We came across an adware called OriginRemote that, once it reaches a Mac computer, immediately attacks the browser application, especially Google Chrome and Safari internet apps. There will be no indication that this unwanted program is executing the installation because attackers designed this process to be discreet. An obvious sign of OriginRemote infiltration starts to appear when Mac user is having issues with internet software. They may have trouble accessing various sites and sometimes, browser program crashes during the operation. At this point, the browser indicates that OriginRemote is the main cause of the errors.
Is OriginRemote a virus?
Because the OriginRemote appearance on the browser is unexpected, some Mac users deemed the intrusion as part of virus activity. In technical aspects, computer security experts do not classify the threat as a virus. In fact, it has no effect on the operating system. The only target objective of OriginRemote adware is to dominate browser programs by accomplishing changes in its settings. Typically, homepage, new tab, and search tool are areas it desires to control.
With regards to unsolicited installation, Mac users may not be aware that while entry of OriginRemote is unwanted, the loading of the host file that carries the threat was permitted. Like older variants such as ModuleUpdater and MapperRanking, OriginRemote is also utilizing the software bundling technique where it is integrated into freeware like games, utilities, media players, download managers, or fake software updates, as shown in the image below.
Avoiding OriginRemote infection
As you can see, makers of OriginRemote are employing deceitful technique to spread the adware. Therefore, careful acquisition and installation of freeware is recommended. Run the setup process via Custom or Manual method to see if there are surplus programs included. Opt-out in the installation of excess apps and load only the desired software. This is the only solution to prevent potentially unwanted application (PUA) infection.
Procedures to Remove OriginRemote from Mac
In this part, we will present practical recommendations for removing the malware from an infected Mac computer. You can download the suggested scanner to automatically remove OriginRemote. For further instructions, please follow the manual step-by-step processes.
Instant Removal : Scan the Mac computer with antivirus program
Combo Cleaner is a trusted Mac utility application with complete antivirus and optimization features. It is useful in dealing with adware, malware, and PUP's. Moreover, it can get rid of adware like OriginRemote.
1. Download the tool from the following page:
2. Double-click the downloaded file, combocleaner.dmg and proceed with the installation.
3. The installation window will open. Please double-click or drag the Combo Cleaner icon to the Applications folder.
4. Proceed with the installation. When it displays the Software License Agreement, please click Continue, and then click on Agree in the confirmation window. Continue with the default installation.
5. The program should run automatically after installation. If not, open your Launchpad and click on the Combo Cleaner icon.
6. Wait until antivirus downloads its latest virus definition updates and click on "Start Combo Scan" to start removing OriginRemote and other issues on the Mac computer.
7. After the virus and disk scan processes, the tool will display the results. Click on Remove Selected to start cleaning the computer.
To fully optimize the features of antivirus and privacy scanners, users may have to upgrade to the premium version.
If you are comfortable manually removing the adware and other malicious objects associated with it, please proceed with the remaining steps.
Manual Removal : Step-by-step guide to get rid of OriginRemote
This area contains comprehensive procedures to help you remove adware and potentially unwanted program from the Mac computer. Guide on this page are written in a manner that can be easily understand and execute by Mac users.
The procedure may require you to close the browser or restart the computer; therefore, we are suggesting to Bookmark or Print this page.Step 1 : Delete OriginRemote from Mac Applications
1. Go to Finder.
2. On the menu, click Go and then, select Applications from the list to open Applications Folder.
3. Find OriginRemote or any unwanted program.
4. Drag OriginRemote to Trash Bin to delete the application from Mac.
5. Next, go to the Dock, right-click on the Trash icon, and click on Empty Trash.
Step 2 : Remove Browser Extensions that belongs to OriginRemote
Most adware and unwanted programs use an application called a "browser extension" to be able to take over the settings of internet applications. Therefore, we highly recommend checking and removing the extension that is closely related to OriginRemote. If it is not present, look for and delete any suspicious browser extension.
Google Chrome
Remove the OriginRemote Extension from Google Chrome
1. Open the Google Chrome browser on you Mac device.
2. Input the strings below in the address bar and press Enter on the keyboard:
chrome://extensions/
3. Find OriginRemote or a relevant entry and remove it from Google Chrome.
Safari
Remove Malicious Extension from Safari
1. Open the Safari browser.
2. On the top menu, click Safari > Settings or Preferences.
3. The Safari settings window will open. Please select the Extensions tab.
4. Locate the suspicious extension and click the Uninstall button to remove it from Safari.
5. You may now close the window and restart Safari.
Microsoft Edge
Remove OriginRemote from Mac's Microsoft Edge Browser
1. Open the Microsoft Edge program on your Mac.
2. Input or copy and paste the following string in the address bar. Press press Enter on the keyboard:
edge://extensions/
3. Look for and Remove or Disable entries for OriginRemote from the Installed Extensions area.
4. You may now close the window and restart the Microsoft Edge browser.
Mozilla Firefox
Uninstall the OriginRemote Extension from Mozilla Firefox
1. Open the Mozilla Firefox browser.
2. Type or copy and paste the strings below in the address bar and press Enter on the keyboard:
about:addons
3. Click on Extensions from the sidebar menu.
4. Look for an entry that pertains to OriginRemote and Disable or Remove it from the browser using the options button.
Step 3 : Delete Malicious Files that have installed OriginRemote
1. Go to your Finder. From the menu bar, please select Go > Go to Folder.
2. Input the following string and press Enter on the keyboard.
~/Library/LaunchAgents
3. You will now see a hidden folder named LaunchAgents. Take note of the following files inside the folder:
- com.OriginRemote.plist
- unknown.service.plist
- unknown.system.plist
- unknown.download.plist
- unknown.update.plist
4. The term unknown is just a representation of the actual malware name. Attackers may use the following file names:
- OriginRemote, (random characters).plist
If you cannot find the specified file, please look for any unfamiliar or suspicious entries. It may be the one causing OriginRemote to be present on your Mac. Arranging all items to see the latest ones may also help you identify recently installed unfamiliar files.
