Malware help

Ok, I am going to pose this question first as a hypothetical, so please resistant insulting me or jumping down my throat. If someone had malware, a non replicating form of something that seems to be able to remotely access computer, change permissions, pretty much run the show and do whatever they want, and it is on a macbook pro, what would it mean if this malware is resistant to a.)a clean sweep of the harddrive and reinstall from apple internet recovery b.) a freshly installed SSD c.) a wiped SSD and recovery parition via starting in recovery from Snow Leopard CD that came with macbook, and a fresh install of snow leopard (symptoms arose before maverick was upgraded too and got worse with upgrade.)
Symptoms are vast, and change rapidly, but can be expounded upon. Most recent, this morning, includes all internet pages, downloads, etc in both Safari and Firefox showing up in german for 5 minutes then switching back, the whole time my ip remains in the US. Letters from my ISP telling me I have malware connecting out to ports that when googled are associated with XSAN (i am on a one person personal network connected via ethernet with no wi fi enabled and did not know what XSAN was until this). Persistent loss or complete degradation of processing ability and internet as a result of ddos attacks (teardrop type attacks, and syn floods, all new terms to me explained by isp, but fit what is happening, as my console messages at the time of system freeze indicate "too many threads, etc, indicative of a full cache). Console that has consistent strange errors that I have tried to ignore everytime the system starts to perform strangely, as I admittedly am usually wrong when trying to interpret error messages, especially when I have one thing in my head I am resistant to other ideas, but continue to weird me out, and have fallen more and more into the pattern: I google, find a very few instances of said message and most have to do with bad things regarding malware etc. Little snitch investigating showing usereventagents and all kinds of supposed system processes connecting out to weird eastern european ips that when googled all lead to PC spyware posts or network administration sites warning of bot storage locations . Trying to save any console logs on a USB or desktop often results in corruption. Consistently get errors I have never seen, both in console and outwardly in apps that key files have been changed. Rampant graphic problems, like I am using OSX1 with the windows are moving with tracelines not realtime, no opaqueness, etc, that come and go (may be conflict with X11 and maverick and unrelated) (right now everything is running great graphically and do not have x11). 10 minutes ago my printer which I just used a couple hours ago tells me it was misconfigured or something, and then makes me redownloaded and install something and when printing says, "printing from pc" which it never says (prob does usually say this and I am just paranoid now ha).
Things that have been tried with clean installs:
1.) Assuming i am crazy and systematically ignoring every impulse to investigate, download any security apps, google or even look at console. Acknowledging the fact that all this started when I first started reading about networking, and prob medical students syndrome, ha. Am finally forced too when Internet has stopped responding completely and system consistently freezes and will only last 5-10 munutes without hard power down. (Took about 3 days to reach that state, gets progressively worse). This whole time had no little snitch, no sophos or clamxav, no dns setttings, standard but strong router settings, no proxies or VPNs or opendns or Tor or anything. Calls to ISP about internet cutout show me connecting via a proxy at first and then not, but when checked on my end through whatismyisp, terminal, etc etc show normal ip. Used safari, allowed javascript, but still did not download flash. Was careful of websites I visited. Only downloaded from App store. (So had to sign in with apple id). Was utimately told by a ceritifed mac technician over the phone that he had no idea what was going on and he had never seen anything like the combo of errors i was getting.
2.) Doing opposite, and investigating everywthing, using OpenDNS, working with someone in network administration to see packets, using a hardened firefox, little snitch, etc etc.
3.) Hardware test via CD that came with 2010 macbook pro. Came back clean.
All same results basically. So, if this was happening to someone, would anyone have any advice? If I was to hook up macbook to anbother macbook via Firewire in Target disk mode and used disk warrior to wipe it, then install via snow leopard CD and updated without my apple id, would this make any difference?
What I am NOT suggesting as that would be stupid, is an EFI level trojan that loads at startup before the OS, something as far as I've read is only theoretical at this point. If this was the case, would a screen showup at startup in verbose before anything else that says loading from EFI bootloader ACPI : Long number, or is that completely normal? Is there anything in a verbose startup that would be indicative, and more importantly, does it matter, ie would it be reversible?
What do i do about internet connectivity? I have changed passwords about a 100 times, tried just the OS firewall, just the ISP firewall, a combo, litte snitch no little snitch, WPA2 always with AES encryption, no remote administration in router settings, no sharing at all in OS settings, no accesibility for any apps, etc etc, have both enabled and completely disabled wireless from router each for multiple days.
Any help would be appreciated, basically, how do you nuke a macbook, and if that doesn't work, assume hardware failure and get a new one and write it off as unfortunate and weird, and if that doesn't work, move and change your name

