Q: Unwanted ads in Safari (nothing seems to work)

Hi ..

If you haven't tried this, the next time that happens ...

Force Safari to close. The next time you open Safari, hold down the Shift key while Safari opens. This prevents Safari from automatically reopening any windows.

Ok ..

You've tried history and cache and that didn't help so try removing cookies.

From your Safari menu bar click Safari > Preferences then select the Privacy tab then click:  Remove All Website Data then quit and relaunch Safari to test.

And check Safari > Preferences > Security. Make sue:  Block pop-up windows is selected.

If nothing above helped, please run EtreCheck then copy and paste the results in your Reply.

No personal data is shared from your report.

Hopefully that will reveal why you're seeing the pop up ads.

Those apps aren't finding anything because there's nothing to find... your system has nothing I'd consider suspicious installed (unless you count Avast, which I don't think much of, but which isn't causing that issue).

If you had a laptop, I'd say to try testing on a different network and see if that solves the problem. Since you're on an iMac, that's more difficult. Instead, try rebooting in recovery mode, by holding down command-R at startup. Once booted into recovery mode, you should see a window with only four options, one of which is Get Help Online. Click that item, which will open a clean copy of Safari, running on a clean system. Do you see the same problem when browsing this way? If so, it's a problem with your network, not with software installed on your computer.

You may have installed ad-injection malware ("adware").

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

Back up all data first.

If you're not already running the latest version of OS X, updating or upgrading in the App Store may cause the adware to be removed automatically. If you are already running the latest version, please log out or restart the computer. Again, some kinds of malware will be removed—not all. There is no such thing as automatic removal of all possible malware, either by OS X or by third-party software. That's why you can't rely on software to protect you.

If the malware is removed in your case, you'll still need to make changes to the way you use the computer to protect yourself from further attacks. Ask if you need guidance.

If the malware is not removed automatically, see below.

This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.

Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. The malware will be disabled temporarily.

Step 1

Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

          Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

Leave the folder open for now.

Step 2

Do as in Step 1 with this line:

/Library/LaunchAgents

The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

Step 3

Repeat with this line:

/Library/LaunchDaemons

This time the folder will be named "LaunchDaemons."

Step 4

Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

Step 5

If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

Uninstall Avast. It isn't needed and can interfere with normal computer operation.

Avast

Avast Un-install

Safari/Browsers - Eliminating browser redirects and advertisements

Safari/Browsers - Eliminating browser redirects and advertisements (2)

Maciek Lazowski wrote:

 

thomas_r. I've tried that and the ads were still in Safari.

Just to be clear: you had restarted in recovery mode (which looks nothing like starting up normally), then started Safari from the Get Help Online option, and you still saw the same ads in that copy of Safari running in recovery mode?

If that's the case, the issue has nothing to do with anything installed on your computer. The problem is most likely due to a hacked piece of network hardware, either your cable/DSL modem or your wireless router (which could be one and the same). For help with that, see:

https://support.malwarebytes.org/customer/portal/articles/2049288-?b_id=9511

(Fair disclosure: The link I have provided goes to a page belonging to the company I work for - Malwarebytes - and that has links to pages that promote my product.)

Maciek Lazowski wrote:

 

 

I'll update my OS (I'm still using Yosemite) and see what happens.

Be cautious about that, especially if you plan to upgrade to El Capitan. Before any major upgrade, always back up your computer thoroughly and make sure that all the software and hardware that you rely on will work with the new system. I'm not aware of any issues with upgrading from Yosemite to El Capitan, but regardless, an upgrade is never something to rush into.

Also, see my previous response... if my summary of what you did and what you saw is correct, then the problem will not be fixed by upgrading the system.

That is a bit of a puzzler, but nonetheless, the test is definitive - if the problem is happening in recovery mode, it's happening in a completely separate, clean system and a completely separate, clean copy of Safari, and that means it's not being caused by anything installed on your computer.

One possibility is that, in this particular case, it's only designed to affect Safari on Mac OS X, although that would be a bit weird. Another possibility is that there are ad blockers or something similar installed on all those other systems/browsers that are blocking the ads in those cases.

From the menu bar, please select

           ▹ System Preferences... ▹ Network ▹ Advanced... ▹ DNS

Under DNS Servers you should have one or more numerical addresses, such as “192.168.1.1” or “10.0.0.1”. What are those addresses?