How to uninstall PhantomRich app/extension from Mac (Virus removal guide)

What is PhantomRich

PhantomRich is an adware application that targets Mac computers. Adware is a form of malicious software designed to inject advertisements into your internet surfing or even your desktop. Adware can be used to gather your personal information (your IP address, pages viewed, search queries, links clicked), track the websites you visit or even record your keystrokes.

QUICK LINKS

• What is PhantomRich?
• Protection
• Removal

PhantomRich adware in detail

PhantomRich is a malicious application that runs in the background while you are browsing the web. It displays unwanted ads (pop-ups, various offers and deals, unclosable windows, push notifications, and even fake virus alerts) on computers or changes search results in browsers to earn money for their creators from user clicks.

It can change the browser’s homepage and the default search engine, can inject fake results into search pages and can also inject malicious ads into legitimate websites or trigger unclosable pop-up windows in the browser. The goal of its creators is to earn commission money fraudulently by abusing pay-per-view or pay-per-clickadvertising schemes.

Attackers often use adware to redirect users to pornographic content, various diet pills, fake virus alerts that trick users to buy or install applications that are not needed, work-at-home schemes and other questionable content. Below are some examples of such sites:

In summary, the PhantomRich app/extension can seriously affect your privacy, your computer’s performance and security.

How does PhantomRich get on your MAC

Adware comes bundled with various free apps. This means that you need to be very careful when installing applications downloaded from the Internet, even from well-known download sites. Be sure to read the Terms of Use and the Software License, select only the manual, advanced or custom installation option, disable any unnecessary web browser extensions and software offered for installation.

The pop-up window that appears after the installation of the PhantomRich adware is complete:

Threat Summary

Name	PhantomRich, “PhantomRich 1.0”
Type	adware, PUP (potentially unwanted program), Mac virus, Mac malware
Detection Names	Trojan-Downloader.OSX.Adload, OSX.Trojan.Gen, Program:MacOS/Vigram.A, MacOS.Agent-MT, Adware/Adload!OSX, Osx.Adware.Cimpli, ApplicUnwnt and Adware.MAC.Generic
Distribution	Freeware installers, torrent downloads, shady popup ads and fake updaters
Symptoms	Your browser is redirected to web pages you did not want, pop-ups and newtabs are loaded without your request, new entries appear in your Applications folder, unwanted web-browser extensions or toolbars keep coming back, your Apple Mac settings are being modified without your request, slow Internet browsing speeds.
Removal	PhantomRich removal guide

How can you protect against adware?

There are a number of methods that you can use to protect against malicious adware. It is better to use them together, this will provide stronger protection.

1. Use an ad blocker. Ad blockers allow you to browse sites without ads, thus eliminating the possibility of clicking on something malicious and preventing it from being downloaded to the machine.
2. Pay for premium versions of popular services. The easiest way to avoid adware is to pay for the service you use. Many Internet services make it possible to use them without ads if you purchase a premium subscription. This helps ensure that malicious adware cannot reach you.
3. Buy devices from trusted companies with built-in security. There have already been many cases where people who bought inexpensive Android devices found that adware was already installed on their devices. Cheap Android devices do not receive security updates and are therefore particularly susceptible to infection and should be avoided.
4. Use an antivirus. Most antivirus programs can block malicious adware. Some malicious adware can block antiviruses, in which case a more aggressive method should be used, which is to use adware removal software. This software can detect and remove adware that has a negative impact on the device.

How to Remove PhantomRich adware (Virus removal instructions)

There are several ways to remove PhantomRich. But not all malicious applications, such as this adware, can be completely removed manually. More often than not, you cannot remove any adware using the standard Mac features. Therefore, to remove PhantomRich adware, you need to follow a few manual steps and then run a reliable removal tool. Most IT security experts consider MalwareBytes AntiMalware to be the right choice. This removal tool can detect and remove PhantomRich from your MAC and restore your browser settings to default.

To remove PhantomRich, follow the steps below:

1. Remove profiles created by PhantomRich
2. Uninstall PhantomRich associated software by using the Finder
3. Remove PhantomRich related files and folders
4. Scan your Mac with MalwareBytes
5. Remove PhantomRich from Safari, Chrome, Firefox
6. How to stay safe online

Remove profiles created by PhantomRich

PhantomRich can install a configuration profile on the Mac system to block changes made to the browser settings. Therefore, you need to open system preferences, find and delete the profile installed by the adware.

Click the System Preferences icon ( ) in the Dock, or choose Apple menu ( ) > System Preferences.

In System Preferences, click Profiles, then select a profile associated with PhantomRich.

Click the minus button ( – ) located at the bottom-left of the Profiles screen to remove the profile.
Note: if you do not see Profiles in the System Preferences, that means there are no profiles installed on your Mac, which is normal.

Uninstall PhantomRich associated software by using the Finder

In order to get rid of adware, PUPs and browser hijackers, open the Finder and click on “Applications”. Check the list of installed applications. For the ones you do not know, run an Internet search to see if they are PUPs, browser hijackers and adware. If yes, remove them off. Even if they are just a programs which you do not use, then removing them off will increase your MAC start up time and speed dramatically.

Open Finder and click “Applications”.

Carefully browse through the list of installed apps and remove all dubious and unknown software.

Once you’ve found anything dubious that may be the PhantomRich or other potentially unwanted program, then right click this program and select “Move to Trash”. Once complete, Empty Trash.

Remove PhantomRich related files and folders

Now you need to try to find PhantomRich related files and folders, and then delete them manually. You need to look for these files in certain directories. To quickly open them, we recommend using the “Go to Folder…” command.

PhantomRich creates several files, these files must be found and removed. Below is a list of files associated with this unwanted application.

• /Library/LaunchDaemons/com.PhantomRich.system.plist
• ~/Library/LaunchAgents/com.PhantomRich.service.plist
• /Library/Application Support/.(RANDOM)/System/com.PhantomRich.system
• ~/Library/Application Support/.(RANDOM)/Services/com.PhantomRich.service.app

Some files created by PhantomRich are hidden from the user. To find and delete them, you need to enable “show hidden files”. To do this, use the shortcut CMD + SHIFT + . Press once to show hidden files and again to hide them. There is another way. Click Finder -> Applications -> Utilities -> Terminal. In Terminal, paste the following text: defaults write com.apple.finder AppleShowAllFiles YES

Press Enter. Hold the ‘Option/alt’ key, then right click on the Finder icon in the dock and click Relaunch.

Click on the Finder icon. From the menu bar, select Go and click “Go to Folder…”. As a result, a small window opens that allows you to quickly open a specific directory.

Check for PhantomRich generated files in the /Library/LaunchAgents folder

In the “Go to Folder…” window, type the following text and press Go:
/Library/LaunchAgents

This will open the contents of the “/Library/LaunchAgents” folder. Look carefully at it and pay special attention to recently created files, as well as files that have a suspicious name. Move all suspicious files to the Trash. A few examples of files: com.net-preferences.plist, macsearch.plist, com.google.defaultsearch.plist, , installapp.plist, com.PhantomRich.service.plist, com.machelper.plist and search.plist. Most often, adware software, potentially unwanted programs and browser hijackers create several files with similar names.

Check for PhantomRich generated files in the /Library/Application Support folder

In the “Go to Folder…” window, type the following text and press Go:
/Library/Application Support

This will open the contents of the “Application Support” folder. Look carefully at its contents, pay special attention to recently added/changed folders and files. Check the contents of suspicious folders, if there is a file with a name similar to com.PhantomRich.system, then this folder must be deleted. Move all suspicious folders and files to the Trash.

Check for PhantomRich generated files in the “~/Library/LaunchAgents” folder

In the “Go to Folder…” window, type the following text and press Go:
~/Library/LaunchAgents

Proceed in the same way as with the “/Library/LaunchAgents” and “/Library/Application Support” folders. Look for suspicious and recently added files. Move all suspicious files to the Trash.

Check for PhantomRich generated files in the /Library/LaunchDaemons folder

In the “Go to Folder…” window, type the following text and press Go:
/Library/LaunchDaemons

Carefully browse the entire list of files and pay special attention to recently created files, as well as files that have a suspicious name. Move all suspicious files to the Trash. A few examples of files to be deleted: com.PhantomRich.system.plist, com.search.system.plist, com.installapp.system.plist, com.macsearch.system.plist and com.machelper.system.plist. In most cases, adware software, potentially unwanted programs and browser hijackers create several files with similar names.

Scan your Mac with MalwareBytes

You can delete PhantomRich associated files automatically with a help of MalwareBytes. We recommend this free malware removal tool because it can easily remove potentially unwanted programs, adware, browser hijackers and toolbars with all their components such as files, folders and system entries.

Download MalwareBytes AntiMalware on your machine from the link below.

When the download is done, run it and follow the prompts. Click the “Scan” button . MalwareBytes Anti-Malware program will scan through the whole computer for the PhantomRich adware. Review the report and then click the “Quarantine” button.

The MalwareBytes is a free program that you can use to delete all detected folders, files, malicious services and so on.

Remove PhantomRich from Safari, Chrome, Firefox

Remove unwanted extensions is a simple method to delete PhantomRich adware and return web browser’s settings which have been replaced by adware.

Google Chrome	Mozilla Firefox
Click on ‘three dots menu’ button at the top right corner of the Chrome window. In the menu go to ‘More tools’, then ‘Extensions’. Click ‘Remove’ to uninstall an extension. Click ‘Remove’ in the dialog box. You can also try to delete PhantomRich adware by reset Chrome settings.	Click on ‘menu’ button and select ‘Add-ons’. Go to ‘Extensions’ tab. To uninstall an add-on, click on ‘Remove’ button next to it. If you are still experiencing problems with PhantomRich adware removal, you need to reset Firefox browser.
Safari
On the top menu select ‘Safari’, then ‘Preferences’. Select ‘Extensions’ tab. Select an extension you want to delete and click ‘Uninstall’ button next to it.

How to stay safe online

In order to increase your security and protect your MAC system against new intrusive ads and malicious websites, you need to run ad blocking program that blocks an access to malicious ads and websites. Moreover, the program can block the open of intrusive advertising, which also leads to faster loading of web-pages and reduce the consumption of web traffic.

Installing the AdGuard is simple. First you will need to download AdGuard on your Apple Mac by clicking on the link below.

Once the download is complete, run the downloaded file. The Setup Wizard will appear on the computer screen. Follow the prompts.

After AdGuard is installed, you will be prompted to read the quick guide. Click the “Skip” button to use the default settings, or click “Get Started” to see quick instructions to help you get to know AdGuard better and make changes to the default settings.

Now, every time you turn on your Apple Mac, AdGuard will launch automatically and stop intrusive pop-up ads, block malicious and phishing websites.

Finish words

Once you have removed the PhantomRich adware using the few simple steps, Chrome, Safari and Firefox will no longer display any unwanted ads. Unfortunately, if the guide does not help you, then you have caught a new adware, and then the best way – ask for help here.