ExpandedCommand for Mac OS is categorized as potentially unwanted application (PUA). Its entry on the computer is often without permission from user. By using different tricky techniques, makers of ExpandedCommand app were able to persuade web users into accessing the carrier of this malicious browser extension. Of all the many deployment scheme being utilized by cyber crooks, there are methods that stands out among the rest and is very successful in penetrating Mac computers.
How ExpandedCommand infects Mac?
Mac user may bump into ExpandedCommand directly or even on its carriers while online. Actors behind this malware have various spread techniques but they heavily rely on these approaches to spread the malicious code.
Malicious Ad – Be careful not to click on online ads especially those that are popping out aggressively on the browser pages. Majority of these ads are driven with malevolent intention of driving web user to a relevant pages containing misleading content. Two things may happen, it is either it will entice web users to directly download ExpandedCommand or be taken to a much misleading and intrusive online page that explains why this program is valuable in enhancing Mac users online searching and browsing.
Fake Software Update – Again, this operates as pop-up ads that are in disguise as system alert. Usually, the content illustrates an identified outdated program that causes issues on browsing capabilities of user. To fix it, the pop-up normally suggests downloading of essential software update. Eventually, this scheme will install ExpandedCommand instead of the anticipated app.
Malicious Freeware – Attackers know what the popular freeware for Mac users are. The technique on this approach is they embed ExpandedCommand to the freeware installer so that it runs a simultaneous loading during the freeware setup. The installation of the adware was intentionally made discreet to avoid Mac user from blocking the process.
Risks of Installing ExpandedCommand app
ExpandedCommand operates as both PUA and Adware. This means that it is using force entry to gain access on the computer. Attackers are utilizing several techniques to penetrate Mac computer and influence internet program by installing itself as browser extension. Then, ExpandedCommand compel the exploration of its suggested new search provider and relevant homepage.
While staying on the browser program, ExpandedCommand app is able to display different advertisements including annoying pop-ups and redirects. Unfortunately, these are not usual ad campaign but rather contains malicious object that may lead to downloading and installation of adware or malware.
Procedures to Remove ExpandedCommand from Mac
This area contains comprehensive procedures to help you remove adware and potentially unwanted program from the computer.
Guide on this page are written in a manner that can be easily understand and execute by Mac users.
Quick Fix - Scan the System with Combo Cleaner
Combo Cleaner is a trusted Mac utility application with complete antivirus and optimization features. It is useful in dealing with adware, malware, and PUP's. Moreover, it can get rid of adware like ExpandedCommand. You may need to purchase full version if you require to maximize its premium features.
1. Download the tool from the following page:
2. Double-click the downloaded file and proceed with the installation.
3. In the opened window, drag and drop the Combo Cleaner icon onto your Applications folder icon.
4. Open your Launchpad and click on the Combo Cleaner icon.
5. Wait until antivirus downloads its latest virus definition updates and click on "Start Combo Scan" to start removing ExpandedCommand.
6. Free features of Combo Cleaner include Disk Cleaner, Big Files finder, Duplicate files finder, and Uninstaller. To use antivirus and privacy scanner, users have to upgrade to a premium version.
Proceed with the rest of the removal steps if you are comfortable in manually removing malicious objects associated with the threat.
Step 1 : Delete ExpandedCommand from Mac Applications
1. Go to Finder.
2. On the menu, click Go and then, select Applications from the list to open Applications Folder.
3. Find ExpandedCommand or any unwanted program.
4. Drag ExpandedCommand to Trash Bin to delete the application from Mac.
5. Right-click on Trash icon and click on Empty Trash.
Step 2 : Remove Browser Extensions that belongs to ExpandedCommand
1. Locate the add-on or extension that is relevant to the adware. To do this, please follow the following depending on affected browser.
Safari - Choose Preferences from the Safari menu, then click the Extensions icon. This will open a window showing all installed extensions.
Chrome - Select Preferences from the Chrome menu, and then click the Extensions link found on the left pane.
Firefox - Choose Add-ons from the Menu. Look at both the Extensions and Plug-ins lists when it opens a new window.
