HT202480: Using network locations (Mac OS X v10.6 and later)

Learn about Using network locations (Mac OS X v10.6 and later)
jpesognelli

Q: browser can access HTTPS but not HTTP sites

I recently had several pop ups on a site I visited. I ran malware bytes and cleaned up the system. Right after this happened, I was unable to visit HTTP sites. My browsers (Safari and Firefox) will connect to secure sites (HTTPS) but I get the error message:

 

Unable to connect

Firefox can't establish a connection to the server at________

 

I ran a few virus scans and no virus was detected. I uninstalled Firefox and reinstalled a clean version. I changed the DNS settings to an open DNS. I still cant get on HTTP sites.

iMac, OS X El Capitan (10.11.5)

Posted on Jun 7, 2016 7:12 AM

Close

Q: browser can access HTTPS but not HTTP sites

  • All replies
  • Helpful answers

  • by MrHoffman,Helpful

    MrHoffman MrHoffman Jun 8, 2016 8:24 AM in response to jpesognelli
    Level 6 (15,627 points)
    Mac OS X
    Jun 8, 2016 8:24 AM in response to jpesognelli

    Remove any add-on security tools, any add-on anti-malware tools, any add-on anti-virus tools, any add-on security tools, any add-on network optimizing tools, any add-on performance-enhancing or add-on cache-cleaning or add-on system-optimizing tools — removals per the respective vendors' removal instructions — and then disable or remove any Safari add-ons and any Firefox add-ons, reboot through Safe Mode to refresh the boot caches, and try again.

     

    Add-on security tools, malware and adware can and variously have caused this behavior.

     

    If that fails, post the output of Etrecheck here, and somebody can take a look.

  • by jpesognelli,

    jpesognelli jpesognelli Jun 8, 2016 8:36 AM in response to MrHoffman
    Level 1 (4 points)
    Mac OS X
    Jun 8, 2016 8:36 AM in response to MrHoffman

    Thank you for the recommendation. I only had a few add ons in Firefox and Safari, but I did remove Maleware Bytes prior to booting in safe mode. One of the things that I forgot to mention in my previous post was I had rebooted in safe mode prior to your recommendation. Everything worked fine for about 10 minutes then the system reverted back to the popups and not being able to connect to http sites. I kept it in safe mode for about an hour this time to make sure everything didn't revert back to same problem. Everything A-OK. Thanks again!

  • by BobHarris,

    BobHarris BobHarris Jun 8, 2016 10:16 AM in response to jpesognelli
    Level 6 (19,395 points)
    Mac OS X
    Jun 8, 2016 10:16 AM in response to jpesognelli

    Check to see if you have a proxy server setting

    System Preferences -> Network -> Advanced -> Proxies

     

    If there is an entry for "[x] Web Proxy (HTTP)"

    but nothing for "[_] Secure Web Proxy (HTTPS)"

     

    then it is possible that normal HTTP traffic is having proxy server (or missing proxy server) interference, but HTTPS is not being routed to a proxy server.

     

    The opposite could be true, if a Proxy Server is needed, such as at a large company that requires a proxy server to get out to the internet, then if HTTPS has a proxy server entry and HTTP does not, then only HTTPS could get outside the company's firewall.

     

    It all depends on your specific situation.

  • by MrHoffman,Solvedanswer

    MrHoffman MrHoffman Jun 8, 2016 10:55 AM in response to jpesognelli
    Level 6 (15,627 points)
    Mac OS X
    Jun 8, 2016 10:55 AM in response to jpesognelli

    If Safe Mode works, then it's likely that add-on dreck lurks here.

     

    Adware, malware, malicious apps, etc.


    Finding and extracting dreck can be an adventure.


    Post the Etrecheck output, as a starting point.  Maybe something will show up in the diagnostic report that produces.


    Is this a private residential network, or a school or commercial network?   The latter can have tools that intercept data and either local proxies or automatic proxies can be configured — though those sorts of network-monitoring and network-logging devices are not usually thwarted by Safe Mode.

  • by jpesognelli,

    jpesognelli jpesognelli Jun 8, 2016 1:45 PM in response to MrHoffman
    Level 1 (4 points)
    Mac OS X
    Jun 8, 2016 1:45 PM in response to MrHoffman

    EtreCheck version: 2.9.12 (265)

    Report generated 2016-06-08 13:11:04

    Download EtreCheck from https://etrecheck.com

    Runtime 3:41

    Performance: Good

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

    Click the [Remove] links to remove adware.

    Click the [Check files] link for help with unknown files.

