I am pretty much 100% certain that I have somehow gotten a virus installed into my Safari.
My homepage and default search engine changes to "Trovi" every time I restart Safari no matter how many times I reset it.
My first thought was to remove all extensions but there weren't any in the extensions folder! However, when I opened the Extensions.plist
file, it shows over 368 extensions under Apple-hosted Updates List
. Does anybody know where I can find these extensions and delete them? Here are some example extensions in that list:
- RedMorph-Browser-Controller.safariextz
- pogo_1.0.safariextz
- IsItWorthMyTime.safariextz
- siulykantraste_1.0.3_6.safariextz
I can't seem to locate these files on my Mac. Any help is appreciated.
ALSO: I would like input on this. While the virus was infecting my computer, I noticed that I thought the dot characters that hide the password I type in to unlock my computer looked bigger than normal. Then after the restore to Time Machine backup, I can confirm that the dots that hide my password to login to my computer are smaller again. Could it be that whatever kind of virus that I stupidly got on my computer was monitoring my login password???
Best Answer
Before killing false culprits at random with a great chance to damage your working environment, I suggest you to first attack your original problem.
Download a correct malware hunter: Malwarebytes.
Disclaimer: I don't work for them, they have a free version.
I tested it on many versions of OSX (
Mavericks
,Yosemite
...) and found and fixed some well hidden crapwares left undetected by leader commercial anti-virus.Warning: There are a lot of bad and good methods to get rid of
Trovi
found on the web. Avoid to download from unchecked sources, as you wouldn't drink from any found bottle.I didn't test the following, but trust its author since many years. I advise you to apply the receipe from Linc Davis:
How to remove Trovi from Safari