Defense: Malware targeting Mac's

Mac's users running any browser with JavaScript turned on by default are vulnerable to being tricked into clicking on a trick image and/or link.
That image may appear to be a standard OS X window with a close box or the typical OS X looking window asking a question with OK or Cancel. It can look like anything really, it's purpose is designed to get you to click anywhere on it and initiate a download to your computer.
Safari tries to be helpful and "Open Safe Files" by default, which is being used with numerous success to run code on one's machine, by bypassing the normal user action of 'open the downloads folder and then clicks on the download to run' process in exchange for convenience.
Most Mac's are used with one person, and the initial setup of a new Mac (or a new OS X install) is the first user is automatically a Administrator User. Running one's typical day to day use while in Admin User mode gives any code running on one's machine more privileges and access than it would receive if the user of the computer created another OS X account and ran most of their computer use as a General User.
The ultimate access for rogue code would be Root User, which on Mac's is turned off by default, however a temporary access window to Root User is allowed when a Admin User provides his or her Admin Password. Once rogue code gets Root user access, it's all over, OS X is completely compromised.
The key to security on a Mac, or any computer system actually, is a process called "Compartmentalized Security" where the more privileges code receives, the more it's subjected to time and scrutiny to determine it's legitimacy.
Web browsers are the forward troops facing a overwhelming enemy, the World Wide Web. Not one modern web browser is 100% safe, not Safari, not Firefox, not IE, not Chrome, not Opera. Neither are plug-ins or scripts that run within these browsers 100% safe.
So the key to maintaining security is to provide a high level of "Compartmentalized Security" steps which shifts the exploit potential further down the privilege level so it can't do much of anything or gain further access.
People can get carried away with downloading and installing software in a rapid fire manner, this provides a ripe opportunity for malware to get onto one's computer, even gaining root access right away.
So in order to provide better compartmentalized security, provide more time and steps before potentially installing rouge code. I suggest the following actions:
1: Run most of your day to day computer use as a General User with less privileges. This can be done by creating a new Admin User, logging out of the present user and into the new Admin User, then turning the first user into a General User.
Whenever certain actions are needed, like accessing the Application's folder (where programs can be changed by malware) a Admin Name and Password will be required. A small hassle, but it provides another step for it to get past.
2: Use Firefox web browser and the following Add-ons: NoScript, Ad Block Plus and Public Fox.
Under the Toolbar customization, drag the NoScript button to the toolbar. NoScript turns off all scripts and plug-ins by default, which if you trust the site your on, you click the button for turning them on and the page automatically reloads.
In Public Fox preferences, set a password on downloads, this way a popup window appears before any download occurs, keeping malware from sneaking into your downloads folder and potentially being clicked on.
With Ad Block Plus, subscribe to the Easy List which automatically appears in the browser window. This will auto-update to keep advertising, which has been used numerous times as a attack venue, from appearing.
Click&Clean, Ghostery, BetterPrivacy, FlagFox, WOT, HTTPS-Everywhere (from the Electronic Frontier Foundation) are also highly recommended add-ons.
3: In Safari preferences, turn off "Open Safe Files" install the Ad Block Plus add-on and the Click2Flash add-on. If any add-on appears in the future to simulate what NoScript and Public Fox does on Firefox, then enable those add-ons.
4: Check the staus of your browser plug-ins. These websites makes it easy, bookmark them in a obvious place so you remember to visit them routinely. As soon as a vulnerability appears, either update or turn off the affected plug-in in your browser until a patch is issued.
https://www.mozilla.com/en-US/plugincheck/
https://browsercheck.qualys.com/
5: If you enjoy surfing the backalleys of the Internet and you have at least a decent dual core Intel based Mac, I'd highly advise installing the free VirtualBox and loading a free ISO of Linux Mint DVD 32 bit 10.10 (most consistent and easy to use, everything included, Linux distro)
http://www.virtualbox.org/
http://www.linuxmint.com/download.php
The object is to load and install Linux Mint into the virtual machine like installing a operating system onto a regular computer. Once completed, then save a snapshot to revert to after your Firefox browsing session (in Linux) is completed. All and any potential malware, caches etc is flushed when you revert the entire guest OS back to the earlier state. Keep the Guest OS updated via the Software Update option and save a new snapshot.
6: Use common sense, if it don't look right, then stop and flush the OS X based browser from memory via the Apple > Force Quit menu.
7: Install the free ClamXav, it will remove the OS X malware it knows about, offering some after the fact defense and Windows malware from their files.
http://www.clamxav.com/
I don't advise a full time, always on and running anti-virus solution for Mac's due to Apple's tendancy to change the underlining OS themselves to thwart potential malware. So something like Norton which maintains tight control over OS X should be avoided.
Malware on Mac's are a scarce thing because of Apple's top down approach, but trojans are a potential attack venue and people need to insure more steps to avoid being tricked.

