Skip to main content

How to remove Mac Cleanup Pro virus (TechSignalSearch upd.)


Learn why the Mac Cleanup Pro app is considered malicious, what it does to an infected Mac, and how to uninstall this pseudo system optimizer in a few steps.

Update: November, 2019

The nuts and bolts of hassle-free Mac usage involve periodic maintenance aimed at deleting software leftovers, Internet cache and other unneeded data the operating system and apps routinely generate. There are plenty of nifty tools out there that do the optimization trick. The utility called Mac Cleanup Pro, however, has nothing to do with junk removal done right. It deliberately reports low-severity or nonexistent macOS issues, flagging them critical and offering its paid performance enhancement service. No matter how well-tuned your system is and how scrupulously you’ve been keeping the hard disk space in optimal condition, this application will “detect” numerous issues regardless and emphasize the high improvement potential that can be allegedly squeezed out of the areas it purports to cover.

Mac Cleanup Pro fake optimizer’s GUI

Speaking of the scan areas, the GUI of Mac Cleanup Pro lists the following: cache, logs, trash, extra languages, Internet history, login items, duplicates files, large files, and rogue apps. The latter, by the way, is really interesting because the program is outright scareware itself. Some insights into its genealogy reveal a direct relation to the most infamous family of bogus Mac optimizers as yet, which is also represented by such malicious heavyweights as Mac Auto Fixer, Advanced Mac Cleaner, Mac Tonic, and the recent one called Similar Photo Cleaner. Hailing from the same rogue cradle, Mac Cleanup Pro is backed by a sizeable distribution campaign that has allowed it to reach thousands of computers already and keep on spreading. Let’s look into one of these propagation tricks.

Rogue site at lp.superutils.co/adsph/2/ promoting Mac Cleanup Pro

The unprincipled developers of the scareware in question are known to engage a framework of misleading web pages to push their digital culprit. One of these landing pages is parked at lp.superutils.co/adsph/2/ domain. The site includes a script that determines and displays the visitor’s country and IP address – this way, the users are more likely to fall for the deceptive tactic. A big giveaway, though, is that the “OS version” field says the victim uses OS Sierra, even if they visit the page from a Windows PC. Anyway, the site displays a warning that goes, “Your Mac Might Be Infected!” and provides some pseudo details, namely:Your Mac might be infected by the latest viruses. If you do not remove them, they may damage your system files and slow down your Internet browsing speed.” (macOS Catalina 10.15 update: helpermcp will damage your computer. You should move it to the Trash”). To get rid of the viruses (which aren’t there for real), the user is instructed to download and run Mac Cleanup Pro, which is dubbed “Mac Cleaner” on the phony page. Incidentally, another likely source of contamination is a site that renders a counterfeit alert saying “Your Mac is infected with 3 viruses”.

There are two possible ways that Mac users end up on lp.superutils.co/adsph/2/ domain. One is via redirect activity bolstered by a PUA (potentially unwanted application) that infects one’s web browser and forces hits to the misguiding site. In this case, the user needs to get rid of the troublemaking browser add-on or plugin, which may be a nontrivial objective due to obfuscation and persistence mechanisms of these pests. The other way is through hacked websites or online ads that lead to the scareware’s landing page.

Mac Cleanup Pro is often accompanied by extra threats that allow the attackers to add one more layer of monetization to their fraudulent activity, aside from the scare tactic alone. The infections that typically arrive in the same bundle include TechSignalSearch and TechNetSearch, the former being more common. In fact, both of them share identical characteristics and goals. The objective is to hijack Safari, or whichever browser is the victim’s default one, and redirect their web traffic to Yahoo or Bing via a series of disreputable ad networks. In some cases, the infected users keep visiting tech support scam sites that display fake alerts about Mac health and security problems that aren’t actually there. The shenanigans of TechSignalSearch virus may also result in Internet connectivity issues, where the wireless and LAN connection goes missing at certain intervals, usually every couple of minutes.

Obviously, this type of offending code is subject to immediate removal, but this turns out to be easier said than done. First of all, although the TechSignalSearch.app entry can be found in the infected Mac’s Applications folder, moving it to the Trash only yields a temporary effect and the pest will reappear shortly. Secondly, the rest of the files may be hidden in the LaunchAgents folder, which is a place not every Mac user knows how to access. With that said, a special security procedure is required to spot and completely delete all the elements of the follow-up nasties.

