How can I remove malware trying to phone home?
Hi,
I’m not sure when this started, but I noticed today that Firefox and Thunderbird try to connect to a known malware site. When I start either of these apps, Little Snitch shows an outgoing connection to R3.o.lencr.org. I did a search and found quite a few sites talking of R3.o.lencr.org as being malware, although most of the advice for removal was for Windows users. Here is what one said ...
R3.o.lencr.org can be deemed as a redirect virus. It is injected on your web browser by a potentially unwanted program (PUP) which generates numerous ads on most webpages you open. You should be on alert when you encounter endless R3.o.lencr.org popup or ads redirection. It is an obvious sign of virus infection.
What I’ve tried ...
- ran 3 different anti-virus apps (Malwarebytes, ClamXAV and Combo Cleaner), but none of them showed any sign of a virus or other abnormalities.
- disabled addons in Firefox using Troubleshoot Mode. Despite this R3.o.lencr.org still tries to connect until I block it with L/Snitch. (Path: /Applications/Firefox.app/Contents/MacOS/firefox)
I am slightly concerned because I was contacted by my credit card company last week to say that someone had fraudulently used my card on a now-disappeared website. My card details were stolen online.
So my question is, does anyone know how I might verify whether my computer is infected and, if so, how to locate and delete the thing? If this is not the case then why would these 2 apps (and possibly other browsers) try to connect to a known malware site?
Thanks
Note: I downloaded Thunderbird from Mozilla only yesterday and didn’t add any addons, so I was surprised to see the connection to lencr.org.
Mac 10.14.6, Mac Mini
Mac mini, macOS 10.14