As I said repartition and reformat your drive:
Install Mavericks, Lion/Mountain Lion on a New HDD/SDD
Be sure you backup your files to an external drive or second internal drive because the following procedure will remove everything from the hard drive.
Boot to the Internet Recovery HD:
Restart the computer and after the chime press and hold down the COMMAND-OPTION- R keys until a globe appears on the screen. Wait patiently - 15-20 minutes - until the Recovery main menu appears.
Partition and Format the hard drive:
1. Select Disk Utility from the main menu and click on the Continue button.
2. After DU loads select your external hard drive (this is the entry with the mfgr.'s ID and size) from the left side list. Click on the Partition tab in the DU main window.
3. Under the Volume Scheme heading set the number of partitions from the drop down menu to one. Click on the Options button, set the partition scheme to GUID then click on the OK button. Set the format type to Mac OS Extended (Journaled.) Click on the Partition button and wait until the process has completed. Quit DU and return to the main menu.
Reinstall Lion/Mountain Lion. Mavericks: Select Reinstall Lion/Mountain Lion, Mavericks and click on the Install button. Be sure to select the correct drive to use if you have more than one.
Note: You will need an active Internet connection. I suggest using Ethernet if possible because it is three times faster than wireless.
If your model is too old to support Internet Recovery, then use your Snow Leopard DVD instead:
Drive Partition and Format
1. Boot from your OS X Installer Disc. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Utilities menu.
2. After DU loads select your hard drive (this is the entry with the mfgr.'s ID and size) from the left side list. Note the SMART status of the drive in DU's status area. If it does not say "Verified" then the drive is failing or has failed and will need replacing. SMART info will not be reported on external drives. Otherwise, click on the Partition tab in the DU main window.
3. Under the Volume Scheme heading set the number of partitions from the drop down menu to one. Click on the Options button, set the partition scheme to GUID then click on the OK button. Set the format type to Mac OS Extended (Journaled.) Click on the Apply button and wait until the process has completed.
4. Select the volume you just created (this is the sub-entry under the drive entry) from the left side list. Click on the Erase tab in the DU main window.
5. Set the format type to Mac OS Extended (Journaled.) Click on the Security button, check the button for Zero Data and click on OK to return to the Erase window.
6. Click on the Erase button. The format process can take up to several hours depending upon the drive size.
Use the computer afterwards as is to see if the problem has been squashed. If so, then be very careful what and how you restore things. Third-party applications should all be re-installed from their source media. Use AV software capable of discovering the most recent infections to scan your data files before restoring them.

Similar Messages

'System Security' Malware help, please! Installed Verizon security suite, now it's back again.

We received the System Security malware on our computer. We thought we removed it completely because initially the malware prevented the Verizon security suite from running.
After we deleted the virus and the program attached, we were able to install the Verizon Internet Security suite. Lo and behold, two hours later (after a successful complete scan) the malware was back with NO warning from Verizon Security Suite.
Can someone please tell me how to remove this malicious program and also why the security suite gave no warning before it re-attached itself to our computer?
Any help is greatly appreciated, as our laptop is heavily used and we do not have the money or the time to have it completely wiped clean.
Thank you!!

its really dependant on what type of malware is installed.
if u can get the exact name of it ... it should be something like name.malware .. something like that
do a google for "remove name.malware " or whatever the name of it is, and chances are the first 3 responses will be how to remove it
keep in mind that ABSOLUTELY NO VIRUS PROTECTION ON EARTH EVER , can protect you from every single virus/malware ... things change too fast for everythign to keep up 100% of the time
... and by the way, i like turtles

Wondering if I have malware, help!

I recently installed VirtualBox, and I used an iso file I'd gotten a while back to try Windows XP. I thought when I got the file that I was downloading some sort of VirtualBox helper file, but apparently its a full Win XP system installer. I deleted the disk image of the Virtual Machine I put it into, but I'm wondering now if my Mac is infected with malware. I did have a shared folder in that virtual machine but it was not my main home folder or any of my system folder.
I never opened the iso file in the Mac system, other than selecting it within the VirtualBox app to use Windows XP.
The iso filename had "nomaher.com" in it, which from my googleing I just did seems like an illegal site. I know thats not where I got the file, though. I've deleted the iso file too now, though I put it on a small USB drive I wasn't using for anything in case some tech person needed the file to find out if I have malware.
The Mac I ran this VirtualBox on is a 2007 iMac running Snow Leopard.
How do I find if I have malware from this, and how do I remove it if I do?
Thanks.

