Previous 1 2 Next 20 Replies Latest reply: Nov 1, 2009 6:56 PM by mickr7an
danielinchina Level 1 Level 1 (0 points)
hello everyone,
i have a 15 inch mbp that i bought about 10 months ago. since then i have moved to china to study, my problem is that for about two months my safari has been acting strangely. every once it a while an add will show up. not as a pop-up but it will start at the bottom of the safari window and gradually move up until it is taking up the whole window besides the address bar, bookmark bar etc. it definitely seems to be an add. in fact its always the same add in chinese. i am positive that i have not visited any illicit sites to cause this. i am also behind a wireless router. my first instinct told me to try firefox and sure enough it does the same thing there. a simple reload of the page always solves the problem but it frequently re-occurs. this is my first mac so im not very savy as to how to fix it or if i can. i tried reinstalling both internet browsers but this has not worked.
any help?
is this malware, spyware?
could this just be because im in china?

macbook pro, 2.4 ghz 15inch
  • Golden Shoes Level 5 Level 5 (4,015 points)
    Greetings,

    It's possible you have some sort of malware, but you would have had to install it and authenticate using your Admin password before that could happen. Unless you've done that, you don't have any malware on your system. It's just an ad.

    Did you install any ad blocking software, such as Safari Adblock or even Safari Block? Have you changed your DNS addresses to use those from OpenDNS? If not, you should do that, since it will filter and block ads, and OpenDNS should be faster for you, too.

    You could also disable JavaScript, since many ads are now JavaScript-based or activated, but most sites now use Flash and JavaScript for some of their content, so that would also prevent you from being able to see those sites.
  • danielinchina Level 1 Level 1 (0 points)
    i will definitely try your suggestions. i did downloaded avast for mac to try and scan and see if i had any malware but it came up with nothing. is there any other good virus software for mac?
  • Klaus1 Level 8 Level 8 (45,360 points)
    No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.

    It is possible, however, to pass on a Windows virus to another Windows user, for example through an email attachment. To prevent this all you need is the free anti-virus utility ClamXav, which you can download from:

    http://www.clamxav.com/

    However, the appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.

    If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.

    You can read more about how, for example, the OSX/DNSChanger Trojan works here:

    http://www.f-secure.com/v-descs/trojanosxdnschanger.shtml

    SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:

    http://macscan.securemac.com/

    The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.

    (Note that a 30 day trial version of MacScan can be downloaded free of charge from:

    http://macscan.securemac.com/buy/

    and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)

    A white paper has recently been published on the subject of Trojans by SubRosaSoft, available here:

    http://www.macforensicslab.com/ProductsAndServices/index.php?mainpage=document_general_info&cPath=11&productsid=174

    Also, beware of MacSweeper:

    MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008

    http://en.wikipedia.org/wiki/MacSweeper

    On June 23, 2008 this news reached Mac users:

    http://www.theregister.co.uk/2008/06/23/mac_trojan/

    More information on Mac security can be found here:

    http://macscan.securemac.com/

    The MacScan application can be downloaded from here:

    http://macscan.securemac.com/buy/

    You can download a 30 day trail copy which enables you to do a full scan of your hard disk. After that it costs $29.95.

    More on Trojans on the Mac here:

    http://www.technewsworld.com/story/63574.html?welcome=1214487119

    This was published on July 25, 2008:

    Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.

    The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.

    In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.

    Net security groups say there is anecdotal evidence that small scale attacks are already happening.

    Further details here: http://news.bbc.co.uk/2/hi/technology/7525206.stm

    A further development was the Koobface malware that can be picked up from Facebook (already a notorious site for malware, like many other 'social networking' sites), as reported here on December 9, 2008:

    http://news.bbc.co.uk/newsbeat/hi/technology/newsid_7773000/7773340.stm

    You can keep up to date, particularly about malware present in some downloadable pirated software, at the Securemac site:

    http://www.securemac.com/

    There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!

