Monday

Today, we are researching our bugs and starting the process of creating patches. Today, I am cleaning Malware off of my MacBook. fun times. I found what I thought to be a bug in my default Firefox browser and in following the steps to [reproduce a bug], I found that instead of a bug, I have Malware!

Deja vu - it’s the exact same infestation that occurred on my last MacBook. Difference is, I am more equipped to handle it this time.

Bing * Conduit.com * SearchProtect * CNET supports Malware!? * Perion * Firefox Addons - check the reviews first

So many others across the world wide web seem to have unknowingly installed this Bing/Conduit.com program. Many of them are Windows users, so I had fun trying to a) find Mac specific solutions and b) not download more suggested Spyware in the process.

I’ll explain point b) a little further. A lot of the solutions included downloading Malware removers that actually install more Spyware, etc on your computer. Even trusted sites have entries from these types of companies. (Feel free to add comments about trusted sites in which moderators help aliviate this discomfort).

Two important lessons that I have learned today: most importantly, pay careful attention to which boxes are checked when you run an installer. I think I may have taken a quick inhale of surprise when I was too late in noticing said checkbox was already checked by default and I had already clicked “Continue.”

[ In this space, I plan to put a screenshot of a Mac Installer with the option to install Bing. you can find many of these images for Windows machines online but I couldn’t find one for a Mac. ]

We had been installing many a program and Add On that fateful day and I think I let my guard down.
The second thing that I learned today is to carefully document the progress of my fix. I have spent over three hours researching different fixes for this “bug.” I found over a dozen procedures to remove this Malware from reputable “helpers” (ie StackOverflow, MacForums, etc…). Not to mention over fifty more sketchy sites offering their Spyware products as a part of a solution. I have started writing this blog because I FINALLY found something that worked for me! (I seriously cannot believe how many canned answers I found on that did not even come close to finding a fix. I have to give a shout out to parkur a Mozillian whose SUMO answer helped me complete my task!)

The most helpful app that I did end up downloading to help with my eventual fix is Find Any File. You can find it in the App store which is recommended from Thomas Tempelmann’s webpage. (I no longer support or trust CNET after finding the Malware included in a few of their installers.)

Steps towards removing the Bing / Conduit.com / tuneMyMac / SearchProtect infestation.

Although this Malware affects all of your browsers - I am using Firefox, so I started with their support section. If you are using another browser, you can probably skip step #1 or use your browser specific troubleshooting steps.

  • Starting at the top of this site, go through the steps starting with
    • Restart in safe mode and ending with
    • a resetting of Firefox - which stores your essential information while restoring the browswer back to factory settings.
  • Download Find Any File and hold Option or Alt key when selecting Find to Find All. Run a search for “TuneupMyMac” (without the quotes). I found 23 files, you may find more if you’ve had this run on your computer for longer. Select them all, drag to the trash and then, go to Finder and Empty Trash.

Find a File App screenshot

  • Found the program called “Search Protect” - with it’s magnifying glass icon - and deleted it. This completed my fix!
  • I’m not sure that I’ve cleaned up every last detail. A further search for “conduit” - using Find Any File - I come up with a folder in my Cache named “com.conduit.takeOverSearchAssetsMac.” Deleted. Next, I planned to go through the two lengthier responses on this and this Mozilla Support pages to help make sure that I’ve cleaned up my registry.

I also need to figure out which program installed this Conduit stuff to begin with. For now, onto the task of researching a bug to patch!

                                           ****

Notes on procedures that did nothing to solve my issue even though they sound related:

"To Remove Bing

	Move the mouse cursor inside the search box at the top right of the Firefox window and click the down arrow next to the provider's logo.
	From the dropdown list, select Manage Search Engines....
	Choose the "BING" and click Remove
	Click OK to save"