You would not have any malware affecting the Mac. Can't say for the Windows side or for the ISO, itself.
Helpful Links Regarding Malware Protection
An excellent link to read is Tom Reed's Mac Malware Guide.
Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
See these Apple articles:
          Mac OS X Snow Leopard and malware detection
          OS X Lion- Protect your Mac from malware
          OS X Mountain Lion- Protect your Mac from malware
          About file quarantine in OS X
If you require anti-virus protection I recommend using VirusBarrier Express 1.1.6 or Dr.Web Light both from the App Store. They're both free, and since they're from the App Store, they won't destabilize the system. (Thank you to Thomas Reed for these recommendations.)

MalWare Help Needed

I have a problem with malware (MacPro; OS 10.5.8). Probably multiple infections. Hope someone can recognize it and point me to something that will work better than I have managed so far.
Symptoms
(1) Ridiculously slow execution of some tasks
(2) Occasional loss of control of mouse -- gets "sticky" and refuses to "drop" items being dragged, or drags instead of clicking.
(3) A "Party Poker" window keeps popping up in Safari, in spite of the "Block PopUp Windows" preference being set
(4) Activity Monitor shows an additional approx 550 Mb virtual memory for every active process, which disappears, process by process, as I inspect each process. Is this indicative of a hidden process running in the background?
(5) I believe that I acquired a second infection when an unexpected window popped up in Safari, inviting me to download something, and I thoughtlessly hit a (almost certainly bogus) Cancel Button instead of immediately closing the window. About a second of activity followed, which brought up my downloads window, although no new file remained visible there.
Steps taken so far: De-installed Boot Camp (had it up because I was hoping to use it to get around differences between Mac and Windows MS Office programs, but it failed to do what I had hoped for). Attempted a system re-install, but system refused to startup from an installation disk. Obtained and ran MacScan, which removed the DNSChanger trojan, and several blacklisted cookies, but did not solve the problems.
Sophos is continuously running on my system.
Bottom line -- advice needed -- help please!

Hi Lyssa
Thanks for your reply. I realize in hindsight that my system specs were a bit thin.
Computer 2 years old. 4 x 1 Gb = 4 Gb RAM. Single 465 Gb Hard Drive with just 400 Gb still nominally free.
I have about 6 user accounts on the machine; the slowness persists when I log onto a little used one, but I have not yet at this stage tried creating a new one.
(1) Internet tasks often slow, but I blame the ISP for that. But ANY application startup (it seems) can SOMETIMES be slow, and even mouse clicks or keystrokes occasionally lag without good reason (i.e. when no internet communication is taking place, and no other local application is obviously busy).
(2) I do not use a wireless mouse, but I have tried changing mouse (to a different wired type Logitech <-> Apple) with no relief.
(3) The unwanted window does not appear immediately; it seems to pop up at random, typically 3 or 4 sites into a session, and independent of what types of site I am visiting. It is possible that a google search might be a common factor; there would be no other.
And finally I was using a retail install disk -- Early Leopard (see my other post).

Possible malware - Help!

I need to be able to use the internet browser Opera. I downloaded it from the internet a couple of weeks ago and have not had any problems. A couple of days ago I started to get some suspicious "pop ups", I force quit the application, deleted Opera and reinstalled but I am not receiving pop ups that say "The server's certificate chain is incomplete, and the signer(s) are not registered. Accept?" I will attach an example. How do I remove this? And how do I safely run Opera in the future? Thanks so much!

There is a tool called AppleJack which is an open source free download from Source Forge:
http://sourceforge.net/projects/applejack/
It installs on the Root level and is accessible through a Restart holding down ⌘+S at the black screen. You will get a black screen with white text. Here you can type 'applejack" at the prompt and it will clean your caches as it undertakes the maintenance tasks. Before you use it, you could seek help from more experienced Mac users. There is also an app called Onyx which does the same job but is managed from the GUI level.