Thomas A Reed wrote:
 That causes problems for some apps, which won't run on anything but an admin account or on the account they were installed on.
Then the programs need to be reinstalled for "All Users" which most do now by default or reinstalled for the new Admin account. Since the previously Admin is now a General User, it's not a issue. If the program needs Admin/Root access the user should be made aware of that fact and understand they just elevated privileges to a most dangerous level.
Linux has a security key that displays in the menu bar that one has opened a "sudo window" which any code run during that time can have Root level access. Of course OS X has no such warning.
And it's not a guarantee of security - a user who gets in the habit of authenticating to admin to install stuff from their Standard account is no safer than the user who gets in the habit of authenticating to install from their Admin account.  This is a good general suggestion, but may not work for everyone and provides practically no real security against "social engineering" by itself.
The only guaranty of security is unplugging the power from the computer and tossing the machine into a pit of molten lead.
The user is rarely installing/uninstalling or making such drastic changes to their machine that entering their Admin name/password is such a burden. Those rare folks who do reside in that realm or even for a short duration, log into the Admin User from the start and competent enough to know the difference anyway.
Again, using things like these won't protect you by themselves.  How do you know if a site is trusted and should have JavaScript turned on?  And most folks are finding this malware via trusted sites that have had malicious JavaScripts "sneaked" into their code, through malicious ads or search engine optimization poisoning.  How can you know if your trusted site is affected?  And, given how much this malware has been jumping around over the last week, I seriously doubt Ad Block Plus can keep up.
Well your LESS protected without them. So far the NoScript "web cop" Add-on has protected Firefox users from the MacDefender trojan by not allowing Javascript to run by default.
Even if a trusted site has the malware and one turns off NoScript for that site, then Public Fox (with a password block on downloads) stops any automatic download from occurring.
Ad Block Plus defends against advertising which has been used as a malware vector. It provides the option to whitelist  favorite sites which trust has been established by the user.
Again the reasoning here is to provide a "security guard" approach, nobody gets in without approval.
I'd highly advise installing the free VirtualBox and loading a free ISO of Linux Mint DVD 32 bit 10.10
That is not a realistic suggestion for the average person, who will have neither the desire nor the knowledge to run Linux.
Well note that I placed a condition on that advice, "if one likes surfing the backalleys of the Internet" as all browsers are venerable to some extent from direct website intrusions. So another "compartmentalization" level is required for sites that are prone to that sort of behavior which use images or warz as click bait.
And mind me saying Thomas, it's rather presumptious of you to dictate what another would like or not like.
Remember Apple opened the door to multiple operating systems running on their hardware, the PPC days are long gone, a brave new world is here where one can run all the major operating systems on one machine.
Heck, Steve Jobs even used Linux on his Pixar renderfarm, I bet his MacPro runs everything under the sun just like my 17" Quad does.
Apple is the second largest grossing corporation in the world next to Exxon, professional IT people like myself use Mac's now because of their ability to run all major operating systems. It's looking rather sad showing up to the job dragging a ugly bulky Dell when one can have a slim sexy looking silver MacBook Pro.
So no need to get fan boy defensive any longer.
Note that even folks with Safari's Open "safe" files after downloading option turned off have been affected by opening the installer manually.  And some have been alerted to the presence of malware by the automatic appearance of the installer.  I'd still agree, though, but would add that you should keep your Downloads folder cleaned out, so that any suspicious items that turn up will be easily recognized, and not mistaken for something you downloaded earlier. 
As to Click2Flash, I think nobody should be on the web without it!  I don't trust Flash as far as I could throw Adobe.
 This should have been #1!  AV software has struggled to keep up with all the variants of MacDefender, malware sites move on sometimes an hour-by-hour basis and malicious code sneaks into trusted sites.  In all, no automated defense tool will protect you from a new threat...  only your "wetware" can do that!
Well at least we agree on something, I actually don't approve of anyone using Safari AT ALL, because of it's lack of a NoScript option and failing every Pwn2Own contest.
But there are those who will, by stubborness or brand loyalty, will continue to use Safari so I recommend at least a partial security solution.
And since the MacDefender trojan uses Javascript, not Flash, Click2Flash offers little protection, just another preventative measure against other attacks.

