binkasorus

Q: Safari Redirects and Ransom Websites

Within the last few days my iMac has been plagued by redirects and popups from ransom websites.  The redirects come while trying to read stories from legitimate news sites such as CNN.com, etc.  When I click on a link to read a story, I see random URL's appear in the safari address line and I am taken to various random websites that are loaded with ad's and other nonsense.  I also get more than my share of "ransom popups" as well as the Truvi homepage being set as my default home page in safari.  I have tried to remedy this problem using the techniques described in support postings but nothing seems to work.

 

I also downloaded Malwarebytes Anti-Malware and followed the directions to scan my system, remove the malware that it found, restart but the problems still exist.

 

I am running OS X Yosemite 10.10.5 and Safari 9.1.1 which I updated to the latest level yesterday.

 

I have read articles instructing me to search the LaunchAgents & LaunchDaemons folders and remove suspicious files but I am not sure what these files are and if I should remove them.

 

The contents of the directories are as follows:

 

~/Library/LaunchAgents

~/Library/LaunchAgents/com.apple.CSConfigDotMacCert-myname@me.com-SharedServices.Agent.plist

~/Library/LaunchAgents/com.spotify.webhelper.plist

 

Library/LaunchAgents

file:///Library/LaunchAgents/com.google.keystone.agent.plist

file:///Library/LaunchAgents/com.oracle.java.Java-Updater.plist

 

Library/LaunchDaemons

file:///Library/LaunchDaemons/com.abbreviatory.plist

file:///Library/LaunchDaemons/com.bija.plist

file:///Library/LaunchDaemons/com.calkin.plist

file:///Library/LaunchDaemons/com.Chlorococcales.plist

file:///Library/LaunchDaemons/com.communistic.plist

file:///Library/LaunchDaemons/com.endocrinologist.plist

file:///Library/LaunchDaemons/com.google.keystone.daemon.plist

file:///Library/LaunchDaemons/com.malwarebytes.MBAMHelperTool.plist

file:///Library/LaunchDaemons/com.microdistillation.plist

file:///Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

file:///Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

file:///Library/LaunchDaemons/com.prepatellar.plist

file:///Library/LaunchDaemons/com.pretemporal.plist

file:///Library/LaunchDaemons/com.retrogastricUpd.plist

file:///Library/LaunchDaemons/com.unbridged.plist

file:///Library/LaunchDaemons/com.unfortifiable.plist

 

 

I am at a loss as to what to do next as well as what to do to prevent this problem from happening in the future.  If there is more info that I can provide, please let me know.  Also some suggestions on best practices for Safari preferences would be helpful.

 

Thanks in advance for your help.

iMac (27-inch Mid 2011), OS X Yosemite (10.10.5), Safari 9.1.1

Posted on Jun 1, 2016 5:41 PM

Close

Q: Safari Redirects and Ransom Websites

  • All replies
  • Helpful answers