Problems after installing latest itunes

I installed the latest itunes 9.0.1 the other day, since then my ipod nano ,3rd gen, wont sync, a message comes up when you plug it in saying 'new hardware found, there was a problem with installation and may not load properly' then continues to do nothing. when i plug in my sisters ipod 6ogb 5th gen on her itunes it says 'ipod service module (32 bit) has encountered a problem and needs to close'.
tried resetting the ipods but that didnt helpnot a computer wizz so need help in simple terms please!!

(default) REG_SZ (VALUE NOT SET)
APPLE APPLICATION REG_SZ =JJ*5.q6R9m~e?-X$O^7!5sPG*i7c9a%EIdQdnl&dib_....
CRT-winSXS REG_SZ _i0Y]s!soe8MkbIdFwUv$f.Z@}4G(*9MkbIdFwUv$f.Z....
Good job, Natters. On doing the same search through my own registry I find the same results and my Device manager *isn't* blank. So I'm not so inclined to think it's the SP3 problem anymore. Again.
So the other thing that I would be worried about is a malware infection. *Apropos* adware can cause a blank Device Manager, although other similar varieties may also cause similar problems.
In order to get that possibility off the table, I think you should try heading to a reputable Malware removal help forum where somewhere can have a good look through a HiJackThis log of your PC, and can advise you how to fix any problems that show up. There's a list of reputable malware help forums at the bottom of the following page (although there are others out there):
http://www.doxdesk.com/parasite/links.html
(Not trying to get rid of you, just trying to get you on the radar screens of people with the right set of skills.)

HELP! I had a Flashback Trojan/Malware on my Mac, I deleted it in trash, and now my Mac won't start.

At first my Mac Finder showed n81, n82, etc when you right-click it, instead of the commands " open new finder window", "hide" etc. I also noticed that sometimes, when I would go to sites such as facebook, it would redirect to a different site and I'd have to type in the address again to get to the site. Nothing else was wrong with it. Safari was not shutting down. It wasn't slow.
I did some research and found that I probably have the Flashback Trojan/Malware virus (whatever that is?) And so I followed what some people did (which got their mac fixed) .. I downloaded clamvax and tinkertool to find the malware (hidden files) and I deleted it in trash.. my computer seemed fine but when I restarted it, it wont turn on anymore.. the screen remains blue, the mouse could still be moved, but it stays that way..
did I lose all my files? am I being hacked as we speak? Is this virus very dangerous?! I am very paranoid and know nothing about this kind of stuff so please help!
BTW, the malware was from the game Farm Frenzy.. I have no idea how I got this... I never play online games.

@Thomas, Thanks for jumping in. I had to take my wife to a Doctor appointment and things went down hill from there.
I note that you are using Mac OS X 10.5.x. It's important to understand that the Java vulnerabilities that allowed this malware to get established on your machine cannot be fixed in 10.5.x. You would need to upgrade to at least 10.6 (Snow Leopard) to be able to get a version of Java with those vulnerabilities fixed. (Correct me if I'm wrong there, Al!)
That's 100% correct. Natalia has the distinction of being the first OS X 10.5 user confirmed to be infected by Flashback as far as I can tell. That operating system is becoming increasingly dangerous as the days go by. The OS has not been updated since Aug 2009 and the last Security and Java updates were in June 2011. There is no XProtect system and more and more third party's have dropped support in updating their Applications.
Natalia_ wrote:
I actually ran disk utility, and it said that the Macintosh HD is fine... I also tried safe mode/safe boot and did the FSCK command.. even that said that my laptop was fine? but somehow it still stays blue when I start up!
And I think it probably is fine, except that something is hanging during the initial loading process. Could be most anything.
As for my files, I appreciate your advice but I am scared I might do something wrong and mess my laptop up even more!
There is almost no chance of that and at this point it should be obvious to you that if the files on your laptop are that important, you should already have a backup.
I will take it to Apple and hopefully they can help me... because it seems that my files aren't wiped out... yet... It still displayed that I had my files in there..
One word of caution, then. I have been told that Apple has instructed their support folks not to attempt to clean up a malware infection. If I were you I wouldn't bring it up unless you have to.
By the way, while the disk was running, it was making very loud noises.. humming/grinding/etc... what could this mean?
Only one thing in my experience, you're hard drive is toast. All the more reason to try and get all the data you can off it immediately.
The only way to test it is to do a surface scan which Disk Utility cannot do. You would need a third party utility to do that. If it tells you there are bad sectors, that is 100% proof that it's going bad, as modern hard drives repair themselves of bad sectors until they run out of reserves to substitute.

