Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Safari downloading a strange file

Well, some days ago I was browsing the internet and Safari downloaded a file called 2018-2019.zip, and it resulted to be an alias to who knows where. As it was taking so much time to see the original folder I just deleted it and that. But today it happened again, I deleted it again and then while visiting Google images I selected an image and between the time that the image started to expand the cursor turned into the circle of colors and it dowloaded the 2018-2019.zip. I opened it, and this time didn't that that much time to show me the original folder (seems like its a server) and it was called 2018-2019 (it's in the image). I opened it and there was an APP with the icon of a folder called PDF (at first I thought that it was a folder but it opened like an app) and it didn't really opened anything. So I searched in the about this (I don't know how it's in English, is that thing to see more info about the folder/app) and indeed it was an app with the icon of a folder called PDF.app. I searched then the contents of the app, and there was an PDF folder (this time for real) and it had a document that I have in my desktop. I scanned this document with my phoneDoes anyone knows what is this about?

MacBook Pro 13", macOS 10.14

Posted on Jun 5, 2019 5:08 PM

Reply

Similar questions

10 replies

Jun 5, 2019 6:01 PM in response to ipozow

This is almost certainly malware and you need to clean up your system, and clean up your Safari to figure out why this is happening.


Your screen shot shows this is being downloaded from a free DNS-server address (duckdns.org) that is presumably being routed to a malware server. Here is what you should do:


1) Scan your system with Malware bytes: https://malwarebytes.com/mac

You can use their 14-day free trial and it should get just about everything that may have installed itself onto your system.


2) Check your Safari settings. Go to Safari-menu Preferences and to the General tab to make sure your homepage is set to what you like it to be. Then go to the Extensions tab and disable any extensions you didn't absolutely install yourself and use on a regular basis. Then go to the Advanced tab, Proxies: Change Settings and un-tick any 8 boxes there that are ticked on. Delete anything on the "Bypass proxy settings" box below if it says something other than: *.local, 169.254/16

Jun 5, 2019 6:31 PM in response to ipozow

Absolutely my friend, Malwarebytes is a legitimate software product and is the number one product people on the Apple Discussion forums recommend. It's also very popular with Mac technicians.


You definitely have something on your system that is taking over your browsing trying to download Google Images and hijacking that to a free malware server. Since you have checked your Safari settings I have to assume it is something that is installed on your Mac, and Malware Bytes is the easiest way to get rid of that.


It is a great product, worth paying! But using the free version is great also. Most people just use it for free.

Jun 6, 2019 6:08 AM in response to SamAlanko

Oh wow, in that case maybe it's time for operation overkill:

One could certainly block duckpins.org domain addresses from resolving by modifying one's HOSTS file.

Here's a great tutorial for doing that:

https://www.laptopmag.com/articles/block-websites-mac


So adding an entry for "127.0.0.1 dyndns.org"

(and that's a bunch spaces after the 127.0.0.1, not a tab)


Relatedly, I would also check your DNS setting and instead of using whatever in-house DNS your ISP provides you, I would use only 8.8.8.8 (Google's free DNS server) as there may be some DNS poisoning going on behind this at the ISP level.

Safari downloading a strange file

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.