I think I have a safari virus.
Hi Guys,
I know the title seems a little over exaggerated but recently I have had an alarming affiliate redirection take over safari. When I do a google search no mater what I search every link is a redirect through six pages of the same affiliate redirect crap to end up at a blank page. I have to cut and past the link under the description in the search results directly into the title bar to get where I want to go. The dodgy links only last for 2 heading clicks at a time then its normal but if you search something else there back for another 2. This is really frustrating. I view/download alot of **** as I have an affiliate site of my own but I am concerned that alot of people may encounter this issue causing a grey cloud over the virus free mac slogan. Any ideas guys???
Whilst no viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions, the appearance of Trojans that can infect a Mac seems to be growing.
SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:
http://macscan.securemac.com/
The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X.
Upon running the installer, the user's DNS records are modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's DNS records stay modified on a minute-by-minute basis.
SecureMac's DNSChanger Removal Tool allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
A white paper has recently been published on the subject of Trojans by SubRosaSoft, available here:
http://www.macforensicslab.com/ProductsAndServices/index.php?mainpage=document_general_info&cPath=11&productsid=174
Also, beware of MacSweeper:
MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008
http://en.wikipedia.org/wiki/MacSweeper
On June 23, 2008 this news reached Mac users:
http://www.theregister.co.uk/2008/06/23/mac_trojan/
More information on Mac security can be found here:
http://macscan.securemac.com/
The MacScan application can be downloaded from here:
http://macscan.securemac.com/buy/
You can download a 30 day trail copy which enables you to do a full scan of your hard disk. After that it costs $29.95.
More on Trojans on the Mac here:
http://www.technewsworld.com/story/63574.html?welcome=1214487119
The latest news on the subject, from July 25, 2008, is:
Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.
The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.
In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.
Net security groups say there is anecdotal evidence that small scale attacks are already happening.
Further details here: http://news.bbc.co.uk/2/hi/technology/7525206.stm
There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future.
Similar Messages
-
How do I reset Safari..? I think I have a Trovi virus - anyone have any ideas..?
Since installing Yosemite, I now seem to have a Trovi virus in my Mac. I'm trying to reset Safari as part of the process to rid the computer of this virus. I can't seem to find where to do this now. Recent updates has changed where to find the reset safari tab. Anyone have any ideas on this or the Trovi Virus..?
You may have installed the "SearchProtect" trojan. Remove it as follows.
Malware is always changing to get around the defenses against it. These instructions are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
Back up all data before proceeding.
Triple-click anywhere in the line below on this page to select it:
/Library/LaunchDaemons/com.perion.searchprotectd.plist
Right-click or control-click the line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.* A folder should open with an item named "com.perion.searchprotectd.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
Restart the computer and empty the Trash. Then delete the following items in the same way:
/Applications/SearchProtect
~/Library/Application Support/Firefox/searchplugins/MyBrand.xml
~/Library/Application Support/Google/Chrome/External Extensions/fjadmdmahkpbhgbmmkiiaanlnlekelmn.json
~/Library/Application Support/Mozilla/Extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/[email protected]
~/Library/Internet Plug-Ins/TroviNPAPIPlugin.plugin
~/Trovi
Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
Quit and relaunch Safari. From the menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall any extensions you don't know you need, including any that have the word "Trovi" or "palmall" in the description. If in doubt, uninstall all extensions.
Reset the default search engine and home page to what it was before.
"SearchProtect" may be distributed along with two other applications: "MacKeeper," which is a scam, and "ZipCloud," which, if not actually a scam, has a dubious reputation. Ask if you need instructions to remove those items.
*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. -
I think I have a keylogger virus of some sort
Hi
I recently bought somthing from ASOS with my credit card and then the next day that credit card was used for things which I did not authorise, luckily american express sorted it out. I think I have some sort of keylogger virus or osmething becasue ASOS is a trusted website (right???) so I don't think anything went wrong there.
Any ideas on how to scan for it or get rid of it???
Cheers.Malware should not be your first thought here. There's almost certainly some other explanation. However, if you want to set your mind at ease, get Sophos and do a scan with that. And take a look at my Mac Malware Guide.
