search.lexside.com browser hijacker

[-FlyAuburn-]

So, I just got my new 5k iMac and have been playing around with different things.

One of them is openemu. Some of the zipped emulator games need 7-zip to unzip them, so I downloaded it and installed it.

Apparently it had at least two forms of malware embedded in it (at least the download I used).

The first was "Premier Opinion", which is a fairly nasty piece of spyware that I appear to have removed through both simply deleting it and its Launch Agent lines, and using Malwarebytes.

The second however is a browser hijacker, that managed to hijack Safari/Firefox/Chrome simultaneously with an obviously nefarious search engine "search.lexside.com". I've deleted it manually from Safari and Firefox, and tried from Chrome, but it keeps coming back.

My plan when I get home and get a chance is to try Sophos (just learned about it) and AdwareMedic to see if they fix the problem. Malwarebytes didn't.

I also found this on Apple Support that I will try if those don't work: https://support.apple.com/en-il/HT203987

Anyway, if those don't work I don't know what to do. Anybody run into this one or have any ideas for solutions?

Running the latest version of Yosemite.

 

[M@C]

You should only download software from trusted sites.

Instead of messing around with multiple spyware/adware/malware remover software, just wipe the HDD clean and do a fresh install (I mean you just got your iMac, right?). After that, download The Unarchiver. It handles 7-Zip.

 

[-FlyAuburn-]

You should only download software from trusted sites.

Instead of messing around with multiple spyware/adware/malware remover software, just wipe the HDD clean and do a fresh install (I mean you just got your iMac, right?). After that, download The Unarchiver. It handles 7-Zip.

That wasn't very helpful. Yes this Mac is new but I just spent all day restoring from a Time Machine backup and installing Windows 10 via boot camp. I'd really rather not do that again.

 

[M@C]

That wasn't very helpful.

You wrote that you don't know what to do and that you need ideas for solutions. I gave you some.

 

[Weaselboy]

The second however is a browser hijacker, that managed to hijack Safari/Firefox/Chrome simultaneously with an obviously nefarious search engine "search.lexside.com". I've deleted it manually from Safari and Firefox, and tried from Chrome, but it keeps coming back.

Did you look in Safari and Chrome both to see if there are any extensions installed that might be doing this?

Try running the app Etrecheck and post up the output from the apps report. It will show all login and startup items and may help ID the bugger.

If you quit Safari, then hold the short key when launching Safari, does that stop the behavior?