Can't load Facebook on Firefox . Suspect malware/trojan. Downloaded 3 free scan/remove programs, all end in .exe and my Mac wants to know which "Application" to use to run them. Help?!

Firefox 3.6.19
Mac OS 10.4.11
attempted the''' 3 free options''' listed here
http://support.mozilla.com/en-US/kb/Firefox%20never%20finishes%20loading%20certain%20websites?s=cannot+load+page&as=s
when I click on any of them, they don't just open/run. they want to know what application to use to open them. do these work for my Mac, or is there another free alternative?
Here's what the Mozilla page above said
Firefox never finishes loading certain websites
If specific websites (not all) start to load, but never finish (i.e. The Firefox activity indicator may spin for several minutes, or the status bar may show "Done" on a blank page), it is either because of a software trojan called Vundo, or a file being in the wrong format.
Table of Contents
* Vundo trojan variant
o Search for malware
o More help
* JavaScript file format
Vundo trojan variant
A variant of the Vundo trojan is known to cause Firefox to have problems loading certain high-traffic sites, including Google, Yahoo, MySpace, Facebook, and more.
Search for malware
Not all variants of the Vundo trojan can be detected or removed by malware scanners. However, you should scan your computer for infections first:
* Run the Microsoft Malicious Software Removal Tool.
* Run a full system virus scan with something other than your normal program:
o A '''free solution online is Kaspersky's online scanner'''.
* Run a full system spyware scan with something other than your normal program:
o MalwareBytes' Anti-Malware
o '''SUPERAntiSpyware''' is known to detect many variants of Vundo, and has a free version.
o '''Spybot S&D''' is a well-known free solution.
More help
If you're having a problem loading sites other than the one described above, see the Error loading websites article to see if it addresses your problem. You can also check your Internet security software - resetting permissions for Firefox can often fix similar problems.
There can be other causes of the symptoms described above. Before attempting these instructions, try the methods described in the Basic Troubleshooting article to see if they will address your problem.
If you still have problems after scanning, you may ask a support question.

It sounds like you may have multiple problems, but none of them are likely to be caused by malware.
First, the internet-related issues may be related to adware or a network compromise. I tend to lean more towards the latter, based on your description of the problem. See:
http://www.adwaremedic.com/kb/baddns.php
http://www.adwaremedic.com/kb/hackedrouter.php
If investigation shows that this is not a network-specific issue, then it's probably adware. See my Adware Removal Guide for help finding and removing it. Note that you mention AdBlock as if it should have prevented this, but it's important to understand that ad blockers do not protect you against adware in any way. Neither would any kind of anti-virus software, which often doesn't detect adware.
As for the other issues, it sounds like you've got some serious corruption. I would be inclined to say it sounds like a failing drive, except it sounds like you just got it replaced. How did you get all your files back after the new drive was installed?
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com, in the form of buttons allowing for donations. Donations are not required to use my site or software.)

I don't know what I have virus trojans malware can some one help to have any idea what I have on my pc

Hello I'm new on apple user I quick windows because I can't used any more the computer to work because I bean attack heavy that I can used my pc they just freeze the pc. I spend allot of money for nothing,
now I buy a used apple Mac, I used like 7 months no problem but now I see that they ad like a second part of the page that I can't see the top left red /yellowed/green bottom / & to click for new page some times I can't see, so if I closed all the page & I open again I will no have a problem for about 20 to 30 minutes that's all they can do so far on my Mac pro Mac Osx version 10.6.8
A list I could kept them a way and let me work with apple pc if wasn't for apple I will be homeless right now. I hope apple see the future on security the pc than make new thinks, on this day new thinks people don't care I think what people need is security on the pc, that's why I tried & work for me, I can't used windows any more & all my family will star move to apple. because use windows isn't good any more. I star my own web store on construction thanks that I choice apple www.reloadthispage.com on my web page I will recommend people to use apple here are the photos of what come out on my pc,

Helpful Links Regarding Malware Problems
If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide and AdwareMedic.
Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.
An excellent link to read is Tom Reed's Mac Malware Guide.
Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
See these Apple articles:
Mac OS X Snow Leopard and malware detection
OS X Lion- Protect your Mac from malware
OS X Mountain Lion- Protect your Mac from malware
OS X Mavericks- Protect your Mac from malware
About file quarantine in OS X
If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)

HELP! I think I have malware but can't find it...

