3 Replies Latest reply: Feb 16, 2011 9:49 PM by Mac_Man_X
nikkoblue Level 1 Level 1 (0 points)
My MBP is only 2 weeks old. The day after I got it I began to notice suspicious behavior when surfing the net (Yahoo Mail, Yahoo News, Facebook) when the screen I was on would be hijacked to an another site or ad of some kind. I screen-capped the examples and headed for the genius bar. They advised it was not the machine but probably pop ups from the sites I was visiting, in other words it was my keystroking habit and the sites I visited. Never knew Yahoo Mail and News were "problems"!

They loaded Sophos and said it won't find anything but would give me peace of mind. Well when I ran a full scan I've got a trojan and 2 malware (all java related). I assume this may be the root cause of my hijacking issue. I know the prevailing wisdom is that MACs don't get viruses and only get malware/trojans if the user/admin accepts them. I've not accepted anything or given permission for any downloads...ever. Which leads me to question if somehow these problems were transferred from my XP during the data transfer process? Is that possible? Does anyone have any suggestions about the best course of action? The malware can't be cleaned in Sophos...it must be manually removed. Which I've yet to figure out how to do. The primary reason I switched to a MAC was the security. And I love the machine but I'm disheartened to say the least. Any advice is appreciated.

MacBook Pro, Mac OS X (10.6.3)
  • eww Level 9 Level 9 (52,975 points)
    You undoubtedly imported the malware from your PC running Windows. If the malware came from there, it can't do anything on a Mac unless the Mac is running Windows, and is therefore completely harmless. Antivirus software may detect Windows-based malware on your computer, but that doesn't mean any of it can run in the Mac OS.

    The day after I got it I began to notice suspicious behavior when surfing the net (Yahoo Mail, Yahoo News, Facebook) when the screen I was on would be hijacked to an another site or ad of some kind.


    This happens all the time and has nothing to do with malware, unless sneaky and devious website design is classified as malware.

    ...in other words it was my keystroking habit and the sites I visited.


    I don't know what "keystroking habit" means, but the sites you're visiting are responsible for the popups and diversions that annoy you.
  • nikkoblue Level 1 Level 1 (0 points)
    So your assessment is that the malware I found is not directly related to the hi-jacking episodes eww? Have I understood you correctly? No I'm not running Windows and I'm relieved to hear it will do no harm to the OS. But as you note it is an annoyance that I don't want and it did not occur in my previous XP machine (albeit one loaded to the gills with AV).

    Short of not surfing at all...how can I prevent this hijacking behavior on my MAC? I"m not talking about a window popup you simply close and are still on the same page. I mean the page is actually shut down and I'm directed to another site or page. I have to re-start a browsing session. Would an AV software prevent this on a MAC?
  • Mac_Man_X Level 1 Level 1 (35 points)
    Yes an anti-virus software will prevent the problems you are running into. It is simply the scripting on the web page or in the advertisements that are "hijacking" your browser. It is nothing like a PC but I will say Safari is not as good as other browsers in terms of pop-up blocking. A third party Security Software can help prevent this. You can do an erase install and still experience the same issue.

    In order for a virus to even ENTER your system you have to give it permission by entering your administrator password for it to install, the system is built to be secure unlike Windows. Malware is virtually non-existent on Mac's, trust us.

    By the way FACEBOOK IS THE WORST WEBSITE WHEN IT COMES TO ADS WITH SCRIPTING. More people get virus's from Facebook than any other website on PC's. The virus's will not run or work on the Mac OS. But pop-up and redirect scripts will run because it is most likely JAVA based.