2. Once you have located ExpandedCommand, click on Remove or Uninstall, to get rid of it.
3. Close the browser and proceed to the next steps.
Step 3 : Delete Malicious Files that have installed ExpandedCommand
1. Select and copy the string below to your Clipboard by pressing Command + C on your keyboard.
2. Go to your Finder. From the menu bar please select Go > Go to Folder...
3. Press Command + V on your keyboard to paste the copied string. Press Return to go to the said folder.
4. You will now see a folder named LaunchAgents. Take note of the following files inside the folder:
The term unknown is just a representation of the actual malware name. Attackers may masks the actual name with following:
- SystemJump, BrowserToday
If you cannot find the specified file, please look for any unfamiliar or suspicious entries. It may be the one causing ExpandedCommand to be present on your Mac. Arranging all items to see the most latest ones may also help you identify recently installed unfamiliar files. Please press Option + Command + 4 on your keyboard to arrange the application list in chronological order.
Important: Take note of all the suspicious files as you may also delete the same item on another folder as we go on.
5. Drag all suspicious files that you may find to Trash.
6. Please restart the computer.
7. Open another folder using the same method as above. Copy and Paste the following string to easily locate the folder.
8. Look for any suspicious items that are similar to the ones in Step 4. Drag them to the Trash.
9. Repeat the process on the following non-hidden folders (without ~):
10. Lastly, go to your Finder and open the Applications Folder. Look for subfolders with the following names and drag them to Trash.
- SystemJump, BrowserToday
Optional : For locked files that cannot be removed, do the following:
1. Go to Launchpad, Utilities folder, open Activity Monitor.
2. Select the process you want to quit.
3. Click on Force Quit button.
4. You may now delete or remove locked files that belongs to ExpandedCommand adware.
Step 4 : Double-check with MBAM Tool for Mac
1. Download Malwarebytes Anti-malware for Mac from this link:
2. Run Malwarebytes Anti-malware for Mac. It will check for updates and download if most recent version is available. This is necessary in finding recent malware threats including ExpandedCommand.
3. If it prompts to close all running web browser, please do so. Thus, we advise you to PRINT this guide for your reference before going offline.
4. Once it opens the user interface, please click on Scan button to start scanning your Mac computer.
5. After the scan, Malwarebytes Anti-malware for Mac will display a list of identified threats, ExpandedCommand is surely part of it. Be sure to select all items in the list. Then, click Remove button to clean the computer.
Step 5 : Remove ExpandedCommand from Homepage and Search
- Open your Safari browser.
- Go to Safari Menu located on upper left hand corner, and then select Preferences.
- Under General tab, navigate to Default Search Engine section and select Google or any valid search engine.
- Next, be sure that "New Windows Open With" field is set to Homepage.
- Lastly, remove ExpandedCommand from the Homepage field. Replace it with your preferred URL to be set as your default homepage.
- Open Chrome browser.
- Type the following on the address bar and press Enter on keyboard : chrome://settings/
- Look for 'On Startup' area.
- Select 'Open a specific page or set of pages'.
- Click on More Actions and select Edit.
- Enter the desired web address as your home page, replacing ExpandedCommand. Click Save.
- To set default search engine, go to Search Engine area.
- Click on 'Manage search engines...' button.
- Go to questionable Search Engine. Click on More Actions and Click 'Remove from list'.
- Go back to Search Engine area and choose valid entry from Search engine used in the address bar.
- Run Mozilla Firefox browser.
- Type the following on the address bar and hit Enter on keyboard : about:preferences
- On Startup area, select 'Show your home page' under 'When Firefox starts' field.
- Under Home Page field, type the desired URL to replace ExpandedCommand settings.
- To configure default search engine, select Search on left sidebar to display settings.
- Under Default Search Engine list, please select one.
- On the same page, you have an option to Remove unwanted search engine.
Optional : If unable to change browser settings, execute these steps:
Some user complains that there is no way to change browser settings because it is grayed out by ExpandedCommand. In such situation, it is important to check if there is unwanted profile. Please do the following:
1. Quit any running applications and launch System Preferences from your Dock.
2. Under System Preferences, click Profiles.
3. Select ExpandedCommand or any relevant profile from the left pane. See image below.
4. At the bottom of this window, click minus [-] button to delete the account. Please refer to image above.
5. Close the Profiles window and open the affected browser to change all settings associated with ExpandedCommand.
How to protect Mac against ExpandedCommand?
Computer protection is attained in couple of ways. One is by installing a valid and high-end anti-virus or anti-malware program and the other thing is by being very cautious while interacting online or accessing files. Both are the ideal way to protect the computer against ExpandedCommand or similar threats.