So I've been searching for the last two days and I feel like I've read everything from DNS Poisoning to RootKit hacks but I can't seem to figure out my problem. Here's what I've been facing:
About once or twice a day, at random points, my browser opens a new tab and tries to search a long laundry list of random words, all of which are never the same each time. Some times, instead of using Google or Bing to search, it'll open up Mail, compose a message, not addressed to anyone thankfully, with another set of random words throughout the message. I've run three different virus/malware/etc. programs but none seem to have fixed the problem. I've tried Sophos, ClamXav, and DNSChanger Removal Tool, none of which have found anything. I've tried the Terminal cache clear and scutil commands, and although I have a gray DNS in my airport settings (192.168.0.1), I haven't had any other DNS numbers show up or be grayed out. I've also had a hard time loading web pages which has never been an issue. Could this be a problem with the wireless router that I'm connected to and not a Mac problem? (There's a PC on the network and my parents aren't very technological, meaning they could've downloaded just about anything thinking it was something they needed.)
Here's a screenshot of the problem that just took place a few minutes ago:
Any help would be greatly appreciated as I'm completed at a loss for what to do now. Thanks in advance!
-David

I doubt you have malware, spyware or a virus, since they are so rare on a Mac. But what I think you have is someone who has access to your MacBook Pro through Screen Sharing. I'll bet someone got access to your Mac, and set it up, especially since a local port is open.
Check System Preferences>Sharing>Screen Sharing. If it's checked on, someone is spying. Probably someone you know.

Please help, mixed reports, malware ? virus ? neither ? I am truly stuck

I am having a problem with my relatively new 6month old imac.
Please I am hoping to find some really smart (& hopefully patient) mac users for help. I appreciate all the time mac uers help members with there questions. Yuy guys really are an invaluable resource.
So here's my situation a few wks back i started noticing my imac seemed to be running slow, after that different programs like Firefox, and Safari seemed to be freezing and appear to "not respond". But things have been busy and just put it on the side.
Now around July or so Safari seems to be almost totally unstable. i starting being subjected to constant Safari problems like the browser constantly closing, yet FireFox (14.0.1) appeared to be relatively problem-free.
My wife starting finding strang emails that were supposedly quarantined so I decided to run a virus Scan. I went to the app's store to see which virus Scans were popular and downloaded Norton from the store. I have gotten mixed results from: my poor Mac being possibly sickened with: Malware (This was what was shown "Sokobanbuild.xsl") than sometimes the scan appeared to report no problems, and i have been unable to find such a file on my Harddrive
I was under the very naive impression that Mac's were rarely affected to these types of virus and such. I am by no means a mac guru so please be gentle. I tried to search on here and got even more confused, I looked for update to the OS as i thought there was somekind of download avaiklable, but became more confused and frustrated.
Thanks so much in advance, i really appreciate the prescious time everyone takes to read this or help myself or other users.
please I am in a real bind here, and hoping for some sort of solution that doesn't involve me having to re-format the Harddrivre and re-install everything, or booting up with a cd. I was also hoping to upgrade to the new Mountain Lion OS, which I assume I should wait till this gets fixed.
please any and all help would be greatly appreciated, thanks so much in advance !!!!!!
FYI: If this helps here are some of my mac's info:
OS: 10.7.4 (MAc OS only, no windows)
Processor: 2.5 GHz Intel Core i5
Memory: 4 GB
Firefox 14.0.1
thanks again
- iamTheMustangGuy

