Here are some steps may help in most cases, but not in this case:
- Turn off extensions/plugins, so that there's won't be unwanted js code while loading the websites. => However, the problem remained the same; and different browsers are having the same problem (tested on Chrome and Safari)
- Clean cookies and other personal settings => not helping anything
- Remove everything under "~/Library/Application\ Support/Google/" and "/Library/Application\ Support/Google/", then reinstall Chrome => not helping anything, since the problem happens on different browsers
So, I start to trace the problem on Chrome Developer Tools (Networks):
- The right and original request for Google Search.
- Chrome is trying to get www.mrlmedia.net/get-js...; however this is the problem.
- After getting get-js, Chrome start to run sf_main, and this is loading the Ads
- direct.html is the IFREAM for the Ads
The root problem is that "somebody" request the get-js while I am browsing the website. But, I don't know who's the guy.
However, it's easy to block the request by adding www.mrlmedia.net into the blacklist:
- vim /etc/hosts
- add 127.0.0.1 www.mrlmedia.net
Then the get-js request will be blocked:
The Ads are removed now.
Better Solution
Thanks for Niccolò Ventura and Steven Foong handing solutions in the comments of this post, and I am writing them down here for conclusion:>> sudo rm /Library/LaunchAgents/com.vsearch.agent.plist /Library/LaunchAgents/com.vsearch.daemon.plist /Library/LaunchAgents/com.vsearch.helper.plist Library/Frameworks/VSearch.framework # so the virus won't auto-start when the system is up
>> sudo rm -fr /Library/Application\ Support/VSearch/ # remove the virus
No comments:
Post a Comment