ChickHearn
Level 1 (4 points)
Notebooks

Q: Malware/Virus Removal

I am using Chrome and getting persistent pop-ups of the "update flash" type.  I think that I have encountered this in Safari as well, but haven't been able to confirm that for the purpose of this post.  URL's I frequently encounter include:

 

cdn.freefarcy

onlineupgrade.alwaysnewupdatesforeveryone2016...

upgrade.yoursoftparadise...

getsoftnow.normalupdate4everyone...

upgrade.updatesforeveryone2016...

check4upgrade.yourmuchbettersoft...

 

etc. etc.

 

This type issue is well-documented, but I cannot seem to get rid of it.  I have tried the following:

 

1. A Malwarebytes anti-malware scan and removal.  It removed pagerpost, but subsequent scans have come up empty. There are no unwanted extensions running in chrome.

 

2. The steps listed in the solution here.  The URL listed is one I frequently encounter.  I found a cluster of suspicious files around the date the infection began.  I removed them and they have not returned, but the problem persists.

 

3. The steps listed in the solution here.  Again, I found and removed suspicious files and they have not returned.

 

4. Removal and reinstallation of Chrome

 

5. A full time machine restore from several weeks before the problem started and several weeks before the date of the .plist files removed.

 

I have not installed any of the .dmg files and obviously close the popups before the files are downloaded whenever I can.  As far as I know I have no issues beyond the annoyance of the pop-ups.  But I would really like to stop this problem once and for all.  Help!

MacBook Pro with Retina display, OS X El Capitan (10.11.5)

Posted on Jul 20, 2016 9:38 AM

by Linc Davis,Solvedanswer
Linc Davis Linc Davis
Level 10 (207,926 points)
Applications
A:

Never use any kind of "anti-virus" or "anti-malware" software on a Mac. That's how you cause problems, not how you solve them. You've already seen that it doesn't work.

If Safari is not affected, you may have installed a malicious Chrome extension such as "Adblock Super" or "News Ticker Remover." Remove all extensions you don't know you need. If in doubt, remove all of them.

If an extension is not causing the problem, create a new Chrome user profile. Note that you can salvage your bookmarks from the existing profile.

Chrome can sync your account settings between devices, so if you enable that feature, malicious profile data can spread from one to another in a virus-like way.

Posted on Jul 20, 2016 2:47 PM

Close
ChickHearn

Q: Malware/Virus Removal

  • All replies
  • Helpful answers

  • by macjack,

    macjack macjack Jul 20, 2016 9:47 AM in response to ChickHearn
    Level 9 (55,682 points)
    Mac OS X
    Jul 20, 2016 9:47 AM in response to ChickHearn

    The reason Malwarebytes didn't identify them is becausePop-ups are different from malware and easier to deal with. In Safari 9.1 and later just close the window. For earlier versions force quit and hold the shift key while restarting Safari.

    https://support.apple.com/en-us/HT203987

    I don't use Google but here are the instructions:

    https://support.google.com/chrome/answer/95472?hl=en


  • by ChickHearn,

    ChickHearn ChickHearn Jul 20, 2016 9:54 AM in response to macjack
    Level 1 (4 points)
    Notebooks
    Jul 20, 2016 9:54 AM in response to macjack

    I have attempted all the steps listed in the instructions for Chrome (which include using Malwarebytes) but have not had any success.  This problem has not seemed easy to deal with.

  • by Linc Davis,Solvedanswer

    Linc Davis Linc Davis Jul 20, 2016 2:47 PM in response to ChickHearn
    Level 10 (207,926 points)
    Applications
    Jul 20, 2016 2:47 PM in response to ChickHearn

    Never use any kind of "anti-virus" or "anti-malware" software on a Mac. That's how you cause problems, not how you solve them. You've already seen that it doesn't work.

    If Safari is not affected, you may have installed a malicious Chrome extension such as "Adblock Super" or "News Ticker Remover." Remove all extensions you don't know you need. If in doubt, remove all of them.

    If an extension is not causing the problem, create a new Chrome user profile. Note that you can salvage your bookmarks from the existing profile.

    Chrome can sync your account settings between devices, so if you enable that feature, malicious profile data can spread from one to another in a virus-like way.

  • by tetraploid,

    tetraploid tetraploid Sep 11, 2016 6:38 PM in response to Linc Davis
    Level 1 (4 points)
    Sep 11, 2016 6:38 PM in response to Linc Davis

    Linc,


    Thanks for posting all of the extensive information on cdn.freefarcy.com annoying malware.  I've tried everything you have posted so far and nothing works.  It's a really annoying popup that still seems to be hiding in my system.  There has to be some other places where it's hiding that we haven't uncovered yet.  I'll gladly post output of my system if you ask specifics.  I'm sure I'm not the only one still being plagued by this annoying popup.