As to what the problem is, most likely the card number was stolen some time previously, and the fact that it was used the day after a particular purchase is likely to be nothing more than coincidence. There are many opportunities for credit card numbers to be stolen, and at this point it may be impossible for you to ever learn how it was stolen. Just cancel the card and have a new one issued. -
hello,
My mail program is acting very odd last 2 days.
I am getting spammed with Postmaster -return to sender messages in my inbox.
the weird thing is that i delete the messages from my inbox, then i delete my trash folder, when i delete from trash they go back to my inbox.
And if i reboot mail, they are also back in my inbox.
I cant work like this, please help!!Can you try making a new user to test?
Have you done these two lately...
Using Disk Utility in Mac OS X 10.4.3 or later to verify or repair disks...
http://docs.info.apple.com/article.html?artnum=302672
About Disk Utility's Repair Disk Permissions feature...
http://docs.info.apple.com/article.html?artnum=25751
If worried about a virus...
Most don't need it on Macs, but here ya go on the Mac side...
ClamXAV, free Virus scanner...
http://www.clamxav.com/
Little Snitch, stops/alerts outgoing stuff...
http://www.obdev.at/products/littlesnitch/index.html
HenWen/Snort combo, that is a free MAJOR Firewall...
http://seiryu.home.comcast.net/henwen.html
Then the venerable old Brickhoues/Flying Buttress Firewall...
http://personalpages.tds.net/~brian_hill/downloads.html
WaterRoof is a firewall management frontend with bandwidth tuning, NAT setup, port redirection, dynamic rules tracking, predefined rule sets, wizard, logs, statistics and other features.
http://www.macupdate.com/info.php/id/23317
Monitor net usage...
http://mac.softpedia.com/get/Dashboard-Widgets/Information/Videotron-Internet-Us age-Monitor.shtml -
Hello to everyone!I think that I have installed a virus to my mac because safari opens advertising sites all the time and Facebook stucks a lot.What i should do to make my mac as it was before?
From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Turn all extensions OFF and test. If the problem is resolved, turn extensions back ON and then disable them one or a few at a time until you find the culprit. -
I think I have a virus/spyware/adware???
Hello!
Last week while I was on www.google.com searching images, my Safari download manager popped up and began downloading "soft_58s7.exe". I immediately deleted it and assumed that I had clicked on an image that took me to a link that gave me a virus. I continued on using google, and when searching something completely different the download occurred again, and again. Each time I deleted the file from my computer by locating it in Finder and dragging it to the trash.
However, not I get random pop-ups everyone once in awhile while using sites that I know do not have pop-ups (Google search, aol.com, facebook). So I think I have a virus.
I also tried to download ProtectMac Antivirus, but it tells me that it cannot be downloaded because there is another antivirus software on my computer that it is not compatible with. I checked my applications and there was an app called "VirusProtect", which I drug to the trash as well. However I still received this message that ProtectMac could not be installed because of another antivirus application. I believe that I either did not uninstall VirusProtect correctly, which I need help doing because the icon is no longer there, or this is also an effect of the virus.
Please help!!
Im on a MacBook, running OS X 10 .5.8
Thank you!
I think this is also an effect of the virus because I have no virus protection on my com.exe files are Windows executables that do not run on Macs, and simply downloading one will not give you a virus. Random pop-ups in your browser may occur but as long as you dismiss them there should nothing of concern.
You cannot delete virus protection software by dragging it to the Trash. You must use the appropriate uninstaller that is included with the software.
Also see:
Do You Need Anti-Virus Protection for Your Mac?
According to Rich Mogull's article, Should Mac Users Run Antivirus Software?,
"The reality is that today the Mac platform is relatively safe. There are hundreds of thousands of viruses and other malicious software programs floating around for Windows, but less than 200 are known to target the Mac, and many of those are aimed at versions of the Mac OS prior to Mac OS X (and thus have no effect on a modern Mac).
It's not that Mac OS X is inherently more secure against viruses than current versions of Windows (although it was clearly more secure than Windows prior to XP SP2); the numerous vulnerabilities reported and patched in recent years are just as exploitable as their Windows equivalents. But most security experts agree that malicious software these days is driven by financial incentives, and it's far more profitable to target the most dominant platform."
Mr. Mogull is a computer security expert. I recommend reading the entire article as it is quite informative.
