Last week my colleague at TURN8 informed me that his browser was infected with adware.

As eminent from the previous blog post Adware Medic came right to my mind.

So i launched adware medic and it immediately detected the malware in the  /Users/username/Library/ScriptingAdditions .There was folder which contained the malware waiting for me to delete and delete it just what I did.

But after a couple of minutes my colleague asked me I got rid of the malware.So I took a look at the folder and the malware had somehow restored itself.

Whenever Safari would launch it would restore the folder to its original state.After trying the same thing a couple of times I decided to do something stupid.

I launched the terminal and changed the owner of the directory from my colleague’s user to root.This immediately stopped the malware insight.

Then I realized that the malware author were developers just like us.They trip and fall just like us.