Q: MacKeeper/Zerobit Pop Up ad Problem

I was having a problem a bit like this with my mums Macbook Pro (laptop).
A window kept on opening and saying that she had won something. It would only let you press continue, no other things. So we tried force quitting then restarting but it opened to the EXACT same page when I had opened safari again.
In the end, I turned off the internet access (in this case, wifi) and then opened safari. I there for could go to my safari preferences and everything along that top bar.

I then clicked 'reset safari...' 

It deleted all my safari history, saved passwords, favourited websites etc and then quit safari.
I then opened safari and it went straigh to google (my home page).
And there was no sign of the previous pop-up virus thingo.
I hope this helps someone.
Good luck!

Zoe Baum, you said:

"And there was no sign of the previous pop-up virus thingo"

I have been following the discussion but there was little point to answer as I had nothing much to offer....

Now, correct me if I'm wrong, but through all the replies, what I understand is that the pop up/pop under/whatever the name is NOT a virus ?

just a terribly annoying thing?

I only get it from one web site (Media Fire, and only from one of my bosses account) and not even every time I go into MF...just some times...which is indeed terribly annoying as I have to force quit Safari, but I don't even need to go into that site all that often..

As I'm not anywhere near as computer literate as most of you guys seem to be here, I decided not to follow any instructions here as I wouldn't know how to react if anything goes even slightly wrong...

Am I right in thinking the little window is NOT harmfull to the Mac?

thanks in advance guys, I have already learned quiet a lot just by reading you all here

Ok skhram's idea works and I have tried it. Since you posted objection I started doing more research on this and found multiple links explaing the process. You can use more elaborative processes as guide to do that. Here is a link to one of them

http://osxdaily.com/2010/04/21/how-to-block-a-website-from-safari-firefox-or-chr ome/

I do suggest to add a line saying

127.0.0.1      mackeeper.zeobit.com

               in addition to ones mentioned by skhram's.

Also as you mentioned first line is 127.0.0.1     localhost

We are not changing anything here just adding more line.

Hope this helps others get rid of that garbage pop up.

And skhram I can't thank you enough to point out the way. I hope to never hear that crappy voice again

Message was edited by: luvraj

Do NOT recommend editing hosts file. Unexperienced users should not "poke" around in such files, and it can do a lot of harm.

You can use glimmerblocker which uses a proxy without going into dangerous adventures. It uses filterlists that are regularly updated/expanded, it is not an extension of Safari. Read Thomas A Reed's warning. !!!

I am sorry but I am neither suggesting nor recommending anything. Just pointing out the fact that process is not wrong as you mentioned. Yes it can have bad effects if something goes wrong and you get the warning in terminal while performing that task too.

And I am not a pro nor do I know a lot about macs. But I know how to follow instructions and thats exactly what I did, and it worked.

Being a experianced user you can't just point the right processes as wrong just because they could have side effects if something goes wrong. A better way would be to point out the problem it could cause or just caution people rather than just saying the process itself is wrong.

I did not "point the right process as wrong": a process that can very often harm your computer because it is not done right, is not to be done at all, especially when there are alternatives. As you described it, you were lucky that it did not destroy your computer, a lot of people not being accustomed to use Terminal could have things messed up. There were even posts in some threads to edit the hosts file in place (using textedit), which should never be done like that either although the hosts file will take the changes...

So what I was trying to tell: do not edit or change the system files! there are easier and safer alternatives.

"

SKHRAM: are you crazy??? never put in those lines into the hosts file: the first line should read

127.0.0.1 localhost

and the second line should not be there at all.

ALARM everybody: DO NOT FOLLOW skhram's advice.

"

This is clear enough what you intended to say. And It was no luck that it didn't harm my computer. I did enough research to do that process.

It would be nicer if you pointed out the problem first than calling other guy who actually pointed out a solution even though it might not be perfect, a crazy guy.

I really wonder why Zeobit has 15.000 followers on Facebook? and i also wonder why the H***** they still are on app store? This company should be banned from Appstore and but some dark place in Russia. They are all over the internet, like the plague.

I would like to chime in about recent posts ...

I do believe Apple should not promote MacKeeper in the App Store.

The alteration by Terminal IS DANGEROUS and there's NO WAY this should be done - even by a professional.

Think about that logically ... if it were that easy, Apple would probably provide that solution in an update.

You are ONLY stopping zerobit served ads. Most pop unders are served BY THE SITES you visit ~ not by Zerobit.

Zerobit/MacKeeper isn't the only pop under served by [example] www.greenvilleonline.com ... but since we are Mac Users and the pop under can read a cookie that tells it you have a Mac ~ this is the most probable ad you will recieve.

No matter what other people have said here, the ONLY way to prevent all pop unders totally is to disable Java in your browser AND not allow cookies.