In reply to a recent post of mine, madmacs0 responded with an assessment of Norton ... and a more balanced and informative post would be hard to find. Do read it.
I need to preface my remarks to explain why I have not spoken up on this subject here before.
I was an early adopter of Norton Anti-Virus when Peter Norton owned it. It, along with the even better Norton Utilities saved my bacon more than once when running Apple's Classic OS. At the time I would have recommended it to most any Mac user. Then Symantec bought Peter out and things went rapidly down hill. The last chance I gave them to get it back on track was SystemWorks 2.0 and Internet Security 1.0 back in the OS 9 era. Despite a number of bug fix releases, I had to disable most of it and then remove it entirely. That's the last time I actually ran a Norton product on any of my Macs.
So I have no current experience with either NAV or the new iAntiVirus at this point and can't speak with authority on their worth. So feel free to ignore anything else I may have to say here.
I guess my bottom line would be that I think it has an undeserved bad reputation based on user experience from many years ago. I don't remember the last time I read a first person account of individual user issues in modern times. You chose your words carefully, which is appropriate, but I'll bet there are a lot of "experts" here who condemn it without ever having recent hands on experience.
There are a lot of reasons for their reputation, most well deserved. It's been said that Symantec never invented a single piece of software (not sure that's true any more, either), but rather purchased the works of others to either kill the competition or enhance their bottom line. They were a very different company in those days, with a different management style, etc.
So I wouldn't be surprised if it turned out to be at least as good as whatever has the best reputation among Commercial Mac A-V vendors today. They seem to be on top of most all the OS X malware, even though they don't spend a lot of time blogging about it. I know a lot of IT professionals who swear by their enterprise level software. I suspect that their software no longer behaves any worse than the others that operate at the kernel extension level (always dangerous for third parties). But their reputation seems to be their unending albatross.
I hope madmacs0 will not mind me copying his post like this.

Using OSX 10.6.8, recently been having popups, think it's adware/malware from MediaDownloader, one of the first pop ups to occur. The second pop up to occur was Trojanalert. Never had a virus on this computer. Please help remove.

I'm currently using OSX 10.6.8, 2.4GHz Intel Core 2 Duo Processor, 2 GB 667 MHz DDR2 SDRAM Memory. I am not able to upgrade the operating system, and the computer still has 67 GB of memory on the harddrive. I don't use it for anything very intense, mostly internet browsing. I was at a hotel over the weekend and connected to their free wifi. Once back home, two days later, I started receiving pop ups in Chrome. The first was MediaDownloader, so I assume that is the culprit. The second pop up to occur was Trojanalert. I looked through some online community forums and was pointed towards downloading and running AdwareMedic. My operating system does not support this program. Next I read up on how to examine libraries and extensions to find the issue. I'm not well versed in this, but I followed the directions and did not find any malicious looking extensions or items in the libraries. Before looking for the "thing" to remove, I backed up my computer as recommended.
I have never, to my knowledge, had a virus on this computer. I have never experienced pop ups, and I very rarely download any program, especially not software included with other programs.
Could someone recommend a virus/adware/malware utility that will find and remove this issue or provide me with a detailed set of instructions on how to find the issue and then correct it? Are there free online scans or removal tools that are trusted and could help? Also, if I should be posting this somewhere else, please let me know. I have not used this community tool much at all. Thank you in advance for any assistance.

First, thanks for the quick response. This is the website that I looked at and was trying to follow. There are no extensions listed in my Safari, and the only two in Chrome are: Google Docs and Java for Browsing. In Firefox the only extension is Garmin Communicator 4.1.0.
To the best of my novice ability I followed the directions to look at the libraries and have not found malicious things there either. As I cannot upgrade to 10.7, is there anything else I'm missing? Again, I've tried my best to locate the cause, but I'm new to looking at files and paths. Nothing jumps out as abnormal or as something listed on thesafemac.com/arg .

My Mac Mini/Yosemite is new. But it now has malwares and Mac Keeper keeps popping up even after uninstalling.. Who can help?

Hi everyone,
My mac mini is new. I have a few issues with it.
But the most annoying is the malwares that infested it now. I have only been using it for about 3 weeks or so. Of course, I thought everything that popped up are safe to click and just standard to click. I don't know yet what's best. Either, I figure out how to remove these ads / malwares or I just thought of reformatting it and start anew with it.
What would you guys recommend and please include steps for me to follow. I'm no techy.
By the way, I do not see these extensions on my Finder files (Conduit, also known as Trovi, MyBrand, or Search Protect, etc.) As a matter of fact, my extensions folder is empty except for the Adblock and AdBlock Plus that I recently installed to kill the ads. However, it worked but it didn't stop MacKeeper and Facebook ads from popping to a new window each time I click a link, or just a space on a safari)
On YouTube, when I watch a video, every second, the other videos are pushed down for as long as i watch, they are kept being pushed down. These are done by ads that are being stopped by the AB and ABP. yes, the ads do not appear. Just a white space forever adding up. Very frustrating. Please help.
Thanks in advance!