Similar Messages

  • Rootkit malware targets VMs

    Crisis malware targets virtual machines
    Researchers have found that malware rootkit Crisis can spread via virtual machines, Windows mobile phones, Mac OS and Windows.

    Why not just make sure WIFIADAPT isn't sitting in your home directory?
    How exactly is this thing supposed to install and run without the user's knowledge?
    I don't see that shorewall is required to block as you suggest. I could perfectly easily install those rules with just iptables.
    Note, too, that those rules won't block the malware, what they are designed to do as I understand it is to stop the installed malware from  communicating with the server. What I don't understand is why the advice is not to delete the malware. I could understand installing those rules as a precaution in case you later get infected and don't notice. But if as the article says you suspect you are already infected, why not delete the thing if it is really sitting in your home directory like that?

  • I just heard a news report that there is a problem with malware in mac computers that came through a recent java update. Is this true? If so, what should be done about it?

    I just heard a news report that there is a problem with malware in mac computers that came through a recent java update. Is this true? If so, what should be done about it?

    As usual those "news" reports mangled the facts and got most of the story completely wrong. This particular attack did not arise through a Java update, it was distributed through a fraudulent Flash download popup window, or malicious websites that Safari is designed to block.
    If you run Java on your Mac you may be vulnerable to this malware. If you do not run Java there is no risk. If you routinely keep your Mac up to date with Software Update the risk is greatly reduced.
    Shut off the mass market junk that masquerades as "news" and read this to learn some real facts:
      https://discussions.apple.com/docs/DOC-3271

  • New malware targets Linux and Mac OS X

    http://www.techspot.com/news/50009-new- … -os-x.html
    pacman -S iptables shorewall
    then to block the malware as root do
    iptables -A INPUT -s 212.7.208.65 -j DROP
    iptables -A OUTPUT -d 212.7.208.65 -j DROP

    Why not just make sure WIFIADAPT isn't sitting in your home directory?
    How exactly is this thing supposed to install and run without the user's knowledge?
    I don't see that shorewall is required to block as you suggest. I could perfectly easily install those rules with just iptables.
    Note, too, that those rules won't block the malware, what they are designed to do as I understand it is to stop the installed malware from  communicating with the server. What I don't understand is why the advice is not to delete the malware. I could understand installing those rules as a precaution in case you later get infected and don't notice. But if as the article says you suspect you are already infected, why not delete the thing if it is really sitting in your home directory like that?

  • My Mac Mini/Yosemite is new. But it now has malwares and Mac Keeper keeps popping up even after uninstalling.. Who can help?

    Hi everyone,
    My mac mini is new. I have a few issues with it.
    But the most annoying is the malwares that infested it now. I have only been using it for about 3 weeks or so. Of course, I thought everything that popped up are safe to click and just standard to click. I don't know yet what's best. Either, I figure out how to remove these ads / malwares or I just thought of reformatting it and start anew with it.
    What would you guys recommend and please include steps for me to follow. I'm no techy.
    By the way, I do not see these extensions on my Finder files (Conduit, also known as Trovi, MyBrand, or Search Protect, etc.) As a matter of fact, my extensions folder is empty except for the Adblock and AdBlock Plus that I recently installed to kill the ads.  However, it worked but it didn't stop MacKeeper and Facebook ads from popping to a new window each time I click a link, or just a space on a safari)
    On YouTube, when I watch a video, every second, the other videos are pushed down for as long as i watch, they are kept being pushed down. These are done by ads that are being stopped by the AB and ABP. yes, the ads do not appear. Just a white space forever adding up. Very frustrating. Please help.
    Thanks in advance!

