Declaration:
As the virus/malware in the network may mutate at any time or correspond to a variety of infection methods, the processing methods targeted in this paper are only responsible for this sample. If the individual fails to operate correctly, the consequences will be borne by himself. If you need help, please search “I am in the global village” on WeChat (WeChat) and leave me a message “add friends” after following.
Because the virus/malware in the network is mutated at any time or corresponds to multiple infection methods, the processing method targeted in this paper is only responsible for this sample. If the individual has misoperation, The consequences are at your own risk. If you need help, Please search for “Myglobalvillage” on WeChat, leave a message “add friends” after following me.
Phenomenon
Phenomenon:
Your Macbook Has encountered a chilltab malware that keeps popping up. Could you give me some advice on how to remove it?
Received complaints from netizens: A Chilltab malware on my MacBook. Nevertheless it keeps on popping up. Any idea’s on how to get rid of it ?Thank you, Glenn
Analysis:
Analysis:
according to the information provided by the user feedback, the following information is collected:
Based on the information provided by user feedback, the collection is as follows:
Based on the analysis of the above documents, the preliminary suspicion is related to the following path and its associated procedures:
After analysis of the above documents, initial doubts are related to the following paths and their associated procedures:
/Users/Shared/App_7922368A-AD1A-4350-B88E-38D0185308F0-621-00000046DA8DB4A0/ChillTab.app
Related configuration:
Related configuration:
com.trendmicro.DrSafety.ToolbarSafariExtension(3.1.2)
Path = /Applications/Dr. Antivirus.app/Contents/PlugIns/ToolbarSafariExtension.appex
UUID = 824BA0C8-15AD-4334-A5BA-A4625045C276
Timestamp = 2019-08-30 07:51:04 +0000
SDK = com.apple.Safari.extension
Parent Bundle = /Applications/Dr. Antivirus.app
Display Name = Dr. Antivirus
Short Name = Dr. Antivirus
Parent Name = Dr. Antivirus
test.MacAppExtensions.Chill-Tab(1.0)
Path = /Users/Shared/App_7922368A-AD1A-4350-B88E-38D0185308F0-621-00000046DA8DB4A0/ChillTab.app/Contents/PlugIns/Chill-Tab.appex
UUID = 2DC0A3CF-4FBA-4BBA-8C93-DE8DDFE1FA07
Timestamp = 2019-09-27 15:06:13 +0000
SDK = com.apple.Safari.extension
Parent Bundle = /Users/Shared/App_7922368A-AD1A-4350-B88E-38D0185308F0-621-00000046DA8DB4A0/ChillTab.app
Display Name = Chill-Tab
Short Name = Chill-Tab
Parent Name = ChillTab
(2 plug-ins)
In fact, this is the ultimate cause of the problem because the malware is installed, but it’s located in a slightly different location. Some Antivirus software (the user has Dr. Antivirus) doesn’t even scan the file in this path, and it happens to be exactly where the Antivirus is installed.
In fact, this is the final reason for the user’s problem, because the malicious plug-in is installed, but the location of the plug-in is very special, which makes it impossible for the user to find, and even some anti-virus software (user has installed Dr. antivirus) does not scan the files in this path, just where the malicious plug-in is installed.
if you find the above file generated before and after the recent problems, please remove it by running the terminal terminal.
If you have found the above files that were generated before and after the recent problem, please remove them through the terminal .
Approach:
rm -rf /Users/Shared/App_7922368A-AD1A-4350-B88E-38D0185308F0-621-00000046DA8DB4A0/ChillTab.app
Remove the configuration file under the above path (referenced according to the actual path you found), if any. Check to see if any other configuration files exist, kill the process, and restart the computer.
In fact, the above files have very little impact on the current Mac system. Even if deleted incorrectly, it can be reinstalled later as needed, so the deletion will not affect the normal operation of the system.
After all suspicious files have been removed, it is a good idea to reset the browser or remove the previously saved status data
Remove the configuration file under the above path(reference according to the actual path you find), if any. Check if there are other related configuration files, kill the process, and restart the computer.
In fact, the above files have little impact on the current Mac system. Even if it is deleted by mistake, it can be reinstalled as needed later, so the deletion will not affect the normal operation of the system.
After all the suspicious files have been removed, it is best to reset the browser or remove the previously saved state data.
~/Library/Saved\\ Application\\ State/com.apple.Safari.savedState
~/Library/Saved\\ Application\\ State/com.google.Chrome.savedState
Start again to see if it is back to normal.
Restart to see if it returns to normal.
Advice:
Advice:
, apple computer to update and download software to try to go to the App Store, other browsers suddenly pop up that the computer has problems or software needs to be updated, try not to point!!!
2, the computer Settings in the security Settings, the option to choose only installed certified software!!
1, Apple computer to update and download software as far as possible to the App Store, other browsers suddenly pop up saying that the computer has a problem or the software needs to be updated, try not to point! ! ! !
2, the security settings in the computer settings, the option to choose only installed certified software! ! !
If you found this article helpful, please like it or comment on it!
If you feel that this article is helpful to you, then praise or comment one!