How to uninstall MacKeeper - updated
How to Remove MacKeeper
Helpful Links Regarding Malware Problems
If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide, AdwareMedic, or Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support.
Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.
The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.
Fix Some Browser Pop-ups That Take Over Safari.
Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.
Quit Safari
Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.
Relaunch Safari
If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.
This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.
An excellent link to read is Tom Reed's Mac Malware Guide.
Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
See these Apple articles:
Mac OS X Snow Leopard and malware detection
OS X Lion- Protect your Mac from malware
OS X Mountain Lion- Protect your Mac from malware
OS X Mavericks- Protect your Mac from malware
About file quarantine in OS X
If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)
From user Joe Bailey comes this equally useful advice:
The facts are:
1. There is no anti-malware software that can detect 100% of the malware out there.
2. There is no anti-malware that can detect everything targeting the Mac.
3. The very best way to prevent the most attacks is for you as the user to be aware that
     the most successful malware attacks rely on very sophisticated social engineering
     techniques preying on human avarice, ****, and fear.
4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on
    your computer is intended to entice you to install their malware thinking it is a
    protection against malware.
5. Some of the anti-malware products on the market are worse than the malware
    from which they purport to protect you.
6. Be cautious where you go on the internet.
7. Only download anything from sites you know are safe.
8. Avoid links you receive in email, always be suspicious even if you get something
    you think is from a friend, but you were not expecting.
9. If there is any question in your mind, then assume it is malware.

Hello and Thank You for your help!, I recently uninstalled malware from my computer. Since then I cannot open my gmail account and retrieve my email. ail.

I removed the ASK tool bars from my computer and since then I keep being told the cookies is either enabled or disabled. I refreshed Firefox and that solved nothing it just erased somethings that I setup on my desktop. I'm not dump but I'm not that well versed in resolving this issue and I don't want to make matters worse.......please help! And thank you so much! One more thing......I can still retrieve my email using Explorer but chose not to because of the lack of support for XP which is what I have. Again Thank You

Good afternoon and thank you John99!... for the reply and advice to my problem the other day. To give some insite to the issue I presented...the ASK toolbar was somehow downloaded onto my laptop and I not knowing that it was as malware and dangerous to my computer at first I left there. I did not like the fact that it was there and how it seemed to take over my setup. Well I looked into it which was fairly easy and found out what I did about Mindspark...not good! I also discovered while trying to solve the problem after receiving you responseto this problem that JAVA ORACLE can carry the Ask toolbar thru their updates. When OKed an update I found it wanting to add the ASK toolbar. I know that in the past I have not allowed other things that carry the ASK toolbar to download this because I liked what I had already setup. Well some where along the way it got downloaded. Anyway...I tried what you had suggested and nothing has changed. I receive email's thru Exployer and bring up my desktop to get onto Mozilla. This is not working!!! I just want to get onto Firefox, click into gmail and anything else I want and use it!..I can assure you that the one thing I cannot do is get into my gmail. It wants to tell my about my cookies...I have pressed all the right buttons and this is not solving anything at all. I was wandering that if I remove Firefox and download it again will this solve the problem. And will I be able to use all the same information or will I find it telling me that someone else already has that email, password, name, etc. because it did not clear everything when I removed Firefox from my computer? Remember, I'm not an expert on computers so any information you may have or suggestions you can give would be highly appreciated but step by step details are also welcome and needed! Again...Thank You so much, truly! Diana12

Couldn't find the answer to this in any other forum about the MacProtector Malware. Please HELP!!!

I clicked on a link while reading a story about vegetarian athletes today and the MacProtector malware downloaded to my computer. I DID NOT install the application when the installer opened. I immediately started searching for support on what to do. I exited the installer and rebooted in safe mode. I found the program in the downloads menu and put it in the trash. I emptied my trash. I have looked through all of the possible places the program could be hiding and I did not see anything. Am I safe? Should I still change my password? Also, will the virus be able to find my credit card information linked to iTunes or any other shopping websites? Should I start using Foxfire permanently instead of safari?
I would appreciate any help- even though I know this has been discussed quite a bit!

Hi, here is how to remove it by yourself...
http://goo.gl/J7R6A
Script that I create which, will help you remove it ..... (Let me know using the contact at that site.)
http://goo.gl/rGV62
What is does.
Depending on the version it just creates a bunch of random fake notification and claims your infected. If you keep getting it then most likely you have Allow popups and "Open Safe files" in safari on. The only damage is if you give the criminals that created it your Credit Card.
It is changing so it depend on the version but these two links should help.

Malware help

Similar Messages

Maybe you are looking for