This Tech Tip is a cautionary tale. As a general rule, I recommend that you avoid installing apps that claim to tune-up or optimize your Mac. Last week, I worked on two Macs whose performance was negatively impacted by MacKeeper, MacBooster and TuneUpMyMac. A third Mac’s web browsing had been hijacked by Conduit Search. It’s not clear if any of these applications are actually malware, but I consider them all annoy-ware at a minimum.
Let me briefly discuss each of these applications:
MacKeeper has a very mixed reputation that is well-covered in a 2012 Cult of Mac article. MacKeeper is advertised heavily. You’ve probably seen some of its ads that include its mascot pictured here. Ads for MacKeeper can be deceptive such as the one that is cleverly woven into the design of the Speedtest.net web site. It would be easy for someone who doesn’t know what they’re doing to click the MacKeeper ad instead of the Speedtest’s Start button! My experience with MacKeeper is not positive. On some Macs it doesn’t seem to cause issues, but if a client is reporting performance slow downs, spinning beach balls or freezes and I see that MacKeeper is installed, I’ll immediately remove it. Fortunately, current versions of MacKeeper are easy to remove. The removal process is documented on the developer’s web site. MacHelpWriter has excellent MacHelpWriter also has excellent instructions for removing MacKeeper, either manually or using DetectX.
TuneupMyMac was new to me when I found it in the Applications folder on my client’s Mac. Her Mac had a handful of performance issues, but I was focused on removing a Word Macro virus. I installed Sophos, a virus-removal application which I recommend. Sophos repeatedly got stuck in the middle of its efforts to identify and remove the virus from all infected files. As soon as I removed TuneupMyMac and restarted the Mac, Sophos was able to finish its scan and clean all infected files.
MacBooster was also an unfamiliar application when I encountered it. My client reported that she had been unable to empty her Trash since MacBooster had been installed. She wasn’t entirely sure how it had been installed, but we removed MacBooster easily. I noticed that her Mac also had MacKeeper installed so I removed it also. I’m not sure which of them was the culprit or if the combination of them was the cause of the problem. After removing both of them we could empty the Trash.
Conduit Search was preventing one of my clients from being able to view web pages and conduct searches using Google. Conduit Search had changed the default search engine from Google to itself. While trying to view web pages pop-up ads repeatedly appeared. Conduit Search had imbedded itself into each of her web browsers: Safari, Firefox and Chrome. Removing Conduit Search was not easy since it’s not an actual application. Instead, it’s comprised for a number of bits and pieces that are strewn about your Mac so it can embed itself in each of your web browsers. In order to get rid of Conduit Search, I referenced a few different web pages I found, including this page at Apple Discussion forums. My client believes that Conduit Search was installed when she installed a free video-viewing application named mplayer. I wasn’t able to confirm this, but it’s possible. I’ve never used mplayer, but it appears to be a legitimate open-source application. It’s possible that somebody could have written a custom installer that claims to install mplayer but instead installs Conduit Search.
It’s tough to offer you succinct reliable advice about how to avoid applications like the ones discussed in this article, but here are some general recommendations:
- Only download files from web sites that you know and trust.
- Take a minute to research an application that you see advertised. For example, go to Google and type in “MacKeeper malware” or “MacKeeper scam” to see if others think this application is reputable or not.
- Make sure you backup your Mac at least daily. While I was able to remove all of these unwanted items from my client’s Macs, it’s possible that some application could damage or delete some of your data. Daily backups would protect against this.
[UPDATE: OCTOBER 2014 – I continue to find Conduit Search and TuneUpMyMac on client computers. I also came across another adware program installed, GoPhoto.it. Here are the instructions to remove GoPhoto.it]
[UPDATE: NOVEMBER 2014 – I continue to see a steady flow of computers affected by adware or annoy-ware. I’ve found that MalwareBytes Anti-Malware for Mac is a useful tool to remove some adware. I used it this week to remove Genieo.]
[UPDATE: DECEMBER 2014 – A client reported having an adware program named MacVX installed on his Mac. I sent him an article I found with instructions on how to remove MacVX and they worked for him.]
One Comment