Previous 1 2 Next 17 Replies Latest reply: Aug 15, 2012 5:18 PM by Gavin in Denver
Gavin in Denver Level 1 Level 1 (5 points)

I appear to have a virus on my Safari browser. I'm getting unblocked popup ads for any and all websites (popup blocker has worked normally 'til now). Any thoughts on how to locate and remove the problem?


MacBook 2.0 GHz Intel Core Duo, Mac OS X (10.6.8), 4 GB RAM, 500 GB HDD, 160 iPod Classic, 2 GB iPod Shuffle (2G)
  • Gavin in Denver Level 1 Level 1 (5 points)

    Oh, and FYI, I also have AdBlock 2.4.23 installed.

  • Kurt Lang Level 8 Level 8 (35,190 points)

    It's not a virus. Popups are exactly what they are. Popups. It's a constant battle between the jerks who create these things and the browser vendors to block them. Eventually, the advertisers find a new way to get a popup to work, despite the various ways to block them. Then the browser vendors (or your third party add-ons like AdBlock) have to figure how they got around the blocks and fix it to block those.

  • Gavin in Denver Level 1 Level 1 (5 points)

    I don't believe this is a fiendishly designed popup that's run ahead of the developers, and here's why: I'm getting the Doubleclick ad popup from the "Top Sites" page. As in, I launch the browser with the default set to open the Top Sites as my home page, yet I get a Doubleclick ad.

  • Kurt Lang Level 8 Level 8 (35,190 points)
    I'm getting the Doubleclick ad popup from the "Top Sites" page. As in, I launch the browser with the default set to open the Top Sites as my home page, yet I get a Doubleclick ad.

    That's the likely reason. The browser is remembering the last state of the pages you save to open by default. So regardless of where your popup settings are, the page is opened as its last state.

  • Gavin in Denver Level 1 Level 1 (5 points)

    I doubt that's the cause. I don't have the resume session on and when I open the browser, the only page open is Top Sites. How on Earth could that trigger popups? As it refreshes the top sites pages in the background?

  • Kurt Lang Level 8 Level 8 (35,190 points)

    Sorry Gavin, I was thinking of the wrong thing. No, they shouldn't pop up at the Top Sites page. At least they shouldn't.

     

    Popups are Java commands. Can't remember if they're Javascript or compiled Java code. Either way, it's the browser that runs them, not any type of virus.

     

    Do you have the option on in Safari to Block Pop-Up Windows? It could also be a particular cookie that is calling the site that dropped it there to spring an ad up.

     

    Open Safari's preferences and click on the Security tab. Under Web Content, make sure all of them are checked. Turning off the two Java choices would fix the problem, but so many other things you do on the web that you need Java for would then not work. Under Accept Cookies, have it set to Only from sites I visit. Which as you can see, also helps stop unwanted ads from working.

  • Gavin in Denver Level 1 Level 1 (5 points)

    Thanks Kurt, but no luck with that. I had deleted all cookies in an effort to stop the problem. My pop-up settings are different from what you describe (Windows vs. Mac?). The cookie settings are under the Preferences Privacy tab and I have "Block cookies from third parties and advertisers" selected. I suppose I could turn off Java and JavaScript, but does the web have anything useful that doesn't use that?

     

    This is strongly reminiscent of some malware/adware I know is common on Windows machines, generating popup ads regardless of the site visited. I left the browser running this evening with only the "Top Sites" open and when I returned home, I had a "disk full" error because so many popups were trying to run, it blew up my virtual memory.

  • Kurt Lang Level 8 Level 8 (35,190 points)
    I suppose I could turn off Java and JavaScript, but does the web have anything useful that doesn't use that?

    If you turn them off, it would break the functionality of many sites.

     

    Java and Javascript (Javascript in particular) controls a lot of what we do on the web. The garden variety rollover for instance. With Javascript off, rollovers built that way won't work. The one's at the top of this page do because they're CSS. But check the lead page of my web site:

     

    http://www.jklstudios.com/

     

    The green buttons at the left work as long as Javascript is on. Turn it off, and they do nothing. Knowing that, CSS is likely how these things are continuing to inundate your Mac.

     

    You might want to give GlimmerBlocker a try:

     

    http://glimmerblocker.org/

     

    I'll also call attention to your plight. Get some fresh eyes on the issue.

  • ds store Level 7 Level 7 (30,310 points)

    1: Back up your user file folders to a external drive manuallly (not TimeMachine) and disconnect.

     

    1.5 Uninstall all Safari's add-ons or other tweaks, you can reinstall later.

     

    2: Download OnyX here for your OS

     

    http://www.titanium.free.fr/

     

    3: Manually disconnect your Internet (pull the router plug)

     

    4: Run ALL of OnyX's maintainence and cleaning aspects (you can cancel the in between reboot, but reboot at the end) This will clean out all your caches etc.

     

    5: When you reboot, hold c and boot off the 10.6 install disk and second screen in simply reinstall OS X (it writes over the installed version and bundled programs like Safari etc) third party programs and files shouldn't be touched (some are) but you backed up your user files of course.

     

    6: Reboot again, turn on your router and immediatly Software Update to 10.6.8.

     

    7: If you installed MacKeeper, use Easy Find to delete all references to Zeobit or MacKeeper

  • ~Bee Level 7 Level 7 (31,135 points)

    I had a "disk full" error because so many popups were trying to run, it blew up my virtual memory.

     

    Good one, ds!

    I'll bet MaKeeper or similar is the problem.

  • Gavin in Denver Level 1 Level 1 (5 points)

    Thanks ds, it sounds like I have an evening project ahead of me! My only current backup is time machine, but I should have enough external drive space to achieve that.

  • ds store Level 7 Level 7 (30,310 points)

    Forgot, if you've installed MacKeeper you'll have to Force Quit the process in Activity Monitor, remove it's log-in item in your system Preferences > Accounts, then Easy Find (Spotlight won't catch all of it) and Trash Zeobit or MacKeeper results it's turns up.

     

    Good Luck.

     

    If all that fails, you can hold c and boot from the installer disk again and this time use Disk Utility to Erase with Security Option Zero the whole drive, format it HFS+ Journaled (same name as before) and reinstall OS X, setup (same user name, different password) Software Update and then install programs from fresh sources and user file folder contents back into their same folders again. (same hard drive name and user name preserves iTunes playlists etc.)

     

    Just make sure you have all your serials first and any other essential data as this second method wipes the whole drive, but removes any malware for sure.

     

    Consider cloning your boot drive to a external using Carbon Copy Cloner and connect it only to update it, it's hold the option key bootable, which could have saved your bacon in this case. Just reverse clone and a hour or so later your back to before the mess started occuring.

     

    TimeMachine can do that as well, but it's not bootable and tends to remain connected, updates the malware to the TM drive.

  • MadMacs0 Level 5 Level 5 (4,580 points)

    Gavin in Denver wrote:

     

    Oh, and FYI, I also have AdBlock 2.4.23 installed.

    I've had better luck with the Ghostery extension.

     

    And there may be an easier way to uninstall MacKeeper if you need to.

  • Kurt Lang Level 8 Level 8 (35,190 points)

    You can do a quick check to see if it's account related. Open the System Preferences and click on the Accounts tab. Create a new account. Either admin or standard, and log in to that account. Does Safari behave the same way?

Previous 1 2 Next