Way to Remove ThiefQuest Ransomware (Mac OS Steps)

About ThiefQuest Ransomware

ThiefQuest Ransomware is one of the notorious ransomware created to extort computer users via locking their files. From research, now it is able to affect the following files:

.bak, .bank, .bay, .bdb, .bgt,.bik, .bin, .bkp, .blend, .bmp, .bpw, .bsa, .c, .cash, .cdb, .cdf, .cdr, .cdr3, .cdr4, .cdr5, .cdr6, .cdrw, .cdx, .ce1, .ce2, .cer, .cfg, .cfn, .cgm, .cib, .class, .cls, .cmt, .config, .contact, .cpi, .cpp, .cr2, .craw , .crt, .crw, .cry, .cs, .csh, .csl, .css, .csv, .d3dbsp, .dac, .das, .dat, .db, .db_journal, .db3, .dbf,. dbx, .dc2, .dcr, .dcs, .ddd, .ddoc, .ddrw, .dds, .def, .der, .des, .design, .dgc, .dgn, .dit, .djvu, .dng, .doc, .docm, .docx, .dot, .dotm, .dotx, .drf, .drw, .dtd, .dwg, .dxb, .dxf, .dxg, .edb, .eml, .eps,.erbsql,.erf, .exf, .fdb, .ffd, .fff, .fh, .fhd, .fla, .flac, .flb, .flf, .flv, .flvv, .forge, .fpx, .fxg, .gbr, .gho, .gif, .gray, .grey, .groups, .gry, .h, .hbk, .hdd, .hpp, .html, .ibank, .ibd, .ibz, .idx, .iif , .p12, .p7b, .p7c, .pab, .pages, .pas, .pat, .pbf, .pcd, .pct, .pdb, .pdd, .pdf, .pef, .pem, .pfx, .php, .pif, .pl, .plc, .plus_muhd, .pm !, .pm, .pmi, .pmj, .pml, .pmm,.pmo, .pmr, .pnc, .pnd, .png, .pnx, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prf, .private, .ps, .psafe3, .psd, .pspimage, .pst, .ptx, .pub, .pwm, .py, .qba, .qbb, .qbm, .qbr, .qbw, .qbx, .qby , .qcow, .qcow2, .qed, .qtb, .r3d, .raf, .rar, .rat, .raw, .rdb, .re4, .rm, .rtf, .rvt, .rw2, .rwl,. .sd, .s3db, .safe, .sas7bdat, .sav, .save, .say, .sd0, .sda, .sdb, .sdf, .sh, .sldm, .sldx, .slm, .sql, .sqlite, .sqlite3, .sqlitedb, .sqlite-shm, .sqlite-wal, .sr2, .srb, .srf, .srs, .srt, .srw, .st4, .st5, .st6, .st7, .st8,.stc, .std, .sti, .stl, .stm, .stw, .stx, .svg, .swf, .sxc, .sxd, .sxg, .sxi, .sxm, .sxw, .tax, .tbb, .tbk,.tbn, .tex, .tga, .thm, .tif, .tiff, .tlg, .tlx, .txt, .upk, .usr

ThiefQuest Ransomware uses a malicious extension to alter extension of your files and will give you a ransom note that guides you to contact its maker to get decryption key. You will be asked to buy bitcion and use it to purchase the decryption key. It is expensive but you never get any real guarantee that your files can be restored completely. Many victims infected by ransomware were tricked to pay but did not get a useful key. Do not take the risk!

It is not wise for you to follow its instructions to buy decryption key. You should delete ThiefQuest Ransomware first and then try legitimate decryption keys to be shared in the short future. Many popular tech companies are working on developing decryption tools for latest ransomware.

 How to Manually Remove ThiefQuest Ransomware From Mac OSX? (Steps)

 

Step 1 Uninstall ThiefQuest Ransomware related apps or potentially unwanted apps from Mac OSX
  • In Finder window, clicking “Applications” in the sidebar
  • In the applications folder, right-click on ThiefQuest Ransomware related apps or other suspicious apps and click Move to Trash. 

uninstall ThiefQuest Ransomware on mac

 

PLEASE NOTE

ThiefQuest Ransomware may reinstall itself multiple times if its core files and related malware are not removed completely.

Therefore we recommend, after uninstalling the potentially unwanted apps, you’d better downloading Combo Cleaner to scan your Mac for any remaining unwanted components.

