OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Adware Removal Guide : Vidx

Published May 23rd, 2014 at 8:07 PM EST , modified June 2nd, 2015 at 1:25 PM EST

Vidx iconVidx is adware that pretends to be a video player browser plugin. In actuality, it is no such thing. It provides no video playing functionality whatsoever.

This adware is quite sneaky, in that it uses a slightly different variation of the name each time you install it. Thus, it’s slightly more difficult to provide removal instructions, or an automated removal script… but only slightly.

For more information on this adware, see Vidx adware pretends to be video plugin.

Vidx FirefoxRemoval

Delete any browser extensions with the following names:

  • Vidx (or variants such as ViddX, Vidox, Viidax and ViiDDx)
  • MacVx (or variants such as MacVax or MacVox)
  • MacCaptain
  • MacPriceCut
  • SaveOnMac
  • Mac Global Deals
  • MacDeals
  • MacSter
  • MacXcoupon
  • Shop Brain (or variants such as SShoP Braaiin)
  • MacMin (or variants such as MacMMin or MaucMino)
  • MacCost

It is possible that more than one might be present. (See Identifications > Examine Browser Extensions for instructions on how to locate your browser extensions.)

Move the following items to the trash. Note that, if you don’t know how to locate a file or folder based on the paths that I will give in the instructions, you should read Locating files from paths.

/Applications/Vidx.app
/Applications/MacMin.app
/Library/Application Support/VidToMP3
/Library/Application Support/fa4e8.94b.550d413f
~/Library/Application Support/osxDownloader

(If you see any other apps in that Applications folder with the same name as the extensions mentioned above, remove those as well.)

In addition, look in the following folder:

/Library/LaunchDaemons/

You may find a file there with a nonsensical name, such as “IFiJ0CdOnl.plist”. If you do, don’t delete it right away. First, open that file in a text editor, such as the TextEdit app that comes preinstalled in the Applications folder. If anywhere in that file you see a reference to “VidToMP3” or any of the browser extension names found above, remove that file. Do not remove any other files in this folder!

Vidx is also known to add malicious JavaScript code to the Chrome and Firefox preferences files. Although this will cause you to lose some of your browser settings, it would be wise to delete these preference files.

Chrome’s preferences can be found here:

~/Library/Application Support/Google/Chrome/Default/Preferences

If you have Firefox installed, go to the following folder:

~/Library/Application Support/Firefox/Profiles/

Inside that folder, you will find another folder whose name begins with a series of random characters and ends with “.default”. Open that folder. Inside this folder, the preferences file is called prefs.js. Delete this file.