2

The behavior looks like this:

  1. when I search "baby" with my default search engine google.
  2. I can see browser address bar shows "https://www.google.com.hk/?gfe_rd=cr&ei=JjV5WZ--N8TU8AfqgqII#q=baby"
  3. And then after 1 or 2 seconds, it redirects to "https://hk.search.yahoo.com/yhs/search?hspart=blp&hsimp=yhs-default&type=hmp_060_695_0&p=baby&rnd=1196689346&param1=sid%3D695%3Aaid%3D060%3Aver%3D0%3Atm%3D-1%3Asrc%3Dhmp%3Alng%3Den%3Aitype%3De%3Auip%3D1997106063%3Aup%3DYmFieQ%253D%253D"

I have tried below methods, but none of them works

  • Reset default search engine to google
  • Delete all search engines and create a new one with google search (https://www.google.com/#q=%s)
  • Clean chrome extensions
  • Clear /Libiary/Internet Plugins
  • Reset Chrome
  • Reinstall Chrome

I also tried below methods, which could be one of the temp solutions:

  • Switch to Incognito window;
  • Logout from Chrome;

Any idea about this?

== After successfully clean the folder /Users/$USER/Library/Application\ Support/Google/Chrome/Profile\ 1/Extensions/bfkmdpfljdpopbemfaelnflapafbflgn, it comes back again after two days.

So when I my chrome has the redirect issue, the folder contents looks like:

enter image description here

After I clean it, it looks like:

enter image description here

So I guess there must some virus either comes from my computer or from Chrome. After some check, I find a non-removable extension:

enter image description here

Hope this helps.

Improve this question

2 Answers 2

Reset to default
1

Try creating another user and see if it persists there.

What about Safari or Firefox? Whether they are infected or not, the answer narrows the problem.

Check your DNS; perhaps it was hijacked. 8.8.8.8 is Google's Public DNS and will help if it's allowed in HK. For a friendly trustworthy network, just setting DHCP-based DNS will usually work.

See if https://www.malwarebytes.com/mac/ will kill it.

Try booting to a Linux LiveCD to see if it's environmental. (Probably not this, but it's worth a look if nothing else works.)

Improve this answer
1
  • 1
    After scan computer with Malwarebytes: I found this one "2017-07-29 09:03:24 : Removing Extension Item: /Users/Joshua/Library/Application Support/Google/Chrome/Profile 1/Extensions/bfkmdpfljdpopbemfaelnflapafbflgn". Now it works fine!!! It's a pity that I didn't take a look of file content before deleting it.
    – Joshua
    Commented Jul 29, 2017 at 1:06
0

I think I find the finally solution for this. There is a extension named "Plugins Button" installed in chrome with super permission that you can not remove it.

Step1: Quit Chrome;

Step2:

$ rm -rf /Users/$NAME/Library/Application\ Support/Google/Chrome/Profile $NUMBER/Extensions/bfkmdpfljdpopbemfaelnflapafbflgn/

$ rm -rf ~/Library/Application\ Support/Google/Chrome/Profile\ $NUMBER/Sync\ Extension\ Settings/bfkmdpfljdpopbemfaelnflapafbflgn/

Step3:

Open "System Preferences" and click Profiles, you will find a weird profile named "your name". By taking a look at the detail, it contains the exact keyword "bfkmdpfljdpopbemfaelnflapafbflgn", delete the profile.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .