1 2 Previous Next 15 Replies Latest reply: Jun 8, 2013 2:24 PM by pennbank
Hasmif Level 1 Level 1 (0 points)

I received an email that told me my Facebook account was blocked.  Since I don't have one under that email address I tried to forward the email to Facebook security as a potential scam.  As soon as I clicked the forward button, strange things started happening.  It opened up Safari and it started downloading something called "Microdosft Antivirus 2013" and it went right to my downloads then seemed to take over Safari.  The only thing I did was to try to forward the email.

 

After that every time I opened Safari it kept telling me I had a Microsoft Security allert of potential threats (its lists three viruses) and it asked me to click on "clean computer" immediately.  Of course I didn't.  It had a couple other places to click and windows to expand but I left it all alone.

 

The only problem is that every time I tried to open safari after that happened, it kept going back to this page - like its locked me out of safari and it won't let me use it until I "clean computer".

 

I reset Safari chosing all the options for the reset including getting rid of passwords, etc. but Safari now freezes when I try to shut it down and I have to Force Quit every time so I switched to another browser.

 

Does anyone know how I can uninstall Safari and reinstall it?

 

I'm going to reinstall MacKeeper and see if it can help.  I had to remove it a while ago because I was getting conflicts none of the techies could solve that they thought were being caused by MacKeeper.  Guess I should have kept it on?!.

 

Its almost 1am.  I hate the bastards who create this crap.  I would love to have some hacker send viral emails to them that steal their passwords and make their lives **** to teach them a lesson.


MacBook Pro (15-inch Mid 2010), Mac OS X (10.7.5)
  • 1. Re: Potential Virus through email on my Mac
    clintonfrombirmingham Level 7 Level 7 (28,675 points)

    Don't reinstall MacKeeper - it's crapware and malware of the worst kind.

     

    Before you do anything drastic, download, install and run the free Sophos for Mac to see, if in fact, any malware can be found. Something highjacked your system, that's for sure, but only an erase of your hard drive and a reinstallation of your system would 'fix' anything.

     

    Try Sophos first - if no malware is found, you're just going to have to erase your drive and install OS X anew.

     

    Clinton

  • 2. Re: Potential Virus through email on my Mac
    thomas_r. Level 7 Level 7 (27,960 points)

    I'm not sure exactly what happened, but there isn't any malware for Macs that can install simply through reading or forwarding an e-mail message in Mail. I suspect that you must have clicked a link in the e-mail message, which was probably designed to direct Windows users to that particular site in order to fool them into downloading malware. (The old "fake anti-virus" trick is quite popular on Windows. There are no fake anti-virus trojans for the Mac at this time.)

     

    In Mac OS X 10.7.5, when you open an app like Safari, it will try to re-open whatever you had open when it quit. If you quit Safari every time that site loaded, it would re-load the next time you opened Safari, unless you hold down the shift key while opening Safari. Try doing that now, and see if you can get Safari to open, close and otherwise behave normally once that site stops loading.

     

    Avoid MacKeeper altogether. Not only is it pretty much worthless at detecting modern Mac malware (see Mac anti-virus detection rates), but it has also been known to cause major performance problems and even to damage people's systems to the point that reinstalling is necessary.

     

    To learn more about Mac malware in general, see my Mac Malware Guide.

  • 3. Re: Potential Virus through email on my Mac
    Linc Davis Level 10 Level 10 (118,290 points)

    Quit Safari (by force if necessary.) Relaunch it by holding down the shift key and clicking its icon in the Dock. That will stop the page from reloading automatically. Select Safari Preferences Privacy Remove all website data to get rid of any cookies or other data left by the server. Open your Downloads folder and delete anything you don't recognize.

  • 4. Re: Potential Virus through email on my Mac
    Hasmif Level 1 Level 1 (0 points)

    Thanks Clinton.  I panicked.  Its been 7 years since I've used a PC on a regular basis that it freaked me out completely!

     

    I am going to do everything you, Thomas and Linc have suggested. I had MAJOR problems with MacKeeper so thanks for the heads up on Sophos.  I've been reluctant to reinstall MacKeeper since I've been problem-free since I got rid of it. I'm looking into Sophos. I unplugged my back up drive this morning before turning on the computer to be safe - no sense having it back up a potential virus.

     

    The rest of my computer, except for Sarafi and now Opera are acting normally. Opera wouldn't open but i often have problems with it.  Safari still needs to be forced to quit.

     

    I must have clicked on a link as Thomas suggests without realizing it.  The same email downloaded on my iPad and I grabbed a screen shot of the email before deleting it. I wasn't willing to play around and try forwarding it on the iPad to see what would happen although I was curious.  It was way too late and I was trying to finish up and go to bed so its possible I clicked on a link.  It was not a concious action as we're savvy enough not to buy into emails like that.

     

    I should have gone to bed earlier and risen early!  Teach me a lesson to scramble to get stuff done when I'm really tired.

     

    I appreciate your help and feedback and the speed at which you responded.

     

    Thank you and Merry Christmas!

  • 5. Re: Potential Virus through email on my Mac
    Hasmif Level 1 Level 1 (0 points)

    Thomas, you are probably right and that I clicked on something.  As I replied above, I was way too tired to be doing what I was doing and I guess it serves me right....should have gone to bed.


    Thanks for your quick feedback and help.  I will look at the Mac Malware Guide.

     

    I do know that Safari will reopen the last windows...the only problem is that it wouldn't let me click on any of my other open windows..Everything was greyed out, inaccessible unless I clicked on "ok" that took me to a page that tried to tell me my computer was infected.

     

    So I reset Safari deleting all, especially passwords (only a few were saved) but now its acting weird so I'll follow up the suggestions from everyone and try to get rid of this - if there's anything there at all.

     

    If I can get through this week, I'll happily wipe and clean up my computer after Christmas. Its not a bad thing if you have a back up!

     

    Thanks again and Merry Christmas.


    Hasmi

  • 6. Re: Potential Virus through email on my Mac
    Hasmif Level 1 Level 1 (0 points)

    Linc!


    Thanks.  Wish I'd known about the Shift Key before!  Thanks for that.  I'll have to stickie it onto my monitor until I remember it.  Couldn't remember how to do a screen grab on the computer either....or I would have grabbed an image of each screen it took me too.

     

    Thanks again - happy holidays and my your computer and your Christmas Turkey be virus free!

     

    I really appreciate your feedback!

     

    Hasmi

  • 7. Re: Potential Virus through email on my Mac
    Linc Davis Level 10 Level 10 (118,290 points)

    You should be aware that you don't have a malware infection, and that Sophos is completely useless on a Mac. Worse than useless, in fact. It will do nothing to protect you from malware that the built-in protection doesn't already do, but it will slow down and destabilize the whole system.

  • 8. Re: Potential Virus through email on my Mac
    Hasmif Level 1 Level 1 (0 points)

    Okay thanks.  I was reading a bit on its website and was just about to start reading reviews.


    Why are MacKeepr and Sophos so problematic?  I can't tell you how relieved I was to get rid of MacKeeper and I don't want to go through all that with Sophos again.  Good to know before I wipe and rebuild the drive.

     

    Can I ask you another question?  Lately I've been having problems with my Mail (Apple) program where it freezes, won't delete emails I ask it to (brings them back on restart), saves copies after sending them.  I use OS 10.7.5 (the one before Mountain Lion).  I have noticed this only happens when Adobe Acrobat is open.  And its only been the last four weeks its been happening.  Unfortunately I use Acrobot for half the docs I get sent to me.


    Have you encountered this?  I can't find anything on the forums but I may be using the wrong words and phrases to look up the problem.

     

    Thought I'd work on solving it after the holidays but if you have any clues, I'd appreciate it.  Thanks!

  • 9. Re: Potential Virus through email on my Mac
    Linc Davis Level 10 Level 10 (118,290 points)

    Your other question is unrelated. I suggest you start a new thread to address it.

     

    This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.

    All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.

     

    Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be sure that it hasn't been modified by anyone other than the developer. His identity is known, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
    Note, however, that there are some caveats concerning Gatekeeper:
    • It can be disabled or overridden by the user.
    • It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
    • It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
    • A malware attacker could get control of a code-signing certificate under false pretenses. The certificate would eventually be revoked, but probably not before some damage was done.
    For more information about Gatekeeper, see this Apple Support article.

     

    That being said, the best defense against malware is your own intelligence. All known malware on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know a source is untrustworthy?
    • Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
    • A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
    • “Cracked” copies of commercial software downloaded from a bittorrent are likely to be infected.
    • Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
    Java on the network (not to be confused with JavaScript, to which it's not related) is a weak point in the security of any operating system. If a Java web plugin is not installed, don't install it unless you really need it. If it is installed, you should disable it (not JavaScript) in your web browsers. Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in OS X 10.5.8 or earlier, because Java in those obsolete versions has known security flaws that make it unsafe to use on the Internet. The flaws will never be fixed. Regardless of version, experience has shown that Java can never be fully trusted, even if no vulnerabilities are publicly known at the moment.

    Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.

    Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
      
    Why shouldn't you use commercial "anti-virus" products?
    • Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
    • In order to meet that nonexistent threat, the software duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability and poor performance.
    • By modifying the system, the software itself may create weaknesses that could be exploited by malware attackers.
    ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. Using it to delete or move email messages can corrupt the Mail database. Such messages must be deleted from within the Mail application. ClamXav is not needed for protection against OS X malware. It's useful only for detecting Windows malware. If you don't need to do that, avoid it. Windows malware can't harm you directly. Just don't pass it on to anyone else.
        
    The greatest danger posed by anti-virus software, in my opinion, is its effect on human behavior. When people install such software, which does little or nothing to protect them from emerging threats, they get a false sense of security from it, and then they may do things that make them more vulnerable. Nothing can lessen the need for safe computing practices.
      
    It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, like a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use.

  • 10. Re: Potential Virus through email on my Mac
    Hasmif Level 1 Level 1 (0 points)

    Thanks!  That was great info. 

  • 11. Re: Potential Virus through email on my Mac
    thomas_r. Level 7 Level 7 (27,960 points)

    Why are MacKeepr and Sophos so problematic?

     

    MacKeeper is a problem because it's junky software marketed by a very unethical company. The only way the company keeps selling it is through extremely aggressive marketing to people who they fool into believing that they need all the things MacKeeper does.

     

    As for Sophos, Linc and I have very differing opinions. It is one of the few anti-virus apps that I recommend. I don't believe that anti-virus software is necessary for most folks, but for those at higher risk, it works well. You have the most current version of Lion (Mac OS X 10.7), so you would not be likely to need anti-virus software at this time.

  • 12. Re: Potential Virus through email on my Mac
    Hasmif Level 1 Level 1 (0 points)

    Can I offer a sincere thank you to both you and Linc?  I mean it.  I have not used this forum before - I've searched it for info but I can't remember ever posting a question for help.


    The way you have both responded is incredible and I feel much better having more information.

     

    I panicked last night!  I over-reacted but it was just so weird.  I guess I'd gotten used to viruses happening all the time on my PC...but never on my Macs. 

     

    So thank you and Linc for everything because having this kind of feedback is invaluable when there are so many general myths in the virus protecton world that can send someone into a tailspin.  Even though you don't agree on Sophos, that's cool.  I can go from here and continue reading reviews, research, etc., without panicking.

     

    Hasmi

  • 13. Re: Potential Virus through email on my Mac
    thomas_r. Level 7 Level 7 (27,960 points)

    I'm glad we were able to help!

  • 14. Re: Potential Virus through email on my Mac
    OtterWithPigs Level 1 Level 1 (0 points)

    Sorry to bump an old thread, but I just wanted to share my own experience. I personally love MacKeeper. I use the Duplicates Finder feature all the time! It’s definitely a slow process, but it’s very, very effective.

     

    What I do not like about MacKeeper is the Kaspersky Antivirus that is, by deafult, installed with it. That app is horrific. I not only experienced slowdowns but was completely unable to shut down my machines until I uninstalled it. (They all froze on shutdown.)

     

    Just my 2¢.

1 2 Previous Next