    How to uninstall MacKeeper - updated
    How to Remove MacKeeper
    Helpful Links Regarding Malware Problems
    If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide, AdwareMedic, or Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support.
    Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.
    The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.
    Fix Some Browser Pop-ups That Take Over Safari.
    Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.
    Quit Safari
    Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.
    Relaunch Safari
    If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.
    This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.
    An excellent link to read is Tom Reed's Mac Malware Guide.
    Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
    See these Apple articles:
      Mac OS X Snow Leopard and malware detection
      OS X Lion- Protect your Mac from malware
      OS X Mountain Lion- Protect your Mac from malware
      OS X Mavericks- Protect your Mac from malware
      About file quarantine in OS X
    If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)
    From user Joe Bailey comes this equally useful advice:
    The facts are:
    1. There is no anti-malware software that can detect 100% of the malware out there.
    2. There is no anti-malware that can detect everything targeting the Mac.
    3. The very best way to prevent the most attacks is for you as the user to be aware that
         the most successful malware attacks rely on very sophisticated social engineering
         techniques preying on human avarice, ****, and fear.
    4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on
        your computer is intended to entice you to install their malware thinking it is a
        protection against malware.
    5. Some of the anti-malware products on the market are worse than the malware
        from which they purport to protect you.
    6. Be cautious where you go on the internet.
    7. Only download anything from sites you know are safe.
    8. Avoid links you receive in email, always be suspicious even if you get something
        you think is from a friend, but you were not expecting.
    9. If there is any question in your mind, then assume it is malware.

  • Malware on Mac?

    I clicked on a 'not my account' twitter email link I think was fake.  Found it could have put Exploit.Pdf-Js.Gen(v), Trojan.SWF.Generic(v), and Trojan.Win32.Generic.pak!cobra on my MacBook. What should I do?
    I don't typically open these emails and they usually filter to my spam folder anyway.  I waited a day but later received emails regarding twitter requests from people I really do know, so I opened the email that I now believe may have infected my computer.  There was a link for something regarding 'not my account' in this twitter account confirmation email so I clicked that.  It tried to open another web page that I "x"ed out of before it loaded.  An online forum recognized this email as fake and mentioned the malware/viruses above as possible effects of clicking the link.  I ran Sophos which took days and returned no threats but I have yet to go to any sites that involve logging in since clicking on this email link.  I changed my email password and only access my accounts on other computers/iphone.  How can I find out if my computer is at risk?  I don't want to take any chances of accounts being hacked or information taken.  Thanks! 

    Firstly, Those are Windows malware and have no impact on a Mac. Secondly, you discovered this by clicking on an unknown link in an unknown email which is about the worst thing you can do if you want to avoid malware.
    Helpful Links Regarding Malware Protection
    An excellent link to read is Tom Reed's Mac Malware Guide.
    Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
    See these Apple articles:
              Mac OS X Snow Leopard and malware detection
              OS X Lion- Protect your Mac from malware
              OS X Mountain Lion- Protect your Mac from malware
              About file quarantine in OS X
    If you require anti-virus protection I recommend using VirusBarrier Express 1.1.6 or Dr.Web Light both from the App Store. They're both free, and since they're from the App Store, they won't destabilize the system. (Thank you to Thomas Reed for these recommendations.)
    From user Joe Bailey comes this equally useful advice:
    The facts are:
    There is no anti-malware software that can detect 100% of the malware out there.
    There is no anti-malware that can detect anything targeting the Mac because there is no Mac malware in the wild, and therefore, no "signatures" to detect.
    The very best way to prevent the most attacks is for you as the user to be aware that the most successful malware attacks rely on very sophisticated social engineering techniques preying on human avarice, ****, and fear.
    Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on your computer is intended to entice you to install their malware thinking it is a protection against malware.
    Some of the anti-malware products on the market are worse than the malware from which they purport to protect you.
    Be cautious where you go on the internet.
    Only download anything from sites you know are safe.
    Avoid links you receive in email, always be suspicious even if you get something you think is from a friend, but you were not expecting.
    If there is any question in your mind, then assume it is malware.

  • Latest version of Window 7 FireFox came with malware including Unico browser and tons of other malware. Mac version seems to be fine. Has anyone else seen this?