5. Please click on "Show items as..."
6. To arrange the items in chronological order, click Date Modified.
7. Drag all suspicious files that you may find to Trash.
Take note of all the suspicious files, as you may also delete the same item in another folder as we go on.8. Please restart the Mac computer.
9. Open another folder using the same method as above. Copy and paste the following string to easily locate the folder:
~/Library/Application Support
10. Select any suspicious items that you have noted previously. Drag them to the Trash.
11. Repeat the process in the following non-hidden folders (without ~):
/Library/LaunchAgents
/Library/LaunchDaemons
/Library/Application Support
12. Lastly, go to your Finder > Go and open the Applications folder. Look for subfolders with the following names and drag them to Trash.
- OriginRemote, (random characters)
Optional : For locked files that cannot be removed, do the following:
1. Go to Launchpad > Other folder, open the Activity Monitor.
2. Select the process you want to quit.
3. In the upper part of the window, click the Stop button.
4. Click on Force Quit button.
5. You may now delete or remove the locked file that belongs to OriginRemote homepage hijacker.
Step 4 : Double-check with Malwarebytes for Mac
Use Malwarebytes for Mac to do another scan to make sure the machine is already clear of viruses, malware, and adware. This efficient anti-malware application allows you to detect things that other security software was unable to recognize.
1. Download Malwarebytes for Mac from the link below.
2. Locate the downloaded Malwarebytes-Mac.pkg and install it with the default settings.
3. Run Malwarebytes for Mac. It will check for updates and download the most recent version if one is available. This is necessary for finding recent malware threats, including OriginRemote.
4. Once you are on the Malwarebytes dashboard, please click on the Scan button to start scanning your Mac computer.
5. After the scan, Malwarebytes for Mac will display a list of identified threats, and OriginRemote is surely part of it. Be sure to select all items in the list. Then, click the Remove button to clean the computer.
Step 5 : Fixing the Homepage and Search Engine
Google Chrome
Remove OriginRemote from the Homepage and Search of Chrome
1. Open the Google Chrome browser and type the following on the address bar and press Enter on the keyboard:
chrome://settings
2. Go to the left sidebar and click On Startup.
3. Select "Open a specific page or set of pages" in the right panel.
4. Locate the unwanted Homepage URL, click on More Actions (3-dot icon), and select Edit.
5. Enter the desired web address as your home page, replacing OriginRemote. Click Save.
6. To set the default search engine, go to the sidebar, and this time, select Search Engine.
7. Click on the Manage search engines and site search button in the right panel.
8. Find the unwanted Search Engine in the list. Click on More Actions, and then click Delete.
9. Go back to the left side bar and click Search Engine.
10. In the right panel, choose a valid entry from the "Search engine used in the address bar."
You can now restart the Google Chrome browser to see if the unwanted homepage and search engine related to OriginRemote are gone.
Safari
Get Rid of OriginRemote from Safari's Homepage and Search
1. Open your Safari browser.
2. Go to the Safari Menu located in the upper left-hand corner, and then select Settings or Preferences.
3. In the General tab, remove the OriginRemote item or unwanted URL from the Homepage section. Replace it with your preferred URL to be set as your default homepage.
4. Next, be sure that the "New windows open with" and "New tabs open with" fields are set to "Homepage".
5. Please click on the Search tab, and in the "Search engine" section, select Google or any valid search engine.
6. You may now restart the Safari browser.
Microsoft Edge
Remove OriginRemote from the Homepage of Edge Browser
1. Open the Microsoft Edge browser on your Mac computer.
2. In the address bar, type or copy and paste the string below, then press Enter on the keyboard:
edge://settings/startHomeNTP
3. Go to the "When Edge Starts" area. Under the "Open these pages" section, click More Actions (3-dot).
4. Select Edit to open the Edit Page window.
5. Input your desired address to replace the homepage settings of OriginRemote.
6. Click the Save button. You may now restart Microsoft Edge for Mac.
Mozilla Firefox
Delete OriginRemote from the Homepage and Search of Firefox.
1. Open the Mozilla Firefox browser on your Mac computer.
2. Type the following on the address bar, then press Enter on the keyboard:
about:preferences
3. Click Home in the sidebar area.
4. Under "Homepage and new windows", you may choose Firefox Home (Default) or Custom URLs.
5. If you chose Custom URLs, input the desired URL to replace OriginRemote settings.
6. To configure the default search engine, select Search in the sidebar to display the settings.
7. Under the Default Search Engine list, please select a legitimate one (i.e., Google).
8. Scroll down to "Search Shortcuts" and select an unwanted search engine.
9. Click on the Remove button to delete the unwanted search engine. You may now restart the Mozilla Firefox for Mac.
System Compatibility Notice
To provide you with easy and accurate methods, the commands used in the guide are common, useful, and tested. We ensured that our tutorial to get rid of OriginRemote is compatible with the majority of Mac operating systems. Please let us know via email or the comment section below if you run into any incompatibility when using this tutorial. We will be pleased to reply and make the required corrections.
Discussion