I certainly appreciate all the suggestions here in this forum, but after a few people in this forum were nasty I took it upon myself to finally fully understand this annoying problem. Read the previous posts to see what the MacKeeper pop under is and what it does.

Okay.. so many people are overexadurating on issues they do not know about.  Before my rant, to give myself some level of credibility: I have a degree in computer science.  I own a web development firm.  I do web dev and unix server administration & netowrking on a daily basis.  I have been using macs for a decade.

FIXYOURTHINKING wrote:

 

The alteration by Terminal IS DANGEROUS and there's NO WAY this should be done - even by a professional.

This is just plain wrong.  Many applications change this file, such as MAMP.  I would imagine there are cases when core apple services do the same, such as when using web sharing.

FIXYOURTHINKING wrote:

 

Think about that logically ... if it were that easy, Apple would probably provide that solution in an update.

Solution to what?  Apple doesn't block advertisers.  The issue is not one that is harmful to the computer, it's just annoying.  The solution I provided is to rid of the annoyance.

FIXYOURTHINKING wrote:

 

You are ONLY stopping zerobit served ads. Most pop unders are served BY THE SITES you visit ~ not by Zerobit.

Again, wrong.  I'd guess less than 1% of websites serve their own ads.  Probably less than 0.01%.  Infact, most are served from advertising agencies such as Google ads, cox, etc.  In *my* particular instance with these zeobit ads, they were all being served by zeobit's domains.  I'm not claiming the solution will 100% block every zeobit ad, but it will certainly help.

-------

With the hosts file in particular, it really can't do any irreperable damage to your machine.  Worst case is that if you manage to screw it up, your netowrking could go down.  So, a revised solution:

1. Applications -> Utilities -> Terminal

1b. Type sudo cp /etc/hosts /etc/hosts.bak

2. Type sudo nano /etc/hosts

3. Paste these 2 lines at the bottom:

127.0.0.1 zeobit.com

127.0.0.1 mackeeperapp.zeobit.com

4. Hit Control-x, then y, then enter to save

5. Type dscacheutil -flushcache into terminal

6. Restart Safari.

7. If for any reason you're unsatsfied with the changes, open terminal and type sudo mv /etc/hosts.bak /etc/hosts to restore all your previous settings.  Do a dscacheutil -flushcache afterwards to activate the reverted changes.

-----

If you don't want to do it, then don't.  But don't tell people that their computer is going to explode if they follow a perfectly normal process.

"With the hosts file in particular, it really can't do any irreperable damage to your machine.  Worst case is that if you manage to screw it up, your netowrking could go down.  So, a revised solution:"

Now you say it yourself...

There are easier and not-harming solutions.

Nobody asked you to prove your agility with terminal, it is not relevant whether YOU are good enough to use Terminal to tamper with a system file.

"I have a degree in computer science.  I own a web development firm.  I do web dev and unix server administration & netowrking on a daily basis.  I have been using macs for a decade."

And for the sake of argument - I'm all that, but Macs x28 years.

"Apple doesn't block advertisers."

Is this why there's a pop up blocker option in Safari? What about that Apple doesn't install flash on Macs by default anymore? A high percentage of annoying ads come by these methods.

Apple also officially recognizes several browser extensions to block ads.

Furthermore, the recent Java security update actually DOES address the issue in this very forum ~ at least partially. It was more meant to stop a trojan called Flashback, but the side effect is that it seems to prevent this Mackeeper - some/most of the time.

You are plain wrong on who serves the ads. It's part of the problem in this case. MOST sites using this method of pop under manipulation, mask their DNS to be the host site. Now I have actually confirmed this with two sites that serve the MacKeeper pop under and sat for over an hour on the phone with two different IT departments at Gannett Newspapers. I'm not just surmising any of this.

Telling a consumer to do anything from the terminal is dangerous. Most consumers don't heed warnings of "not for the novice" ~ in fact it emboldens them to do it.

Having the terminal open while online could potentially be a security risk.

Arguing in this forum has only complicated the issue ... I really wish we coulda left it at my answer and been done with it. However, this forum is the main forum that comes up in searches for the topic.

I kindly ask anyone to visit www.fixyourthinking.com where I've thoroughly discussed this issue and given step by step instructions and graphics on what the problem is and how to minimize it.

I also encourage you to download Apple's latest Java update released the week of April 2, 2012.

I may receive some form of compensation, financial or otherwise, from my recommendation or link.

<Edited by Host>

Who are you talking to ???

I did not add that last line and I don't appreciate whoever did ...

"I may receive some form of compensation, financial or otherwise, from my recommendation or link."

Lex ...

I think I responded by replying to your link instead of skhram.

The moderators added it, because the culmination of your rant was a recommendation for your web site, where you have a donate button so people can give you money, among other things.  See the Apple Support Communities Terms of Use.