9yal0.com” launched an update process, making it possible to download adware such as “Advanced Mac Cleaner” from a remote system and deploy this “cleaner” to the Mac system.
There are two ways to remove this adware. The first is manual removal while the other is removal with the aid of Adware Removal Pro.
How to manually remove “poev9yal0.com” for Mac
“poev9yal0.com” always installs adware files with random names on your Mac so it is very difficult for Mac users to identify all infected files and ensure they are completely removed.
Step 1: remove poev9yal0.com malware
In the Finder, select
Go ▹ Go to Folder…
Input ~/Library/LaunchAgents on popup dialog window and Press return.
then you would notice a folder named “LaunchDaemons” open. Check the names of each file in the “LaunchDaemons” folder. A normal plist file always has the format: “com.<company name>.<product name>.plist. Two perfect examples: com.google.Chrome.plist and com.teamviewer.helper.plist.
However, the malicious file has this format: “com.<random characters>.plist. Two perfect examples: com.stagewise.plist and com.ZikcKtiR.plist.
It is possible you may not find potential malicious files in the LaunchDaemons folder. In this case, it would probably be that the adware has changed the naming rule. You can download the Komros Anti Malware – our best tool designed to clean adware automatically.
Go to the “Library/LaunchAgents” and“~/Library/LaunchAgents” folders, remove all malicious files following the same process as described in step one.
Recently, I find a new malware is always associated with ssp.fwryd.com. It can hijack google search page with local proxy. You can read this blog to check if your machine is infected by this new malware.
At last, make sure to empty the trash bin and reboot the system
Step 2: Repair Safari
If safari homepage is locked, you have to remove malicious profile at first to unlock safari setting.
Choose System Preferences > Profiles. Delete the profile “set safari homepage…” using the – (minus) sign on the window.
Choose Safari > Preferences, then click General.
* Set your homepage: Enter a web page address in the Homepage field, or click Set to Current Page to use the web page you are currently viewing.
* Open new windows with your homepage: Click the “New windows open with” pop-up menu, then choose Homepage.
* Open new tabs with your homepage: Click the “New tabs open with” pop-up menu, then choose Homepage.
Choose Safari > Preferences, then click Search. Click the “Search engine” pop-up menu, then choose the search engine.
Choose Safari > Preferences, then click Extensions. Uninstall all extensions you don’t know or don’t want.
Step 3: Repair Chrome
Quit Google Chrome
Click “Go” button on the menu bar and select “Go to Folder…”
Input /Library/Managed Preferences on popup dialog window and Press return, then a folder named “Managed Preferences” will open. Remove all sub-folders on “Managed Preferences folder.
Click “Go” button on menu bar again and select “Go to Folder…”, Input ~/Library/Preferences/ on popup dialog window and Press return, then a folder named “Preferences” will open.
Locate com.google.Chrome.plist file in the preferences folder. Right-click on it and select Move to Trash.
Open Google Chrome and go to settings menu.
Go to “Appearance” section, and delete unwanted URL on home page setting.
Go to “search engines” section, and delete unwanted search engines. Then select Google as default.
Open extensions menu and remove all extensions you don’t know or don’t want.
How to remove “poev9yal0.com” with Komros Anti Malware
As I mentioned above, the files infected by Pirrit always have random characters. With the use of effective apps and tools like Komros Anti Malware, your system would be safe from malware. As more and more malware/adware are designed to attack Mac OS, it would be important to have a security software available to protect your system.
Komros Anit Malware is a powerful tool which is designed to remove adware and browser hijackers from Apple Mac OS X.
You can download Komros on Map app store.