    I have been using FireFox for awhile now on both a Mac and Windows 7 computer and have loved it. It has been updated to the latest version by your request many times in both formats with no problems; until now. The Windows computer just asked me to undate to version. I went directly to Mozilla.org and it had 'Firefox Setup Stub 37.0.1.exe. When I opened this, I immediately got a blast of more nasty malware and viruses than I had ever previously experienced. I deleted all those unwanted programs that had downloaded; removed all the malware and viruses. Firefox worked for a minute before all this different malware and pop-ups and viruses started again. I then repeated everything and also removed firefox and the PC worked fine with a different browser.
    I then tried a second time to a different Mozilla site that included US firefox in the website name and started over. Same thing happened again. These unwanted programs included Unico Browser and dozens of other that are very nasty. If you click on anything, they download a dozen other programs. If you go to control panel and remove them, they download 6 or eight new unwanted programs. I finally got all the malware, viruses and pop ups removed when I also removed Mozilla Firefox. I can only conclude that the latest version for Windows is corrupted. Any thought or recommendations? For now, I am back to using a different browser on the PC.

    Let's try this last thing:
    '''Note:''' You might want to print these steps or view them in another browser.
    #Download the latest Desktop version of Firefox from [https://www.mozilla.org mozilla.org] (or choose the download for your operating system and language from [https://www.mozilla.org/firefox/all/ this page]) and save the setup file to your computer.
    #After the download finishes, close all Firefox windows (or open the Firefox menu [[Image:New Fx Menu]] and click the close button [[Image:Close 29]]).
    #Delete the Firefox installation folder, which is located in one of these locations, by default:
    #*'''Windows:'''
    #**C:\Program Files\Mozilla Firefox
    #**C:\Program Files (x86)\Mozilla Firefox
    #*'''Mac:''' Delete Firefox from the Applications folder.
    #*'''Linux:''' If you installed Firefox with the distro-based package manager, you should use the same way to uninstall it - see [[Installing Firefox on Linux]]. If you downloaded and installed the binary package from the [http://www.mozilla.org/firefox#desktop Firefox download page], simply remove the folder ''firefox'' in your home directory.
    #Now, go ahead and reinstall Firefox:
    ##Double-click the downloaded installation file and go through the steps of the installation wizard.
    ##Once the wizard is finished, choose to directly open Firefox after clicking the Finish button.
    More information about reinstalling Firefox can be found [[Troubleshoot and diagnose Firefox problems#w_5-reinstall-firefox|here]].
    <b>WARNING:</b> Do not use a third party uninstaller as part of this process. Doing so could permanently delete your [[Profiles|Firefox profile]] data, including but not limited to, extensions, cache, cookies, bookmarks, personal settings and saved passwords. <u>These cannot be easily recovered unless they have been backed up to an external device!</u> See [[Back up and restore information in Firefox profiles]]. <!-- Starting in Firefox 31, the Firefox uninstaller no longer lets you remove user profile data.Ref: Bug 432017 and https://support.mozilla.org/kb/uninstall-firefox-from-your-computer/discuss/5279 [Fx31] Windows uninstaller will no longer offer the option to remove personal data -->
    Please report back to say if this helped you!
    Thank you.

  • How to remove virus, malware from mac?

    please help i used an website that later that had phishing activity and virus , today my friends said they received emails with files on it
    HOW DO I REMOVE THIS VIRUSES FROM MY COMPUTER ????
    PLEASE HELP

    Helpful Links Regarding Malware Problems
    If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide, remove adware that displays pop-up ads and graphics on your Mac, and AdwareMedic. If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.) You might consider adding this Safari extensions: Adblock Plus 1.8.9.
    Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.
    The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.
    Fix Some Browser Pop-ups That Take Over Safari.
    Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.
    Quit Safari
    Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.
    Relaunch Safari
    If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.
    This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.

  • Spotify Malware causing MAC OS X auto reboot?

    Good morning.  I have upgraded my iMAC to OS X Leopard.  It was working great until my daughter came home from college and downloaded spottily.   Spotify seems to be causing a problem as it automatically launches and now causes a message 30 seconds after booting up.  The message is "You need to restart your computer.  Hod down the Power butting until it turns off, then press the Power button again"  After rebooting, I pulled the details on the shut down stating that "Insecure Start-Up Items Folder Detected.
    I read about Spotify Malware.  My Mac will not stay on for more than 30 seconds each time before getting the shut down message that freezes the computer until shut down / reboot is performed.  Have you seen this before?  How can I get Spotify out of my Start Up folder / off of my MAC when my MAC only stays up for 30 seconds?  Thank you.

