Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: TrevorGainesville
TrevorGainesville Author
User level: Level 1
9 points

URGENT Just discovered a new Mac virus: GeneralOpen 1.0 Safari Extension

One of my employees has been sporadically losing the internet connection on her iMac. We went through all the usual culprits and nothing was helping it and it was intermittent. Safari wasn't working. Mail not sending or recieving. But she had a valid IP address and other devices on the same network were working just fine. Then, she looked in her Safari Extensions and found a mysterious extension called GenerelOpen 1.0. It has full permissions to passwords, credit cards, phone numbers and browsingn history! So we googled it. There's only ONE single entry in google for "Generel Open 1.0" and it's just a Danish language page so it's just a coincidence. Clearly, this is a malware/virus that was installed about a week ago. I'm not finding ANYTHING about it, so I want to get the word out.


When trying to uninstall the Safari Extension, it would not let us because there was also an App in the Applications folder. Once we deleted that app, we were able to uninstall the extension. So far, it seems to have fixed the problem.


I've posted a screenshot so you can see what it looks like.

iMac Line (2012 and Later)

Posted on Aug 13, 2019 11:23 AM

Reply
Question marked as Best reply
User profile for user: VikingOSX
VikingOSX
Community+ 2024
User level: Level 10
111,167 points

Posted on Aug 13, 2019 12:56 PM

There are no viruses on the Mac (would have to replicate itself across devices on a network — which Windows viruses do), but there certainly are a growing number of malware/adware that are not viruses. With Safari 12, the only means to get an extension installed is by clicking on an application (which you show), and giving it the adminstrator password.


The question is how your user downloaded the GeneralOpen application — either by a confusing website button, or download aggregation site that may have looked like another download entirely, but side-loaded this crapware when the administrator password was given.


You may have to manually remove the Safari extension and its hosting application. I would also recommend installing Malwarebytes for Mac and letting it sweep that employees Mac for other ad/malware. It will offer to remove any cruft that it finds, and if you want to remove Malwarebytes afterward, that is done through the appropriate entry on its Help menu.


Many of us recommend as well as use Malwarebytes ourselves. If one is careful to only download software directly from vendor sites, and avoid sites polluted with download buttons and JavaScript roll overs, then there would be little to no need for products like Malwarebytes. Running any Mac anti-virus product is a complete waste of time and operating system resources.


See macOS built-in security.

macOS Security. Overview for IT (direct Apple PDF link from Spring 2018)

View in context

Similar questions

4 replies
Question marked as Best reply
User profile for user: VikingOSX
VikingOSX
Community+ 2024
User level: Level 10
111,167 points

Aug 13, 2019 12:56 PM in response to TrevorGainesville

There are no viruses on the Mac (would have to replicate itself across devices on a network — which Windows viruses do), but there certainly are a growing number of malware/adware that are not viruses. With Safari 12, the only means to get an extension installed is by clicking on an application (which you show), and giving it the adminstrator password.


The question is how your user downloaded the GeneralOpen application — either by a confusing website button, or download aggregation site that may have looked like another download entirely, but side-loaded this crapware when the administrator password was given.


You may have to manually remove the Safari extension and its hosting application. I would also recommend installing Malwarebytes for Mac and letting it sweep that employees Mac for other ad/malware. It will offer to remove any cruft that it finds, and if you want to remove Malwarebytes afterward, that is done through the appropriate entry on its Help menu.


Many of us recommend as well as use Malwarebytes ourselves. If one is careful to only download software directly from vendor sites, and avoid sites polluted with download buttons and JavaScript roll overs, then there would be little to no need for products like Malwarebytes. Running any Mac anti-virus product is a complete waste of time and operating system resources.


See macOS built-in security.

macOS Security. Overview for IT (direct Apple PDF link from Spring 2018)

Reply
User profile for user: TrevorGainesville
TrevorGainesville Author
User level: Level 1
9 points

Aug 14, 2019 9:15 AM in response to VikingOSX

Simply "removing" the Safari Extension and the GenerelOpen app did not solve the problem. It came back. Clearly there are other components hiding somewere. So we installed Malwarebytes and ran it. It found several problem and removed them. It's been about an hour, and so far the iMac is working perfectly! Thank you for the suggestion and the explanation.

Reply

URGENT Just discovered a new Mac virus: GeneralOpen 1.0 Safari Extension

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up