    If you think you may have acquired a Trojan, and you know its name, you can also locate it via the Terminal:

    http://theappleblog.com/2009/04/24/mac-botnet-how-to-ensure-you-are-not-part-of- the-problem/

    As to the recent 'Conficker furore' affecting Intel-powered computers, MacWorld recently had this to say:

    http://www.macworld.co.uk/news/index.cfm?email&NewsID=25613

    Although any content that you download has the possibility of containing malicious software, practising a bit of care will generally keep you free from the consequences of anything like the DNSChanger trojan.
    1. Avoid going to suspect and untrusted Web sites, especially *********** sites.

    2. Check out what you are downloading. Mac OS X asks you for you administrator password to install applications for a reason! Only download media and applications from well-known and trusted Web sites. If you think you may have downloaded suspicious files, read the installer packages and make sure they are legit. If you cannot determine if the program you downloaded is infected, do a quick Internet search and see if any other users reported issues after installing a particular program.

    3. Use an antivirus program like ClamXav. If you are in the habit of downloading a lot of media and other files, it may be well worth your while to run those files through an AV application.

    4. Use Mac OS X's built-in Firewalls and other security features.

    5. Stop using LimeWire. LimeWire (and other peer-to-peer sharing applications) are hotbeds of potential software issues waiting to happen to your Mac. Everything from changing permissions to downloading trojans and other malicious software can be acquired from using these applications.

    6. Resist the temptation to download pirated software. After the release of iWork '09 earlier this year, a Trojan was discovered circulating in pirated copies of Apple's productivity suite of applications (as well as pirated copies of Adobe's Photoshop CS4). Security professionals now believe that the botnet (from iServices) has become active. Although the potential damage range is projected to be minimal, an estimated 20,000 copies of the Trojan have been downloaded. SecureMac offer a simple and free tool for the removal of the iBotNet Trojan available here:

    http://macscan.securemac.com/files/iServicesTrojanRemovalTool.dmg
  • Golden Shoes Level 5 Level 5 (4,015 points)
    As Klaus1 said, there are no viruses for Mac OS X, so antivirus software shouldn't be needed unless you send and receive MS Office files to Windoze users. I've never used antivirus software and I've never had any malware of any sort. It's more a matter of being smart about where you go and what you choose to download and install.
  • danielinchina Level 1 Level 1 (0 points)
    i dont use limewire or any peer to peer downoaders, nor do i download pirated software. i took your advice about trying out mac scan. when it scanned my mbp it found around 60 tracker cookies and not viruses or anything. i though that this has worked. then last week i installed the new snow leopard and i thought that surely this would put an end to my problem then yesterday it started again. i ran mac scan again and it found 8 tracking cookies but thats all. so my question is: do the tracking cookies mean anything? and also is it possible that the internet service would have something to do with it? i am in china and although i have worked as a support tech at an internet company and am weary of blaming the isp, im out of ideas.......
  • Golden Shoes Level 5 Level 5 (4,015 points)
    It's a Flash-based add on a web site. As long as you have Plugins enabled in Preferences > Advanced, those ads are able to appear. It's not a virus because there are no viruses for Mac OS X, and if you haven't installed anything that you didn't expressly download and provide your password for, it's not spyware, either.

    All computers that access the web have cookies on them; otherwise the site would not know you had visited them before or what page you went to or how long you spent at the site. None of those cookies are harmful; you can get rid of them when you quit Safari, or at some other pre-determined interval that you choose in Preferences. It's nothing to worry about.

    You could use something like Click to Flash, to block all Flash items until you click on them, as well as something like SafariBlock to block other types of ads.
  • mickr7an Level 1 Level 1 (55 points)
    Daniel, you are not the only one. I live in shanghai and I am experiencing the same problem. The ads appear outside of the page I'm visiting, usually above it. Most of them are for IPTV from China Telecom. They also disable the webpage I'm visiting. Hitting reload gets rid of them for a while. They usually only appear when I first open Safari. Unfortunately none of the suggestions above are the source of the problem. I don't have any illegal software on my computer, I have not downloaded any illegal files or installed anything from suspect websites. Nor has anyone else had any access to my computer. I also upgraded to Snow Leopard recently and that has not fixed the problem. I wonder if the problem is with the ISP allowing spammers to hijack my browser. China MObile allows spam text messages all the time. It's very annoying.