For additional information on viruses, trojans, and spyware visit The XLab FAQs and read the FAQs on viruses and spyware. -
i think i have a virus on my Macbook Pro, OS X Yosemite, how do i wipe my computer clean without erasing photos and music etc?
The update alerts are fake, and are intended to dupe you into installing malware or disclosing private information so that your identity can be stolen.
You might get the alerts when visiting a website that has been hacked. Don't visit the site again. If applicable, notify the site administrator of the problem, but don't send email to an unknown party.
If you get the alerts when visiting more than one well-known website, such as Google, YouTube, or Facebook, then they may be the result of an attack on your router that has caused you to get false results from looking up the addresses of Internet servers. Requests sent to those sites are redirected to a server controlled by the attacker. It's possible, but less likely, that the DNS server used by your ISP has been attacked.
Back up all data.
Unlock the Network preference pane, if necessary, by clicking the lock icon in the lower left corner and entering your password. Cllck Advanced, open the DNS tab, and change the server addresses to the following:
8.8.8.8
8.8.4.4
That's Google DNS. Click OK, then Apply.
In Safari, select
Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data
and confirm. If you’re using another browser, empty the cache. Test. If the fake update alerts stop, see below. Otherwise, ask for instructions.
The router's documentation should tell you how to reset it to the factory default state. Usually there's a pinhole switch somewhere in the back. It may be labeled "RESET." Insert the end of a straightened paper clip or a similar tool and press the button inside for perhaps 15 seconds, or as long as the instructions specify.
After resetting the router, quit the web browser and relaunch it while holding down the shift key. From the Safari menu bar, select
Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data
and confirm. Do the equivalent if you use another browser. Open the Downloads folder and delete anything you don't recognize.
Then go through the router's initial setup procedure. I can't be specific, because it's different for every model. The key points are these:
1. Don't allow the router to be administered from the WAN (Internet) port, if it has that option. Most do.
2. Set a strong password to protect the router's settings: at least ten random upper- and lower-case letters and digits. Don't use the default password or any other that could be guessed. Save the password in your keychain. Any password that you can remember is weak.
3. If the router is wireless, or if you have a wireless access point on the network, use "WPA 2 Personal" security and set a different strong password to protect the network. If the router or access point doesn't support WPA 2, it's obsolete and must be replaced.
During the time the router was compromised, you were redirected to bogus websites. If you ever connected to a secure site and got a warning from your browser that the identity of the server could not be verified, and you dismissed that warning in order to log in, assume that your credentials for the site have been stolen and that the attacker has control of the account. This warning also applies to all websites on which you saw the fake update alerts.
Check the router manufacturer's website for a firmware update.
If you downloaded and installed what you thought was a software update, ask for instructions. -
I think I have opened the sobig.f virus in my hotmail account and it keeps seding emails to my contacts. How do I stop it, and will it effect any of my other transactions like internet banking/shopping, is it safe To continue using my ipad ?
This isn't due to malware. There is no known malware capable of infecting an iPad that has not been jailbroken (ie, hacked to allow apps from outside the App Store).
As lizdance40 says, your Hotmail account has been hacked remotely. Change the password immediately. Hotmail accounts are popular targets, but as long as you choose a good password, and make sure that password is not the same as a password you use with any other account, you should be safe.
I disagree with lizdance40's statement that you have to abandon the account and create a new e-mail address. If a hacker is able to get back in even after changing the password, the problem is not with the account itself. There's another vulnerability of some kind somewhere. Perhaps the account allows hackers to leave a "back door" to get back in (such as with GMail's delegation feature), in which case any such feature needs to be reviewed and have settings changed. Perhaps you are checking mail in an insecure manner while on an insecure network (ie, a wireless network that requires no password). Perhaps you are using a password on multiple accounts, and a different account has been compromised. Perhaps a hacker has used knowledge gained by prior access to your account to achieve "social hacking" (ie, convincing a tech to give him access because he has "forgotten the password"). There are many scenarios, but there's no good reason to abandon the account entirely. -
I'm not sure but I think my mac has a virus. I'm expecting a lot of die-hard replies saying there are no viruses for mac, I used to be the same until this happened.
My mac (Powermac G5) slowed down - a lot - and applications stopped working in certain user areas, files have been deleted leaving some final cut projects useless (hours and hours of work lost) and I get a kernal panic every time I try to reinstall OSX from the DVD.