     

    Problem: Other problem

    Description:

    Large amount of pop ups on browser. Browser will not open web sites that are not secure (HTTP) but will open HTTPS. I tried to click out of one pop up and it redirected me to a **** site.

     

    Hardware Information:

        iMac (21.5-inch, Late 2009)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        iMac - model: iMac10,1

        1 3.06 GHz Intel Core 2 Duo CPU: 2-core

        4 GB RAM Upgradeable - [Instructions]

            BANK 0/DIMM0

                Empty  

            BANK 1/DIMM0

                Empty  

            BANK 0/DIMM1

                2 GB DDR3 1067 MHz ok

            BANK 1/DIMM1

                2 GB DDR3 1067 MHz ok

        Bluetooth: Old - Handoff/Airdrop2 not supported

        Wireless:  en1: 802.11 a/b/g/n

     

    Video Information:

        NVIDIA GeForce 9400 - VRAM: 256 MB

            iMac 1920 x 1080

     

    System Software:

        OS X El Capitan 10.11.5 (15F34) - Time since boot: about one day

     

    Disk Information:

        ST3500418ASQ disk0 : (500.11 GB) (Rotational)

            EFI (disk0s1) <not mounted> : 210 MB

            Macintosh HD (disk0s2) / : 499.25 GB (94.44 GB free)

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

     

        HL-DT-ST DVDRW  GA11N   ()

     

    USB Information:

        Apple Computer, Inc. IR Receiver

        Apple Inc. BRCM2046 Hub

            Apple Inc. Bluetooth USB Host Controller

        Apple Inc. Built-in iSight

        Apple Card Reader

     

    Gatekeeper:

        Mac App Store and identified developers

     

    Adware:

        /Library/LaunchDaemons/com.symbiotUpd.plist

        One adware file found. [Remove]

     

    Unknown Files:

        /Library/LaunchDaemons/com.Andarko.plist

            /etc/Andarko.sh

        /Library/LaunchDaemons/com.Kuhnia.plist

            /etc/Kuhnia.sh

        /Library/LaunchDaemons/com.Orobanchaceae.plist

            /etc/Orobanchaceae.sh

        /Library/LaunchDaemons/com.agallochum.plist

            /etc/agallochum.sh

        /Library/LaunchDaemons/com.anerly.plist

            /etc/anerly.sh

        /Library/LaunchDaemons/com.anticommunist.plist

            /etc/anticommunist.sh

        /Library/LaunchDaemons/com.antiquary.plist

            /etc/antiquary.sh

        /Library/LaunchDaemons/com.bennel.plist

            /etc/bennel.sh

        /Library/LaunchDaemons/com.compresbyter.plist

            /etc/compresbyter.sh

        /Library/LaunchDaemons/com.couple.plist

            /etc/couple.sh

        /Library/LaunchDaemons/com.funnel.plist

            /etc/funnel.sh

        /Library/LaunchDaemons/com.genipa.plist

            /etc/genipa.sh

        /Library/LaunchDaemons/com.hydrophilous.plist

            /etc/hydrophilous.sh

        /Library/LaunchDaemons/com.isocheimonal.plist

            /etc/isocheimonal.sh

        /Library/LaunchDaemons/com.perishableness.plist

            /etc/perishableness.sh

        /Library/LaunchDaemons/com.phallin.plist

            /etc/phallin.sh

        /Library/LaunchDaemons/com.poltroonishly.plist

            /etc/poltroonishly.sh

        /Library/LaunchDaemons/com.spet.plist

            /etc/spet.sh

        /Library/LaunchDaemons/com.submontaneous.plist

            /etc/submontaneous.sh

        /Library/LaunchDaemons/com.syncracy.plist

            /etc/syncracy.sh

        /Library/LaunchDaemons/com.temperature.plist

            /etc/temperature.sh

        /Library/LaunchDaemons/com.unfissile.plist

            /etc/unfissile.sh

        /Library/LaunchDaemons/com.upgrowth.plist

            /etc/upgrowth.sh

        /Library/LaunchDaemons/com.uroinnris.plist

        /Library/LaunchDaemons/com.vacuefy.plist

            /etc/vacuefy.sh

        /Library/LaunchDaemons/com.yelp.plist

            /etc/yelp.sh

        ~/Library/LaunchAgents/com.user.UninstallAD.plist

            ~/Library/Application Support/ErrorReporter/UninstallAD.app/Contents/MacOS/UninstallAD

        27 unknown files found. [Check files]

     

    Kernel Extensions:

            /System/Library/Extensions

        [not loaded]    com.seagate.driver.PowSecDriverCore (5.2.4 (26840) - SDK 10.4 - 2016-06-03) [Support]

     

            /System/Library/Extensions/Seagate Storage Driver.kext/Contents/PlugIns

        [not loaded]    com.seagate.driver.PowSecLeafDriver_10_4 (5.2.4 (26840) - SDK 10.4 - 2014-02-03) [Support]

        [not loaded]    com.seagate.driver.PowSecLeafDriver_10_5 (5.2.4 (26840) - SDK 10.5 - 2014-02-03) [Support]

        [not loaded]    com.seagate.driver.SeagateDriveIcons (5.2.4 (26840) - SDK 10.4 - 2014-02-03) [Support]

     

    System Launch Agents:

        [not loaded]    8 Apple tasks

        [loaded]    160 Apple tasks

        [running]    61 Apple tasks

        [killed]    9 Apple tasks

        9 processes killed due to insufficient RAM

     

    System Launch Daemons:

        [running]    com.seagate.TBDecorator.plist (2011-10-24) [Support]

        [not loaded]    45 Apple tasks

        [loaded]    156 Apple tasks

        [running]    81 Apple tasks

        [killed]    9 Apple tasks

        9 processes killed due to insufficient RAM

     

    Launch Agents:

        [not loaded]    com.adobe.AAM.Updater-1.0.plist (2015-02-18) [Support]

        [failed]    com.adobe.ARMDCHelper.cc24aef4a1b90ed56a...plist (2016-05-12) [Support]

        [running]    com.canon.MFManager.plist (2012-05-22) [Support]

        [loaded]    com.google.keystone.agent.plist (2016-03-02) [Support]

        [loaded]    com.hp.help.tocgenerator.plist (2009-07-28) [Support]

        [loaded]    com.oracle.java.Java-Updater.plist (2014-12-08) [Support]

        [running]    com.seagate.SeagateStorageGauge.plist (2010-03-10) [Support]

     

    Launch Daemons:

        [failed]    com.Andarko.plist (2016-06-04) [Support]

        [failed]    com.Kuhnia.plist (2016-05-31) [Support]

        [failed]    com.Orobanchaceae.plist (2016-06-03) [Support]

        [loaded]    com.adobe.ARMDC.Communicator.plist (2016-05-12) [Support]

        [loaded]    com.adobe.ARMDC.SMJobBlessHelper.plist (2016-05-12) [Support]

        [failed]    com.adobe.fpsaud.plist (2016-05-09) [Support]

        [failed]    com.agallochum.plist (2016-06-01) [Support]

        [failed]    com.anerly.plist (2016-06-04) [Support]

        [failed]    com.anticommunist.plist (2016-06-03) [Support]

        [failed]    com.antiquary.plist (2016-06-04) [Support]

        [running]    com.bennel.plist (2016-06-07) [Support]

        [running]    com.cleverfiles.cfbackd.plist (2014-09-25) [Support]

        [failed]    com.compresbyter.plist (2016-06-07) [Support]

        [failed]    com.couple.plist (2016-06-06) [Support]

        [failed]    com.funnel.plist (2016-06-05) [Support]

        [failed]    com.genipa.plist (2016-06-04) [Support]

        [loaded]    com.google.keystone.daemon.plist (2016-03-02) [Support]

        [failed]    com.hydrophilous.plist (2016-06-03) [Support]

        [failed]    com.isocheimonal.plist (2016-06-04) [Support]

        [loaded]    com.malwarebytes.MBAMHelperTool.plist (2015-12-12) [Support]

        [loaded]    com.microsoft.office.licensing.helper.plist (2011-03-10) [Support]

        [loaded]    com.oracle.java.Helper-Tool.plist (2014-12-08) [Support]

        [failed]    com.perishableness.plist (2016-06-06) [Support]

        [failed]    com.phallin.plist (2016-06-01) [Support]

        [failed]    com.poltroonishly.plist (2016-05-31) [Support]

        [failed]    com.spet.plist (2016-06-07) [Support]

        [failed]    com.submontaneous.plist (2016-06-05) [Support]

        [not loaded]    com.symbiotUpd.plist (2016-05-31) Adware!  [Remove]

        [running]    com.syncracy.plist (2016-06-07) [Support]

        [failed]    com.temperature.plist (2016-05-31) [Support]

        [failed]    com.unfissile.plist (2016-06-03) [Support]

        [failed]    com.upgrowth.plist (2016-06-02) [Support]