    https://answers.yahoo.com/question/index;_ylt=A0LEVw.WtBVUzY4AzT9XNyoA;_ylu=X3oD MTEzZTU5NWU1BHNlYwNzcgRwb3MDMgRjb2xvA2JmMQR2dGlkA1ZJUDI4M18x?qid=20110924083138A AAavrz
    http://community.spotify.com/t5/Help-Desktop-Linux-Mac-and/How-to-uninstall-Spot ify-on-a-MAC/td-p/461310
    Startup – You need to Restart Your Computer

  • How to detect a malware in Mac OS X Lion

    Hello,
    I am not a seasoned Mac user. I heard that Mac doesn't have malware like Windows.
    Last night I carelessly downloaded something (from Google talk) from the link http://bitly.com/wEV7Hy?id=a4a4a6
    It has a zip file, within that a .scr file.
    Can any one please tell me whether it's a malware or not.
    Thanks in advance.
    Sudip
    (PS. I am not sure whether it's ok to share a link in this manner. If it's not legal, pls tell me.)

    If you are  wanting to re fresh a page in safari click on the clock wise arrow next to the RSS icon in the address bar. This is a link that may help http://support.apple.com/kb/HT4550

  • How do I check for virus or malware on mac osx 10.5.8 safari ?

    How do I check my mac osx 10.5.8 safari leopard for virus or malware?

    Hello,
    ClamXAV, free Virus scanner...
    http://www.clamxav.com/
    Free Sophos...
    http://www.sophos.com/products/enterprise/endpoint/security-and-control/mac/
    Little Snitch, stops/alerts outgoing stuff...
    http://www.obdev.at/products/littlesnitch/index.html

  • How to get rid of malware on Mac Pro

    I have a Mac Pro with the OS X Yosemite. My computer has malware on it. I keep getting popups and ads on my screen, whether I'm using Safari or Chrome. One of the popups says "Suspicious activity found on your computer, due to pop-up advertisement windows and invasive links. Please contact tech support at 1-866-215-6348." I want to know how to get rid of this malware. Thanks in advance.

    Some are persistent. Force quit Safari again. Disconnect from the Internet by either turning off Wi-Fi in the System Preferences, or unplugging the Ethernet cable from your router/modem. Hold the Shift key and launch Safari again. If the same popup appears, you will be able to dismiss it and navigate away from the page, or close its tab. Reconnect to the Internet.
    Though reading your initial post again, it's sounding more like JimmyCMPIT is correct since you're seeing ads in multiple browsers. It's just rare for one the ads that pops up to be like one of the tech support scams.
    In which case, you can either follow Apple's manual instructions for removing adware, or use the free automated tool, AdwareMedic (as mentioned by, and linked to by Jimmy).
    It should be noted that Apple's manual removal instructions are typically outdated. Sometimes a lot outdated. It depends on when Apple last updated their instructions page. If you would prefer to manually remove the adware on your system, you can find much more up-to-date instructions on The Safe Mac's adware removal page.

  • Spyware/malware and Mac Mail

    Here's the deal... I've been having trouble with my cable email provider not accepting my email password. It's my second email account so I don't pay a lot of attention to it. Anyway, I found out they have been blocking my email account since 4/10/14 because somebody has accused me of spamming, which I haven't done. They didn't bother to notify me, they were waiting for me to call them.
    Well, to get this email account up and running again, they want me to run a spyware/malware program on my Mac. How is that going to prove anything to them if I'm supposedly the one doing the spamming? What program should I run and won't I be open for trouble on my computer by doing so.
    I asked the guy how they would know if I ran the software, "We'll just take your word for it!" is what he said. ??? Anybody have any suggestions?

    Tell them you ran Sophos Home AV Mac. It's free. You can even really do a scan and then uninstall it--or keep it. It comes with an uninstaller. If it finds anything, it will probably be something that will only run on Windows...or it might just find some adware. I'm actually using it on 10.8. It slows things down a tiny bit sometimes, but that's the only issue I've seen with it. If you were spamming, it could mean that you had inadverently been enlisted in a botnet. But there are none for Mac as of this writing.

  • I know everyone says "no spy/malware on macs" but....

