This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to get rid of a PUA (Bundlore) that keeps reinstalling when cleaned? (MAC HighSierra)

Hi, Sophos keeps detecting a PUA, I Clean the PUA and it comes back 2 minutes after. How can I get rid definitely of this PUA? 

"Bundlore

/private/tmp/mmLaunchme"

 

Here is how it all started: 

I download a software online, run the install, the mouse starts moving by her self, the screen gets black then gets back to normal. I delete the software strait away and empty the trash. When I open google chrome the default browser as changed to Safari, and on both browsers the default homepage is " www.weknow.ac ". 

I cannot change the browser nor on Google Chrome or Safari. 

Apparently I have a Malware, so I instal Sophos and run the scan, identify the problems and clean them all, but one PUA keeps coming back and I still cannot change my default browser.

Am I infected? How to get rid of the Malwares?

 

Thanks for your helps, cheers 

J.



This thread was automatically locked due to age.
  • Hi Julien Valadié,

    Looks like you have installed a PUA which has hijacked the browsers. Can you try resetting the chrome and see if it still reverts back to the new homepage?

    It would help us to have a clear picture of the issue if you can share the details of the Bundlore detection that you have got. Can you share the complete file path of the detected file? or even the screenshot would help.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.