Download Combo Cleaner Antivirus For Mac

More information about Combo Cleaner, steps to uninstall, EULA, and Privacy Policy.

Step 2 – Remove malicious files generated by ThiefQuest Ransomware or related malware from your Mac

1. Click the Finder icon from the menu bar  >>  choose “Go” then click on “Go to Folder“:

2. In the Go to Folder… bar, type the name of the following four folders to open them one by one:

~/Library/LaunchAgents
/Library/LaunchAgents
/Library/Application Support
/Library/LaunchDaemons

remove ThiefQuest Ransomware on mac

3. In each folder, search for any recently-added suspicious files and move them to the Trash. Here are some examples of files generated by malware:

“installmac.AppRemoval.plist”, ThiefQuest Ransomware”,  “com.genieo.completer.download.plist” “com.genieoinnovation.macextension.plist” “com.genieo.engine.plist” “com.adobe.fpsaud.plist” , “myppes.download.plist”, “mykotlerino.ltvbit.plist”,

PLEASE NOTE

Manually check and remove malicious files may take hours and you may delete healthy files by mistake.

To do it safely and efficiently, we recommend downloading Combo Cleaner to scan your Mac for any malicious files generated by ThiefQuest Ransomware or malware.

Download Combo Cleaner Antivirus For Mac

More information about Combo Cleaner, steps to uninstall, EULA, and Privacy Policy.


Step 3 – Find and remove malicious extensions and browser hijacker from Safari and Chrome.

Safari

On Safari

1. Start Safari: Select Safari menu and click Preferences:

delete ThiefQuest Ransomware from safari

2. Select Extensions tab>> Look for the unsafe or suspicious extensions and click Uninstall:

delete ThiefQuest Ransomware from safari

3. Select Search tab >> click the Search Engine menu and make your choice. Safari lets you use Google, Yahoo, Bing, or DuckDuckGo.

delete ThiefQuest Ransomware on safari

4. Select the General tab >> In the Homepage bar, type the URL you want to set as the Safari homepage.

remove ThiefQuest Ransomware on safari

Google Chrome

On Google Chrome

1. Open Google Chrome and click the “Customize and control Google Chrome” icon at the top right corner >> Select More Tools and click Extensions;

remove ThiefQuest Ransomware on mac chrome

2. Search for suspicious extensions and click trash icon to remove it:

remove ThiefQuest Ransomware on mac chrome

3. Reset default search engine on Chrome:

  • Open Google Chrome and click the “Customize and control Google Chrome” icon >> Select Settings
  • Scroll down until you locate the Search engine section
  • Click the drop-down menu accompanying the option labeled Search engine used in the address bar
  • Select Google, Bing or Yahoo! as your default search engine.

delete ThiefQuest Ransomware on mac chrome

4. Reset homepage on Chrome:

  • Open Google Chrome and click the “Customize and control Google Chrome” icon >> Select Settings;
  • In the “On Startup” section, click the “Set pages” link near to the “Open a specific page or set of pages” option.
  • Remove the URL of the browser hijacker (for example SearchMine.net) and enter your preferred URL (for example, google.com).

delete ThiefQuest Ransomware on mac chrome

PLEASE NOTE

If an unwanted extension or search engine can’t be removed manually from web browsers, it may be caused by malware.

We recommend downloading Combo Cleaner to scan your Mac and see if it will detect malware.

Download Combo Cleaner Antivirus For Mac

More information about Combo Cleaner, steps to uninstall, EULA, and Privacy Policy.


Step 4Re-check your Mac with Combo Clean Antivirus.

To be sure that your Mac is not infected at all, it’s recommended to run a full scan with Combo Cleaner Antivirus.

Combo Cleaner Antivirus is a professional Mac Antivirus and Mac OSX Optimization Tool for users. It is equipped with powerful detection engine against virus, malware, and adware. Thus it is able to protect your machine from the latest out-breaking threats and infections. Moreover, its Disk Cleaner can detect and clean up all junks and always keep your Mac’s performance at the peak. 

Download Combo Cleaner Antivirus For Mac

More information about Combo Cleaner, steps to uninstall, EULA, and Privacy Policy.

Once Combo Cleaner is installed, run a scan to diagnose your Mac and solve all problems: