OSX.Bundlore

Printer Friendly Page

Updated: May 03, 2018 3:16:29 PM
Type: Potentially Unwanted App
Infection Length: Varies
Publisher: Nevaeh Peterson
Risk Impact: Low
Systems Affected: Mac

Behavior

OSX.Bundlore is a potentially unwanted application that installs additional potentially unwanted applications on the computer.

Antivirus Protection Dates

  • Initial Rapid Release version May 02, 2018 revision 019
  • Latest Rapid Release version November 21, 2018 revision 033
  • Initial Daily Certified version May 02, 2018 revision 033
  • Latest Daily Certified version November 22, 2018 revision 002
  • Initial Weekly Certified release date May 09, 2018

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Updated: May 03, 2018 3:16:29 PM
Type: Potentially Unwanted App
Infection Length: Varies
Publisher: Nevaeh Peterson
Risk Impact: Low
Systems Affected: Mac

Once executed, the application creates the following files:

  • /Users/admin/Library/Application Support/ChumSearch
  • /Applications/MyMacUpdater
  • /Applications/Advanced Mac Cleaner
  • /Applications/MyCouponize
  • /Applications/MyShopcoupon
  • /Library/LaunchAgents/com.MyMacUpdater.agent.plist
  • /Library/LaunchAgents/com.MyShopcoupon.agent.plist

The application connects to the following remote locations:
  • service.macinstallerinfo.com/tracking/cm_mac.php?clickid=0
  • events.ponystudent.win/?click_id=0
  • cdn.macresourcescdn.com/download/Mac/InstallerResources/*.*

The application may also connect to one or more of the following remote locations:
  • chumsearch.me
  • comparishopmac.com
  • couponizermac.com
  • ewatchseries.live
  • ewatchseries1.live
  • ewatchseries2.live
  • globalsearch.pw
  • gogirl.com.au
  • hidesearch.bid
  • hideyoursearch.bid
  • hideyoursearch.win
  • kshowonline.stream
  • linkey-search.com
  • mycouponizemac.com
  • myshopcouponmac.com
  • optibacprobiotics.co.uk
  • picirql.com
  • productiveandpretty.com
  • search-mate.com
  • searchsmart.bid
  • emoviesonline.stream
  • shakeonyou.stream
  • smartsearch.pw
  • smartshoppymac.com
  • viralmoon.net
  • webshoppymac.com
  • chumsearch.me
  • comparishopmac.com
  • couponizermac.com
  • ewatchseries.live
  • ewatchseries1.live
  • ewatchseries2.live
  • globalsearch.pw
  • gogirl.com.au
  • hidesearch.bid
  • hideyoursearch.bid
  • hideyoursearch.win
  • kshowonline.stream
  • linkey-search.com
  • mycouponizemac.com
  • myshopcouponmac.com
  • optibacprobiotics.co.uk
  • picirql.com
  • productiveandpretty.com
  • search-mate.com
  • searchsmart.bid
  • seemoviesonline.stream
  • shakeonyou.stream
  • smartsearch.pw
  • smartshoppymac.com
  • viralmoon.net
  • webshoppymac.com

The application may come bundled with other applications, such as the following:
  • MyShopCoupon
  • PlaySearchNow
  • Advanced Mac Cleaner

The application may install potentially unwanted applications on the compromised computer, as well as Adobe Flash Player.





The application installs the following Safari browser extension:
  • Chumsearch+.safariextz

The application also changes the default search provider to the following:
  • chumsearch.com

Updated: May 03, 2018 3:16:29 PM
Type: Potentially Unwanted App
Infection Length: Varies
Publisher: Nevaeh Peterson
Risk Impact: Low
Systems Affected: Mac

The following instructions pertain to all current and recent Symantec antivirus products for Mac.

  1. Update the virus definitions.
  2. Run a full system scan and repair or delete all the files detected.
For specific details on each of these steps, read the following instructions.

1. To update the virus definitions
To obtain the most recent virus definitions run LiveUpdate: These virus definitions are posted to the LiveUpdate servers regularly. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate) .

2. To scan for and delete the infected files
  • Start your Norton AntiVirus or Symantec Endpoint Protection for Mac program and make sure that it is configured to scan all files.
  • Run a full system scan.
  • If any files are detected, click Repair (if available) or Delete.