I figured it was probably just a hardware problem but then something very strange happened - I switched user areas and after the cube animation of changing user area, there was a poor animation of a sheep deficating on my screen which then ran off and dissapeared.
The only explination that I can come up with is a virus - why else would the animation appear? I'm pretty sure a hardware problem would not cause such a thing.
The plot thickens - This computer has never been connected to the internet, and the only disks that I've put into it have been software disks (that have been used on other machines with no ill effect) and disks with files from other macs (which obviously have not been infected with viruses), however, I do have Norton Antivirus installed on the machine.
I didn't install it myself, I would never do such a thing, I recieved the computer from my university and it came pre-installed. The only conclusion that I can come up with is that because I haven't updated Norton or paid any money for updates, it released a virus to make me panic and pay up for a update that I wouldn't need unless this useless software was installed.
Anyone got any thoughts or ideas on what I can do to resolve this problem? I could send the computer back but I'm using it daily for college work. I have tried to uninstall Norton but I'm not convinced its really gone. I can't be completely sure that the problems are being caused by Norton but I'm fairly certain that they are.I figured it was probably just a hardware problem but then something very strange happened - I switched user areas and after the cube animation of changing user area, there was a poor animation of a sheep deficating on my screen which then ran off and dissapeared.
No virus. That's an easter egg for some applications. Not sure which, but I remember hearing about it.
As for files "deleted", that could just be a corrupted spotlight index. That will cause files to disappear. Sometimes repairing permissions and then rebuilding the Spotlight index will fix the issue. Sometimes it means the hard drive is dying and needs your data recovered to a backup as soon as possible. -
What can I do if I think I have a virus?
QuestionWhat can I do if I think I have a virus?
AnswerSkip this and contact a professional
If you'd like to skip this guide and contact a professional, CLICK HERE.
There are a few steps you can take if you think you have a virus.
Use anti-virus software
One of the first things you should do is scan your computer with anti-virus software. Many Toshiba computers come with software for this purpose. You may choose to use an alternative, but you should only have one anti-virus program installed at a time.
Run your anti-virus program and ensure it's fully updated. Once it's updated, preform a full scan of your computer.
Disconnect accessories
If that doesn't help, you should disconnect any accessories connected to your computer. It's possible that the symptoms that you think are due to a virus could be due to an accessory.
Uninstall new software
An error with a new program might be causing problems that you think are being caused by a virus. To check this, uninstall any new programs that you installed near the time your computer's symptoms first appeared.
Perform system restore
If none of the previous suggestions helped, you might consider performing a system restore. This will return your computer's system files to a previous state. System settings will revert, and programs installed since the restore point was created might need to be reinstalled. Your documents shouldn't be changed.
For more information on performing a system restore, see one of the following articles:
How To: Understanding System Restore, Refresh, Reset, and, Recovery options in Windows 8 + Video
How To: Perform a system restore in Windows 7
Contact a professional or perform a system reset
Lastly, you might want to return your computer to factory default conditions. This is sometimes called a system reset or a system recovery. Note that this will remove all of your software and data that you added including applications, documents, photos, etc.
If you don't want to reset your computer and you'd like to contact a professional, CLICK HERE.
If you do want to proceed with a system reset, the system reset will remove the virus. For more information, see the following article:
How To: Understanding System Restore, Refresh, Reset, and, Recovery options in Windows 8 + VideoSome processes are critical, but many can be interrupted without any problem.
You can monitor your ongoing processes by going to Applications/Utiltities/Activity Monitor; pay particular attention to Disk Activity and Network. To interrupt a process, highlight the process, and tap "Quit Processes." This will interrupt or stop the runaway process. -
I think I have a virus or bot on my MacBook. Random e-mails have been sent from my e-mail overnight. I use comcast.net. Any suggestions for removing the bot.
Let me guess, one or more of your friends has asked you why you're sending them solicitations for phony pharmaceuticals or shady software?
These emails did not originate from your MacBook. What happens is that one or more of your friends has a Windows computer with your email address stored in its Address Book (or whatever Windows calls it). Their computer gets infected with a program that examines email addresses stored on it and used yours as the "return address" on the spam it's spewing forth, to disguise the actual source.