    ...I am almost 100% positive something fishy (phishy?) has infected my system.
    A while back I fell for the fake emails that were sent out claiming to be order confirmations for Sony Vaios from stores like Wal-mart and Best Buy.
    I unzipped the "pdf receipt" like an idiot... I guess the fear of having a 2000 dollar computer purchased with my stolen credit card number caught me off guard. Once I saw the file was actually an .exe, I realized it was a scam. Because I know .exe files don't run on Macs, I didn't worry much about it.
    But ever since this event, I have received a glut of pop-up ads... this is especially odd, because before, I never saw any at all. I also believe that my business email address, which had been clean up to that point, was added to a spam database... since the event I receive clusters of spam every day, which, much like the pop-ups, had not been a problem at all before I opened the email. After doing some research on this particular piece of malware, I learned that these are two of the symptoms associated with that particular malware.
    So I know the .exe file didn't run on my system, but it seems possible to me that something else was placed in my system when the .zip file opened. I am finding it difficult to find any possible solutions to this because it seems the default answer is always "there are no malicious files for Macs".
    This seems like a crutch and it is very frusturating because I am almost certain the suspicious behavior originated with that email. So maybe I'm wrong. Maybe it isn't malware, but I know one thing: someday soon, if not already, there will be malicious programs written for Macs. The only reason there aren't is not because of superior security on Macs, it's merely because no one is writing them. But as Apple continue to surge in popularity, you know that can't last. And this "no viruses on Macs" mantra that has been pounded into our heads ad-naseum is going to make Mac users sitting ducks.

    Welcome to Apple Discussions
    You are not seeing any affect from Malware etc. that you would see on a PC system. With that said, is your pop-up blocker (via the Safari Menu) selected? Also, PithHelmet is a very good ad-on for blocking this type of content. Much more feature oriented than what Safari provides.
    Also, have you checked your Cookies file (Safari Preferences>Security>Cookies) recently? There may be one or more cookies related to the E-mail you opened. If you find any, single-click, then select "remove.
    I use SafariPlus for Cookie management. Much better than the Safari approach.

