The Safe Mac

Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!


Adware Removal Tool

Published May 2nd, 2014 at 12:01 PM EST, modified November 12th, 2014 at 9:27 AM EST

adware

The Adware Removal Tool is now obsolete, and will no longer be receiving updates.

I hit some limits to what I was able to accomplish with AppleScript, so the Adware Removal Tool has now been replaced by a “real” app: AdwareMedic. Please use AdwareMedic rather than the Adware Removal Tool. It detects adware more reliably, and detects things that the Adware Removal Tool does not.


 

This tool is an AppleScript application designed to remove all known Mac adware. If you aren’t sure whether to trust this script, you can open the app in AppleScript Editor and review or manually run the AppleScript code.

Be aware that use of this script is at your own risk. It should not cause any problems, but there can never be any guarantees… even professional malware removal tools have been known to damage systems or destroy user data. I strongly believe this will not happen with this tool, but cannot guarantee that. Be sure that you have good backups before using tool like this.

Download now (TSMART.zip)

How to use the tool

Using this script is pretty easy, once you have opened it. It pretty much does everything for you, with just a few questions along the way.

First, the script will check for updates. If there’s a newer version of the script, you will be directed to download it. You can choose to continue using the script you already have, but should be aware that it’s probably always going to be in your best interests to use the most up-to-date version of the script.

Next, you will be asked if you’re okay with closing your web browser(s). If you’re right in the middle of a lengthy post on some forum about the evils of adware and don’t want to lose it, you can opt out at this point, and run the script again later. If you’re okay with the script closing your browser(s), it will close them for you.

From here, the script will begin removing any adware it finds. Adware components will be moved to the trash, rather than deleted outright, so that you can have the final say about deleting it.

There are just a couple cases where the script will need to ask you how to proceed. In the case of GoPhoto.it, your Firefox preferences file (prefs.js) may be infected with hundreds of kilobytes of GoPhoto.it-related JavaScript code. Deleting it is required to get rid of this adware, but this will cause you to lose some of your Firefox preferences. Thus, the script will ask you what to do. If you choose not to delete the prefs.js file, you can always run the script again later to remove it, or you can restore a clean file from backup or remove the malicious code manually.

delete launchd.conf?Some variants of the Genieo adware install files that, if removed improperly, can cause the  machine to freeze and to be unable to restart. Thus, if the primary culprit – the launchd.conf file – is found, and if it contains a malicious Genieo-related setting, the script will proceed cautiously. It will ask you if you want to delete this file. You can either choose to delete the file, or choose not to and edit it manually. Either way, you will need to restart the computer afterwards to make the change take effect. (The script will do this for you, after asking if that’s okay, if you choose to let it take care of removing this file.) After doing this, you can run the script a second time to remove the remaining components, which cannot be safely deleted while an infected launchd.conf file remains in the system.

Bottom line – pay attention to the messages you see, rather than just skipping past them, and you’ll be okay.

Frequently Asked Questions

The script finished, but my browser still opens a bad page when it opens!

The script will try to re-set the home page in Safari to Apple’s page when necessary, but at this time, you will need to do this step manually for any other affected web browsers.

I’m still getting ads after running the script!

They may not be related to adware. They could be ads that are normal for the site in question, or you may have a compromised network. See:

http://www.thesafemac.com/arg-other-causes/

If it looks like your wireless router might be the cause of the problem, see:

http://www.thesafemac.com/how-to-manage-a-hacked-wireless-router/

No offense, but I’d really rather not trust your script. Can I do this manually?

Sure! Just visit The Safe Mac’s Adware Removal Guide:

http://www.thesafemac.com/arg

 


This page and all contents (unless otherwise noted) copyright 2011-2014 by Thomas Reed.
For questions or comments, please contact me.