Whereas Mac Cleanup Pro can arrive by means of different techniques, it behaves in the exact same fashion when on board any Mac. It pops up out of the blue and triggers system scans that return really unsettling results over and over. The app thus attempts to persuade the victim that their machine has hundreds of performance issues, ranging from superfluous cache to unused languages that take up a great deal of disk space. It will also notify the user how much space can be recovered in just one click. Predictably, the cleaning feature can only be unlocked by activating the full version of the program, which is a matter of making a payment. This is precisely what the gist of the Mac Cleanup Pro virus is about. It frightens users into purchasing the full version. That’s a disgusting strategy, so there is, obviously, one reasonable way to treat the double-dealing program. Remove it now and mind what you download on untrustworthy websites further on.


Mac Cleanup Pro [helpermcp] virus manual removal for Mac

The steps listed below will walk you through the removal of this potentially unwanted application. Be sure to follow the instructions in the order specified.

  1. Open up the Utilities folder as shown below

    Open up the Utilities

  2. Locate the Activity Monitor icon on the screen and double-click on it

    Locate the Activity Monitor

  3. Under Activity Monitor, find the entry for Mac Cleanup Pro, select it and click Quit Process
  4. A dialog should pop up, asking if you are sure you would like to quit the Mac Cleanup Pro executable. Select the Force Quit option
  5. Expand the Go menu in Apple Finder and select Go to Folder.
  6. Type or paste the following string in the folder search dialog: /Library/LaunchAgents

    Go to the LaunchAgents folder

  7. Once the LaunchAgents directory opens up, find the following entries in it and move them to Trash:
    • com.MacCleanupPro.agent.plist
    • com.MCP.agent.plist
    • com.MacCleanupPro.mcphlpr
    • com.MCP.mcphlpr
    • TechSignalSearch
    • TechNetSearch
  8. Use the Go to Folder lookup feature again to navigate to the folder named ~/Library/LaunchAgents. When this path opens, look for the same entries (see above) and send them to Trash
  9. Similarly, go to the ~Library/Application Support folder. Locate and move the following entries to Trash:
    • MacCleanupPro
    • helpermcp
    • hlprmcp
    • hlprmaccleanuppro
  10. Click the Go button again, but this time select Applications on the list. Find the entry for Mac Cleanup Pro on the interface, right-click on it and select Move to Trash. If user password is required, go ahead and enter it

    Malware’s icon under Applications

  11. Now go to Apple Menu and pick the System Preferences option

    Pick the System Preferences

  12. Select Accounts and click the Login Items button. The system will come up with the list of the items that launch when the box is started up. Locate Mac Cleanup Pro, TechSignalSearch, TechNetSearch, or other suspicious entries there, put a checkmark next to each one, and click on the “-“ button

    roublemaking entry under Login Items



Use automatic tool to uninstall Mac Cleanup Pro virus from your Mac

The Mac maintenance and security app called Combo Cleaner is a one-stop tool to detect and remove Mac Cleanup Pro virus. This technique has substantial benefits over manual cleanup, because the utility gets hourly virus definition updates and can accurately spot even the newest Mac infections.

Furthermore, the automatic solution will find the core files of the malware deep down the system structure, which might otherwise be a challenge to locate. Here’s a walkthrough to sort out the Mac Cleanup Pro issue using Combo Cleaner:

  1. Download Combo Cleaner installer. When done, double-click the combocleaner.dmg file and follow the prompts to install the tool onto your Mac.

    Download Combo Cleaner

    By downloading any applications recommended on this website you agree to our Terms and Conditions and Privacy Policy. The free scanner checks whether your Mac is infected. To get rid of malware, you need to purchase the Premium version of Combo Cleaner.

  2. Open the app from your Launchpad and let it run the update of malware signature database to make sure it can identify the latest threats.
  3. Click the Start Combo Scan button to check your Mac for malicious activity as well as performance issues.

    Combo Cleaner Mac scan progress

  4. Examine the scan results. If the report says “No Threats”, then you are on the right track with the manual cleaning and can safely proceed to tidy up the web browser that may continue to act up due to the after-effects of the malware attack (see instructions above).

    Combo Cleaner scan report – no threats found

  5. In case Combo Cleaner has detected malicious code, click the Remove Selected Items button and have the utility remove Mac Cleanup Pro threat along with any other viruses, PUPs (potentially unwanted programs), or junk files that don’t belong on your Mac.

    Combo Cleaner – threats found

  6. Once you have made doubly sure that the malicious app is uninstalled, the browser-level troubleshooting might still be on your to-do list. If your preferred browser is affected, resort to the previous section of this tutorial to revert to hassle-free web surfing.

FAQ

117

Was this article helpful? Please, rate this.

There are no comments yet.
Authentication required

You must log in to post a comment.

Log in