        [not loaded]    com.uroinnris.plist (2016-05-28) [Support]

        [failed]    com.vacuefy.plist (2016-06-05) [Support]

        [failed]    com.yelp.plist (2016-06-04) [Support]

     

    User Launch Agents:

        [failed]    com.memeo.Memeod.plist (2014-09-26) [Support]

        [loaded]    com.user.UninstallAD.plist (2016-04-06) [Support]

     

    User Login Items:

        iTunesHelper    Application Hidden (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

        Skype    Application  (/Applications/Skype.app)

        HP Scheduler    Application  (/Library/Application Support/Hewlett-Packard/Software Update/HP Scheduler.app)

     

    Other Apps:

        [running]    /Library/uroinnris/uroinnris.app/Contents/MacOS/uroinnris

        [running]    com.canon.SLRuntimeLoader.95392

        [running]    com.etresoft.EtreCheck.162272

        [running]    com.hp.devicemonitor

        [running]    symbiotUpd.plist

        [loaded]    403 Apple tasks

        [running]    176 Apple tasks

        [killed]    18 Apple tasks

     

    Internet Plug-ins:

        o1dbrowserplugin: 5.41.3.0 - SDK 10.8 (2015-12-15) [Support]

        Default Browser: 601 - SDK 10.11 (2016-05-24)

        AdobeAAMDetect: AdobeAAMDetect 1.0.0.0 - SDK 10.6 (2015-02-18) [Support]

        AdobePDFViewerNPAPI: 15.016.20045 - SDK 10.11 (2016-06-04) [Support]

        FlashPlayer-10.6: 21.0.0.242 - SDK 10.6 (2016-06-03) [Support]

        Silverlight: 5.1.30317.0 - SDK 10.6 (2014-06-24) [Support]

        QuickTime Plugin: 7.7.3 (2016-05-24)

        Flash Player: 21.0.0.242 - SDK 10.6 (2016-06-03) [Support]

        googletalkbrowserplugin: 5.41.3.0 - SDK 10.8 (2015-12-11) [Support]

        iPhotoPhotocast: 7.0 (2010-04-09)

        AdobePDFViewer: 15.016.20045 - SDK 10.11 (2016-06-04) [Support]

        CANONiMAGEGATEWAYDL: 2.1.0.1 (2006-04-20) [Support]

        SharePointBrowserPlugin: 14.6.4 - SDK 10.6 (2016-06-02) [Support]

        CANONiMAGEGATEWAYLI: 2.1.0.1 (2006-04-20) [Support]

        JavaAppletPlugin: Java 8 Update 91 build 14 (2016-05-14) Check version

     

    User internet Plug-ins:

        fbplugin_1_0_3: Unknown (2010-02-25) [Support]

        WebEx64: 1.0 - SDK 10.5 (2012-11-08) [Support]

        Picasa: 1.0 (2009-12-14) [Support]

        fbplugin_1_0_1: Unknown (2010-02-12) [Support]

     

    3rd Party Preference Panes:

        Flash Player (2016-05-09) [Support]

        FUSE for OS X (OSXFUSE) (2014-06-09) [Support]

        Java (2016-05-14) [Support]

     

    Time Machine:

        Auto backup: YES

        Volumes being backed up:

            Macintosh HD: Disk size: 499.25 GB Disk used: 404.81 GB

        Destinations:

            Seagate Backup Plus Drive [Local]

            Total size: 3.00 TB

            Total number of backups: 14

            Oldest backup: 2/3/14, 11:18 PM

            Last backup: 6/4/16, 7:09 AM

            Size of backup disk: Excellent

                Backup size 3.00 TB > (Disk size 499.25 GB X 3)

     

    Top Processes by CPU:

             4%    WindowServer

             2%    kernel_task

             1%    fontd

             0%    systemstatsd

             0%    askpermissiond

     

    Top Processes by Memory:

        491 MB    kernel_task

        274 MB    mdworker(15)

        229 MB    Opera Helper(3)

        184 MB    Opera

        94 MB    Finder

     

    Virtual Memory Information:

        137 MB    Free RAM

        4.12 GB    Used RAM (763 MB Cached)

        258 MB    Swap Used

     

    Diagnostics Information:

        Jun 7, 2016, 02:17:14 PM    /Library/Logs/DiagnosticReports/bennel_2016-06-07-141714_[redacted].crash

            /Library/bennel/*/bennel

        Jun 7, 2016, 02:14:53 PM    /Library/Logs/DiagnosticReports/Skype_2016-06-07-141453_[redacted].hang

            /Applications/Skype.app/Contents/MacOS/Skype

        Jun 7, 2016, 02:05:30 PM    Self test - passed

        Jun 7, 2016, 01:56:59 PM    /Library/Logs/DiagnosticReports/firefox_2016-06-07-135659_[redacted].hang

            /Applications/Firefox.app/Contents/MacOS/firefox

        Jun 7, 2016, 01:12:42 PM    /Library/Logs/DiagnosticReports/firefox_2016-06-07-131242_[redacted].cpu_resour ce.diag [Details]

        Jun 7, 2016, 09:29:35 AM    /Library/Logs/DiagnosticReports/spet_2016-06-07-092935_[redacted].crash

            /Library/spet/*/spet

        Jun 7, 2016, 09:18:03 AM    /Library/Logs/DiagnosticReports/firefox_2016-06-07-091803_[redacted].cpu_resour ce.diag [Details]

        Jun 7, 2016, 09:11:38 AM    /Library/Logs/DiagnosticReports/spet_2016-06-07-091138_[redacted].crash

        Jun 6, 2016, 06:33:22 PM    /Library/Logs/DiagnosticReports/360SafeTray_2016-06-06-183322_[redacted].cpu_re source.diag [Details]

            /Library/Application Support/Qihoo/*/360SafeTray.app/Contents/MacOS/360SafeTray

     

  • by MrHoffman,Helpful

    MrHoffman MrHoffman Jun 9, 2016 8:40 AM in response to jpesognelli
    Level 6 (15,627 points)
    Mac OS X
    Jun 9, 2016 8:40 AM in response to jpesognelli

    More than a little of what's installed on this iMac is unfamiliar to me, and there's a lot of odd stuff attempting to start on that Mac (and more than a few of the plists look sketchy, based solely on the completely bogus DNS names being used), and much of it installed or modified in the last few weeks, and at least parts of some adware are getting flagged.

     

    I'd probably wipe the disk and reinstall this OS X box and only haul across my documents, just looking at what's loaded.  You're undoubtedly not going to want to do that, so I'd look to remove the adware that was detected, I'd also remove the Qihoo bits (360 Internet Security for Mac), and I'd figure out where all those odd plists came from and determine if they're legitimate (and poorly-integrated, named after random dictionary words) or if they're adware/malware.


    Not directly related: I'd get rid of Flash Player and related, as those have been targets for attacks in the past.  Opera uses piles of RAM and this iMac has some room for an upgrade — if you're going to use products that use lots of memory — Adobe and Google products tend to do that, for instance — then consider a memory upgrade.

  • by jpesognelli,

    jpesognelli jpesognelli Jun 9, 2016 9:00 AM in response to MrHoffman
    Level 1 (4 points)
    Mac OS X
    Jun 9, 2016 9:00 AM in response to MrHoffman

    I deleted the Qihoo bits and the Adobe Flash Player. When you say "Flash Player and related" in your post, what other applications should I consider removing? I have stopped using Firefox as a browser because of all of the problems with pop up ads and redirects. I have started using Opera. No issues so far. Amazing how many ads this browser blocks.


    I recognize some, but not all of the plist files when I first started having issues on Firefox. They would appear as popup windows asking my permission to open, which I denied. My guess is that they are malware. I've tried to locate them in Library but cant find them. Any suggestions where to look for them?

     

    I may eventually wipe it and start clean.

  • by MrHoffman,

    MrHoffman MrHoffman Jun 9, 2016 1:22 PM in response to jpesognelli
    Level 6 (15,627 points)
    Mac OS X
    Jun 9, 2016 1:22 PM in response to jpesognelli

    Reverse the plist file names and see if there's a web site associated — various of the failed startups seem to not be associated with web sites.  For instance, that com{dot}unfissle{dot}plist entry reverses to unfissile{dot}com (don't use the plist when you're checking), given how those names are traditionally formatted.   That domain name doesn't appear to have an associated web site, which makes me wonder if it's real, or if it's sketchy code, or if there's a corruption here.

     

    A lot of those (failed) entries are all around the same time, and more than a few seem associated with shell scripts located in a system directory such as /etc/unfissile.sh and that's somewhat unusual.

     

    Given how much odd stuff (odd to me, at least) is installed here, I'd either make a current backup or two and then erase and roll back to a backup from before those files, or would back up once or twice and then wipe the disk and reinstall OS X and then migrate in just the data files and not the apps from the old environment — who knows what else got hit, unfortunately.