How do I free my Mac from a Chromium hijack?

Please help! It seems I have been victim of a browser hijack and I can’t seem to get rid of it. Full(ish) info:

A link to a Chromium browser appeared in my menu bar.

Google and/or Netflix and/or other search engines and/or youtube inexplicably work or do not work (I normally use Safari but have checked other browsers).

They do work if use a VPN (Express) - I live in China.

My normal wifi is routed through a US server (see above and I hope I am getting tech jargon correct).

My daughters Mac is working just fine on all the above sites without Express, as are all iPhones and iPads in the house.

I have Dr. Cleaner and Dr. Antivirus and have used both to scan and remove what I could of Chromium and have followed some online advice. However most of this advises me to invest in more virus removing software and I don’t trust that this is not exactly where Chromium wants me to go.

I throw myself, humbly, at your feet . . .

Ugh, cleaning an infected machine can be a nightmare. It’s apparently common for malware/viruses to include a modified version of Chromium in their payload. Since it’s the open source version of Chrome, often people won’t even notice their browser has been changed.

If you don’t have a backup to restore from*, I’d say you’re usually going to need to buy a decent antivirus/cleaning program to fix it, or the advice of someone who knows how to identify and remove exactly what it is you’ve been compromised by.

Sadly, I don’t know of any particularly good programs of this type for the Mac. It’s out of my area of expertise. Hopefully someone will be along that will be able to advise one that’s good, or at least one they’ve had success with in a similar situation.

Good luck!

*If not, don’t feel bad, I’m employed in computer security and don’t have a recent backup of the laptop I’m typing this on. Don’t be like me. Back up your stuff regularly.

I have Time Machine and can’t think of much I’d lose since last back-up - best option?

Generally, yes. If TimeMachine is backing up the operating system’s files as well, I would advise it if you don’t have any important work you would lose. If you do have work you would rather keep, or TimeMachine is not backing up system files* you might want to wait and see if someone who has seen a similar infection.

The reasons for preferring a revert to the last known non-infected backup are twofold. Once you’ve let a bit of malware loose on your system, there’s no telling what else it might have installed. On top of that, it’s hard to trust an antivirus system that is being installed on a compromised system.

The hard part is knowing which backup was the last one before you got infected. Really nasty malware/viruses don’t always show themselves at first in order to make the route of infection more difficult to detect (and really nasty ones try to infect your backups).
*I’m confident you’ll still have system files, but if TimeMachine isn’t going to revert them, this method won’t necessarily fix the infection.

Have you tried something like the instructions here (skip the App Cleaner Pro stuff)?

Are you sure it’s a browser hijacking? Things not working without a VPN is perfectly normal in China. Without the VPN, can you connect to baidu or some other Chinese site?

Are you running the VPN on your router? You don’t seem very technical (sorry), so it seems unlikely that your router is giving you WIFI that’s routed to a US server.

Yes, tried this thanks.

You are mostly correct about my tech abilities, however I know, and can pay, some very clever people to set things up for me!

I will give this a shot, thanks. If not I’ll have to contact, and pay, the clever people . . .

Did you also check these 3 folders, too, since that website doesn’t seem to mention them?


and trash anything in them called Chromium or that you know isn’t legit.

Also, go to System Preferences >User & Groups and check if there are any unknown Login Items for your user and delete them.

I’d also check out what zbuzz mentioned. But if that and TimeMachine come up short, then I’d advise calling the clever people and see what you can work out. If it was a Linux box and you had a backup we could restore your data from, I’d be able to get you back up in a day easily - heck, I could probably track down how you got compromised if everything was configured right. But a Mac is just different enough to make me virtually useless to you, it might as well be a Windows box for all the good I am.

Again, good luck.
Hey, just be glad it’s not something a lot more nasty, like ransomware, or something that just formats your drive.

Huge thanks to all, but nothing seems to be working. Hugely frustrating, as my daughter’s Apple, and all the other related devices work like a charm. I have called the clever person and will update in case it helps others. Cheers.