How to remove ads displayed by PrimaryFunction adware
Written by Tomas Meskauskas on (updated)
What is PrimaryFunction?
PrimaryFunction is a rogue application categorized as adware. It operates by running intrusive advertisement campaigns, however, this app also has browser hijacker characteristics. PrimaryFunction modifies browser settings and promotes fake search engines.
For example, it promotes Safe Finder through akamaihd.net. Additionally, most adware infections and browser hijackers can track and record browsing-related data. Since few users download/install PrimaryFunction intentionally, it is also classified as a Potentially Unwanted Application (PUA).
PrimaryFunction adware enables the placement of pop-ups, banners, coupons, surveys and other ads on any visited web page. These diminish the browsing experience, as they overlay page content and reduce browsing speed. When clicked, intrusive ads redirect to untrusted, deceptive and malicious sites.
They can even execute scripts to stealthily download/install rogue software (e.g. PUAs). This application hijacks browsers by reassigning the homepage, default search engine and new tab/window URLs to the addresses of fake search engines.
With a browser hijacker installed, each search made via the URL bar and each new tab/window opened redirects to the address of a bogus search engine. Few of these fake tools can provide unique results, and so they typically redirect to (or cause redirection chains leading to) Google, Yahoo, Bing and other legitimate search engines.
In the case of PrimaryFunction, the aforementioned actions redirect to akamaihd.net and then to Safe Finder, which in turns redirects to search.yahoo.com (a genuine search engine). Furthermore, access to the browser settings is limited or denied, and any permitted changes made are reset automatically.
As with most software categorized as adware or browser hijackers, it is highly likely that PrimaryFunction has data tracking capabilities. They can monitor browsing activity (browsing and search engine histories) and collect personal information derived from it (IP addresses, geolocations and other vulnerable data).
The gathered information is usually shared with third parties (potentially, cyber criminals) seeking to misuse it for profit. In summary, the presence of these unwanted apps on systems can lead to various infiltration and infections, serious privacy issues, financial loss and even identity theft.
To ensure device and user safety, remove all suspicious applications and browser extensions/plug-ins without delay.
Name | Ads by PrimaryFunction |
Threat Type | Adware, Mac malware, Mac virus. |
Detection Names | Avast (MacOS:Adload-AB [Trj]), Sophos AV (Adloadr (PUA)), ESET-NOD32 (A Variant Of OSX/Adware.Synataeb.D), Kaspersky (Not-a-virus:HEUR:AdWare.OSX.Adload.g), Full List (VirusTotal). |
Additional Information | This application belongs to the Adload malware family. |
Symptoms | Your Mac becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites. |
Distribution methods | Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads. |
Damage | Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information. |
Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
GroupSource, DynamicWindow and SmartSignalSearch are some examples of other adware-type apps. These may seem legitimate and useful, however, the features promised are often nonoperational. In fact, this applies to all PUAs, which have just one purpose: to generate revenue for the developers.
PUAs simply cause unwanted redirects, modify browsers, deliver intrusive ad campaigns and track private data.
How did PrimaryFunction install on my computer?
PUAs are often downloaded/installed with other products. "Bundling" is the name of this deceptive marketing technique of pre-packing regular apps with unwanted or malicious software. By rushing through download/installation processes (e.g. ignoring terms, skipping steps and sections, using presets, etc.), many users risk unintentionally installing bundled additions.
Certain PUAs have "official" download websites. Intrusive ads proliferate these applications as well. Once clicked, they can execute scripts to download/install PUAs, without users' consent.
How to avoid installation of potentially unwanted applications
You are strongly advised to research all products prior to download/installation or purchase. All downloads should be performed only from official and trustworthy sources. Unofficial and free file-hosting sites, Peer-to-Peer sharing networks and other third party downloaders should be avoided, since they can offer bundled content.
Download/Installation processes should be treated with caution. Read the terms, explore available options, use the "Custom/Advanced" settings and opt-out of supplementary apps, tools, functions and other additions.
Intrusive advertisements may seem normal and innocuous, however, they can redirect to highly dubious pages (e.g. gambling, pornography, adult-dating, etc.). If you encounter these ads/redirects, check the system and immediately eliminate all suspect applications and browser extensions/plug-ins.
If your computer is already infected with PrimaryFunction, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate this adware.
Pop-up window displayed once PrimaryFunction installation is complete:
PrimaryFunction redirecting users to Safe Finder website via akamaihd.net:
Installation folder of the PrimaryFunction adware:
PrimaryFunction adware installed on the Safari browser:
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is PrimaryFunction?
- STEP 1. Remove PrimaryFunction related files and folders from OSX.
- STEP 2. Remove PrimaryFunction ads from Safari.
- STEP 3. Remove PrimaryFunction adware from Google Chrome.
- STEP 4. Remove PrimaryFunction ads from Mozilla Firefox.
Video showing how to remove PrimaryFunction adware using Combo Cleaner:
PrimaryFunction adware removal:
Remove PrimaryFunction-related potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX","NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Remove adware-related files and folders
Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...
Check for adware generated files in the /Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: /Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the ~/Library/Application Support/ folder:
In the Go to Folder... bar, type: ~/Library/Application Support/
In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.
Check for adware generated files in the ~/Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: ~/Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the /Library/LaunchDaemons/ folder:
In the "Go to Folder..." bar, type: /Library/LaunchDaemons/
In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.
Scan your Mac with Combo Cleaner:
If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.
Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.
After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.
Remove malicious extensions from Internet browsers
Remove malicious Safari extensions:
Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".
In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.
Remove malicious extensions from Mozilla Firefox:
Click the Firefox menu (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.
▼ Show Discussion