Q: Safari Redirects and Ransom Websites
Within the last few days my iMac has been plagued by redirects and popups from ransom websites. The redirects come while trying to read stories from legitimate news sites such as CNN.com, etc. When I click on a link to read a story, I see random URL's appear in the safari address line and I am taken to various random websites that are loaded with ad's and other nonsense. I also get more than my share of "ransom popups" as well as the Truvi homepage being set as my default home page in safari. I have tried to remedy this problem using the techniques described in support postings but nothing seems to work.
I also downloaded Malwarebytes Anti-Malware and followed the directions to scan my system, remove the malware that it found, restart but the problems still exist.
I am running OS X Yosemite 10.10.5 and Safari 9.1.1 which I updated to the latest level yesterday.
I have read articles instructing me to search the LaunchAgents & LaunchDaemons folders and remove suspicious files but I am not sure what these files are and if I should remove them.
The contents of the directories are as follows:
~/Library/LaunchAgents
~/Library/LaunchAgents/com.apple.CSConfigDotMacCert-myname@me.com-SharedServices.Agent.plist
~/Library/LaunchAgents/com.spotify.webhelper.plist
Library/LaunchAgents
file:///Library/LaunchAgents/com.google.keystone.agent.plist
file:///Library/LaunchAgents/com.oracle.java.Java-Updater.plist
Library/LaunchDaemons
file:///Library/LaunchDaemons/com.abbreviatory.plist
file:///Library/LaunchDaemons/com.bija.plist
file:///Library/LaunchDaemons/com.calkin.plist
file:///Library/LaunchDaemons/com.Chlorococcales.plist
file:///Library/LaunchDaemons/com.communistic.plist
file:///Library/LaunchDaemons/com.endocrinologist.plist
file:///Library/LaunchDaemons/com.google.keystone.daemon.plist
file:///Library/LaunchDaemons/com.malwarebytes.MBAMHelperTool.plist
file:///Library/LaunchDaemons/com.microdistillation.plist
file:///Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
file:///Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
file:///Library/LaunchDaemons/com.prepatellar.plist
file:///Library/LaunchDaemons/com.pretemporal.plist
file:///Library/LaunchDaemons/com.retrogastricUpd.plist
file:///Library/LaunchDaemons/com.unbridged.plist
file:///Library/LaunchDaemons/com.unfortifiable.plist
I am at a loss as to what to do next as well as what to do to prevent this problem from happening in the future. If there is more info that I can provide, please let me know. Also some suggestions on best practices for Safari preferences would be helpful.
Thanks in advance for your help.
iMac (27-inch Mid 2011), OS X Yosemite (10.10.5), Safari 9.1.1
Posted on Jun 1, 2016 5:41 PM
Dj-Anon,
Removing those files from the LaunchDaemons folder seemed to do the trick!!!
Thank you so much!!!
Posted on Jun 1, 2016 6:39 PM