At present, there are no such known programs that run on Macs. Therefore, there is nothing to remove on your MacBook. All you're guily of is sending an email to someone with a Windows computer, who is lacking the anti-malware utilities that are a practical requirement for Windows.
Summary: There's nothing you can do.
Lesson: Friends don't let friends run Windows. -
I am having trouble with my mac book air. I think I have a virus because everytime i click on a link it openes up popup windows and other things. How do I reset teh computer?
Please post a screenshot that shows what you mean. Be careful not to include any private information.
Start a reply to this message. Click the camera icon in the toolbar of the editing window and select the image file to upload it. You can also include text in the reply. -
I can't open or receive hotmail emails on my macbrook pro, but i can on other devices. i changed my password, emptied the cache, tried using a different browser, etc. i think i have a virus. help!
Thanks for your help. that's not working either! ugh!!
I can open hotmail, but it's not formatting right, i can't open emails, nor send them.
Thank you so much for trying to help. I really appreciate it.
I understand that you can't get a virus by opening an email, but it seems way too circumstancial! This is my third mac -- because unlike PC -- I never had a problem. I understand this problem is not with my macbook, because every other website works fine -- it's hotmail! -
Is there a fix for a virus I think I have on my system Has to do with email people received. I didn't send it and some of them couldn't open it. Is this a trojan virus and how do I fix it
Generally that either means someone hacked your email account and sent the emails from your account, or one of your Windows using friends has a virus. You can check to see if your account was hacked by looking at your sent items folder. If it was sent from your account, it would be in the sent items folder. If it was accessable from the Web, check whatever webmail interface you have.
The more common opition is that it is a virus on one of your friend's Windows computer that uses his email contact list to spoof the return address of the spam it sends out. The email is sent from somewhere else, but uses your email address as the return address. -
I think I have a virus, yesterday I got an email from Verizon that I own $1000 and I tried to open it and now I have 8 emails from the same sender. DO I have a virus and what should I do to clean my ipad?
Chances are your iPad is fine. when you clicked on that e-mail, you confirmed to them 'hey, real person' so now Mr Spammer is working towards his 'make money from home' quota of spam by sending you multiple e-mails. You can block him - I'm not sure what e-mail client you're using so no idea for exact instructions, but you'll probably need to do this on a computer not via the iPad) and you could report him....wouldn't hold my breath that the report will actually accomplish anything beyond the person being blocked.
The iPad's operating system is different from the OS of a PC or Mac. Viruses written for one can't run on the others. (and iPads dont' get viruses in the strictest definition of the term, malicious programs that propogate themselves across the operating system)
The down side, even if you block this person, they know your address is a 'live' one so you'll need to be alert and aware because I'm sure more spam and phising mails are on their way.
If you did enter ANY info, make calls and start changing passwords ASAP.
Maybe you are looking for
-
"While executing applyBehavior in Swap image.htm, a JavaScript error occurred."
What should be a simple web update is turning into a nightmare. I can't select any of my images to apply onMouseOver Swap Image behaviors, and I keep getting the message above. Can I just say right now that I hate Dreamweaver CS6 and what it's doing
-
Information on notebook ports (USB, HDMI, etc)?
I'm currently looking at a Pavilion 17z-e100 laptop to customize and order. However, I cannot find any information regarding the ports on the notebook. I need an HDMI output and 3 USB slots, and since I transfer large files to my USB drive regularly,
-
Getting WEBi Error ": MDdatasetBW.Getcelldata"
Hi Gurus, When I am running a WEBi report which is built on top of SAP BW query, I am getting error " Database erro : the error is MDdatasetBW.Getcelldata. Unknown error (WIS 10901). This is an ADHOC query in SAP BW that drills down to the very detai
-
Handling Fault Messages for JDBC Receiver (Syn Inbound)
Dear Freinds, Can we handle fault messages for JDBC Receiver which is synchronous. OB Proxy Syn <> IB JDBC Syn 1. How to handle the same ? Please give some examples. 2. Should we use Stored Procedures at Oracle side to handle the fault messages and
-
Making Web Service calls from a Form in the WorkSpace
I am getting conflicting information about this, so I hope someone here could clarify it. TIA. This is what I want to do: after a form is displayed/launched in the WorkSpace, when the user Tabs out of a field (Exit event) on the form, I want to make