  • Have malware and mac running slow, how do I solve this problem

    EtreCheck version: 1.9.12 (48)
    Report generated June 21, 2014 at 7:14:19 AM EDT
    Hardware Information:
      iMac (21.5-inch, Late 2012) (Verified)
      iMac - model: iMac13,1
      1 2.7 GHz Intel Core i5 CPU: 4 cores
      8 GB RAM
    Video Information:
      NVIDIA GeForce GT 640M - VRAM: 512 MB
      iMac 1600 x 900
    System Software:
      OS X 10.9.3 (13D65) - Uptime: 2 days 10:11:57
    Disk Information:
      APPLE HDD ST1000LM024 disk0 : (1 TB)
      EFI (disk0s1) <not mounted>: 209.7 MB
      disk0s2 (disk0s2) <not mounted>: 999.35 GB
      Recovery HD (disk0s3) <not mounted>: 650 MB
    USB Information:
      STECH    Simple Drive     400.09 GB
      disk2s1 (disk2s1) <not mounted>: 32 KB
      External HD (disk2s3) /Volumes/External HD: 399.95 GB (74.72 GB free)
      Apple Inc. FaceTime HD Camera (Built-in)
      Apple Inc. MacBook Air SuperDrive
      Apple Inc. BRCM20702 Hub
      Apple Inc. Bluetooth USB Host Controller
    Thunderbolt Information:
      Apple Inc. thunderbolt_bus
    Gatekeeper:
      Mac App Store and identified developers
    Kernel Extensions:
      [loaded] com.symantec.kext.SymAPComm (12.6f28 - SDK 10.6) Support
      [loaded] com.symantec.kext.filesecurity (2.6f32) Support
      [loaded] com.symantec.kext.fw (5.3f12) Support
      [loaded] com.symantec.kext.internetSecurity (5.3f6) Support
      [loaded] com.symantec.kext.ips (3.9.1f10) Support
      [loaded] com.symantec.kext.pf (5.6f22) Support
    Launch Daemons:
      [loaded] com.adobe.fpsaud.plist Support
      [loaded] com.adobe.SwitchBoard.plist Support
      [loaded] com.oracle.java.Helper-Tool.plist Support
      [loaded] com.oracle.java.JavaUpdateHelper.plist Support
      [running] com.symantec.deepsight-extractor.plist Support
      [failed] com.symantec.errorreporter-periodic.plist Support
      [loaded] com.symantec.liveupdate.daemon.ondemand.plist Support
      [loaded] com.symantec.liveupdate.daemon.plist Support
      [not loaded] com.symantec.nav.migrateqtf.plist Support
      [running] com.symantec.sharedsettings.plist Support
      [running] com.symantec.symdaemon.plist Support
      [not loaded] com.vsearch.daemon.plist Support
      [running] com.vsearch.helper.plist Support
      [running] com.zeobit.MacKeeper.plugin.AntiTheft.daemon.plist Support
    Launch Agents:
      [not loaded] com.adobe.AAM.Updater-1.0.plist Support
      [loaded] com.adobe.CS5ServiceManager.plist Support
      [loaded] com.oracle.java.Java-Updater.plist Support
      [loaded] com.symantec.errorreporter-periodicagent.plist Support
      [loaded] com.symantec.nis.application.plist Support
      [running] com.symantec.uiagent.application.plist Support
      [running] com.vsearch.agent.plist Support
    User Launch Agents:
      [loaded] com.adobe.AAM.Updater-1.0.plist Support
      [loaded] com.adobe.ARM.[...].plist Support
      [loaded] com.citrixonline.GoToMeeting.G2MUpdate.plist Support
      [failed] com.zeobit.MacKeeper.Helper.plist Support
      [not loaded] jp.co.canon.Inkjet_Extended_Survey_Agent.plist Support
    User Login Items:
      iTunesHelper
      Canon IJ Network Scanner Selector EX
      AdobeResourceSynchronizer
      TuneupMyMac
    Internet Plug-ins:
      Flip4Mac WMV Plugin: Version: 3.2.0.16   - SDK 10.8 Support
      FlashPlayer-10.6: Version: 14.0.0.125 - SDK 10.6 Support
      Default Browser: Version: 537 - SDK 10.9
      AdobePDFViewerNPAPI: Version: 11.0.07 - SDK 10.6 Support
      AdobePDFViewer: Version: 11.0.07 - SDK 10.6 Support
      Flash Player: Version: 14.0.0.125 - SDK 10.6 Support
      QuickTime Plugin: Version: 7.7.3
      NortonInternetSecurityBF: Version: 1.9.0 - SDK 10.6 Support
      Silverlight: Version: 5.1.20913.0 - SDK 10.6 Support
      JavaAppletPlugin: Version: Java 7 Update 60 Check version
    Safari Extensions:
      Norton Internet Security: Version: 1.9.0f7
    Audio Plug-ins:
      BluetoothAudioPlugIn: Version: 1.0 - SDK 10.9
      AirPlay: Version: 2.0 - SDK 10.9
      AppleAVBAudio: Version: 203.2 - SDK 10.9
      iSightAudio: Version: 7.7.3 - SDK 10.9
    iTunes Plug-ins:
      Quartz Composer Visualizer: Version: 1.4 - SDK 10.9
    User Internet Plug-ins:
      CitrixOnlineWebDeploymentPlugin: Version: 1.0.105 Support
      ConduitNPAPIPlugin: Version: 1.0 - SDK 10.6 Support
    3rd Party Preference Panes:
      Flash Player  Support
      Flip4Mac WMV  Support
      Growl  Support
      Java  Support
      Norton\nQuickMenu  Support
    Time Machine:
      Mobile backups: OFF
      Auto backup: NO - Auto backup turned off
      Volumes being backed up:
      Destinations:
      External HD [Local] (Last used)
      Total size: 372.49 GB
      Total number of backups: (null)
      Size of backup disk: Excellent
      Backup size 372.49 GB > (Disk size 0 B X 3)
      Time Machine details may not be accurate.
      All volumes being backed up may not be listed.
    Top Processes by CPU:
          1% WindowServer
          1% fontd
          0% com.apple.WebKit.Networking
          0% Safari
          0% configd
    Top Processes by Memory:
      434 MB SymDaemon
      279 MB WindowServer
      270 MB com.apple.WebKit.WebContent
      180 MB Mail
      156 MB Safari
    Virtual Memory Information:
      2.21 GB Free RAM
      3.41 GB Active RAM
      1.40 GB Inactive RAM
      991 MB Wired RAM
      1.47 GB Page-ins
      0 B Page-outs

    In addition to Symantec and MacKeeper as QuickTimeKirk suggested, remove adware Vsearch too.
    Identify and remove adware
    http://www.thesafemac.com/arg/
    or
    Adware Removal Tool
    http://www.thesafemac.com/art/

Maybe you are looking for