    People seem very adamant that viruses don't exist on the Mac but malware obviously does. I'm not sure how they interfere with Safari but I haven't manages to get rid of it yet. I did find tracking cookies on my Mac and deleted them (even though I'm not sure what they are) but the problem reoccurred.
  • Golden Shoes Level 5 Level 5 (4,015 points)
    There are no viruses for Mac OS X. There is some malware, but at the moment it consists of things to redirect your browser to sites you didn't specify. Deleting cookies from Safari isn't going to solve anything, because they aren't the problem.

    As long as you have JavaScript and Plugin enabled in the Preferences > Security section, you will see things you don't want to see, including ads. Turn them off and it will go away, as well as your ability to see many web sites that now rely on Flash.

    < Edited by Host >
  • mickr7an Level 1 Level 1 (55 points)
    I said exactly what you said – that it is malware and not a virus.

    It clearly does not do what you say and 'redirect' to another page. I described these interfering ads in my first response. These are not banner ads. This is content pushing the real pages down to the bottom of the screen and disabling all their links. I doubt www.apple.com has started allowing ads for cheap mobile phones in Chinese to nearly blot out their home page. This is clearly a way someone has discovered to interfere with Safari (it could be other browsers too but I only use Safari as it syncs with my iPod). I have many screen captures of it on different webpages.

    As you point out disabling java and plug ins would render the browser partly useless which wouldn't help much and may not stop the ads at all. I have followed other helpful suggestions such as running Main Menu and Little Snitch. I also ran MacScan which suggested I delete 4 tracker cookies. I haven't seen the ads since – but I'm not holding my breath.

    < Edited by Host >
  • Golden Shoes Level 5 Level 5 (4,015 points)
    As I said, the only malware at this point redirects your browser to sites you didn't ask for. But it requires that you make the mistake of downloading and installing it first. That can't happen by itself.

    Nothing is interfering with Safari; these are JavaScript and Flash ads, and the easiest way to stop them is to disable JavaScript and Plugins in your Preferences. You could install an ad blocker, such as Safari Block, or Safari Adblock. Deleting cookies will not help you in any way, since they aren't the problem.

    < Edited by Host >
  • Carolyn Samit Level 10 Level 10 (95,950 points)
    HI,

    If you are running Snow Leopard 10.6.x you don't need to worry about malware or viruses.

    Mac OS X Has You Covered

    Please click My Settings on the right side of this page and tell which Mac OS X you are running on your Mac. Thanks!





















    Carolyn
  • Carolyn Samit Level 10 Level 10 (95,950 points)
    HI,

    You are running 10.6...

    Mac OS X Has You Covered







    Carolyn
  • mickr7an Level 1 Level 1 (55 points)
    Thanks Carolyn. Unfortunately it doesn't... or didn't. It was also happening after my upgrade to 10.6.1. However after following various pieces of advice above it hasn't happened for a while so (fingers crossed) I hope I have gotten rid of that problem. I'll post in a few days if it has stopped but not sure which one of the remedies to recommend.

    One thing I can't believe I hadn't done was to turn my firewall on. I had it on before but must have turned it off for some reason and forgotten about it. Very silly.
  • Carolyn Samit Level 10 Level 10 (95,950 points)
    A pop up isn't necessarily a virus or spyware. It could have been just an advertisement. Go to Safari / Block Pop Up Windows. More likely then not, it was an ad advising you to purchase anti virus software with a link. Just close the window.

    Anti virus software nor malware protection can prevent a pop up ad. They are innocuous unless you click any links in the window.

    Since you are in China... you might want to contact your ISP and report the problem.








Previous 1 2 Next