Harry, it seems the Profiles is changed via the terminal. I didn’t need to dig into the method since I only update Flash through the company URL.
John Sent from my iPhone > On Apr 29, 2018, at 4:11 PM, Harry Jacobson-Beyer <[email protected]> wrote: > > In the article it directs you to: > >> but you can find the profile by going to System Preferences > Profiles. > > I do not have a “profiles” section in system preferences. > > > >> On Apr 29, 2018, at 3:13 PM, John Robinson <[email protected]> wrote: >> >> >> This group is too aware for this but you may have friends that may need to >> be reminded. >> >> John >> >> >> >> How to Remove the New Mac Flash Malware ‘Crossrider’ >> Andrew OrrApr 25th, 2018 4:56 PM EDT >> A variant of the Crossrider adware has been spotted in the wild. It’s Mac >> Flash malware and different than the original breed because it installs >> certain configuration profiles to stay persistent (via Malwarebytes). >> >> [2017 McAfee Threat Report Shows Spike in Mac Malware] >> >> Mac Flash Malware >> >> This strain of Crossrider comes in the form of a fake Adobe Flash Player >> installer. Pretty typical for macOS and nothing we haven’t seen before. But >> this one is a bit different. As you install it, it automatically installs >> Advanced Mac Cleaner, which uses Siri’s voice to tell you it found a problem. >> >> But behind the scenes, it locks Safari’s homepage to a Crossrider domain, >> and can’t easily be changed. This is due to a configuration profile, which >> is a method that IT admins use to control the behavior of Macs in bulk, like >> in a company. >> >> >> >> This configuration profile forces Safari and Chrome (if you have it >> installed) to always open a page at chumsearch.com. You can’t change it via >> Safari preferences, but you can find the profile by going to System >> Preferences > Profiles. >> >> How to Remove It >> >> Luckily, removing it is fairly straightforward and involves a couple of >> Terminal commands. If you’re on macOS 10.12 or earlier, use the command: >> >> sudo profiles -L >> Although this works on macOS 10.13, another command may be better: >> >> sudo profiles list >> >> >> Then, look for an unfamiliar profile. In this case, the identifier is >> com.myshopcoupon.www. On macOS 10.12 or earlier, type: >> >> sudo profiles -R -p com.myshopcoupon.www >> On macOS 10.13: >> >> sudo profiles remove -identifier com.myshopcoupon.www >> Other than that, the malware doesn’t seem to do much damage to your system. >> Additionally, for most users fake Adobe Flash Players are easy to avoid. >> Flash really isn’t needed anymore, but if you do need it, make sure to only >> download it from Adobe’s official website. >> >> _______________________________________________ >> MacGroup mailing list >> Posting address: [email protected] >> Archive: >> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.mail-2Darchive.com_macgroup-40erdos.math.louisville.edu_&d=DwIFaQ&c=OAG1LQNACBDguGvBeNj18Swhr9TMTjS-x4O_KuapPgY&r=F2GFXrjLFqVo3VwvIlo_XYeEiRRjHv15rxcenz7A21woG2aFGcrzndoSsskxfmOs&m=bdWVhEbgv9gjjxltj92DpKvANJiZVz9VTqiWhFgU6kI&s=jaTG9EZhhXZ3cj_Ljal5aSLPqbEUt4tuc0Wyqnadf1s&e=> >> Answers to questions: <http://erdos.math.louisville.edu/macgroup/> > > > _______________________________________________ > MacGroup mailing list > Posting address: [email protected] > Archive: > <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.mail-2Darchive.com_macgroup-40erdos.math.louisville.edu_&d=DwIFaQ&c=OAG1LQNACBDguGvBeNj18Swhr9TMTjS-x4O_KuapPgY&r=F2GFXrjLFqVo3VwvIlo_XYeEiRRjHv15rxcenz7A21woG2aFGcrzndoSsskxfmOs&m=Am_cZtp-EMKV5z1piOBk-H1akX6NTLSIkOViLk96xIQ&s=6jVH2ULTNSSgJVm-RxBZXySo8-BZ4Gdn6fByZlBERHE&e=> > Answers to questions: <http://erdos.math.louisville.edu/macgroup/> _______________________________________________ MacGroup mailing list Posting address: [email protected] Archive: <http://www.mail-archive.com/[email protected]/> Answers to questions: <http://erdos.math.louisville.edu/macgroup/>
