The above discussion seems to be very similar to my scenario. Just different website and different prize. I will reference this posting on that discussion. But, that discussion was six months ago, and is very long.... so I felt it worthy to try to summarize best I could. And, with taking the information, I wasn't even sure what process to do first? So, although I state in this post below as fact, realize I am siting other users information from the post mentioned above.
So, in a nutshell, I am asking you all:
- Is the below information accurate?
- What items do I do first? What items do I not do at all?
My story: I was searching for some stuff on the planet Jupiter for my daughter's class project. And, bam, a pop-up came up saying I was a Michigan winner. How the heck does this pop up know I am from Michigan????
What was worse, the pop-up could not be closed (the three dots were not present in the upper left-hand corner), I could not access any menu items, etc.in Safari. As this other post above mentioned, "my computer/Safari has been hijacked".
I have Lion, so naturally, any force closing, and/or rebooting just brings up the same pages once again. However, along the way, it had asked for an administrator name and password. I didn't think of it too much as I had been moving between users that day so my other daughter could be surfing the web on her restricted account. So, I thought it had to do with that.
After reading the above-referenced post, I can summarize the plethora of information into the following:
- I probably came across a similar malware issue
- I probably gave my password to an enemy
- And, my Mac is currently setting power-off awaiting my decision on what to do. And, am having to write this post on my husband's Windows PC. Not happy!
Issues and/or solutions:
- I might be able to hold down the shift key when entering Safari to disable the "resume pages" option on Lion. (however, that doesn't mean the issue is gone... just that I might be able to access websites and the menu again.)
- I am gonna need to delete some files perhaps outside of Safari (downloads.plist; history.plist; historyindex.sk; lastsession.plist; topsites.plist; webpageicons.db;) THEN EMPTY THE TRASH.
- I am sure I need to make sure that my Apple software is up to date, including security definitions. (no one in the other post even mentioned this, I don't think, but I would think this would be very helpful.)
- I am going to have to address Flash cookies (.sol files)
- delete them from home/library/preferences/macromedia/flash player/#sharedobjects
- settings need to be adjusted in home/library/preferences/macromedia/flash player/macromedia.com/support/flashplayer/sys
- FYI: the home>library folder is now hidden.... so will need to discover how to access that
- Or use the Flush app to remove all flash cookies; Or use Safaricookies app to be selective on what flash cookies I'd want to keep
- Adobe flash player now puts a system preference in system preferences folder for flash player, including a simple way to delete all flash cookies
- The old version of FP you have to go to the adobe flash player support page to view the control panel that lets you do this. The new one, lets you control it on your Mac.--Supposedly you can access this control panel via double clicking the FP icon
- Tracker cookies scare me:
- If I installed this Trojan(OSX/DNSChanger) by providing my password, my DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. (BTW, I moved to a Mac a couple years ago because my Windows laptop got one of these things on them... thought I was immune on a Mac. So wrong!)
- It concerns me that this attacker could be monitoring my passwords, etc on my banks, etc. Not sure if this is true or not...
- SecureMac app has a free Trojan Detection Tool for Mac OS X. The software to remove it has a 30-day trial and then costs $30US.
- It goes on to talk about Windows viruses that can be passed on through emails to other Windows users, which CLAMXAV app can fix. Uncertain if available for Lion per the contributor's remarks, but is also difficult to remove from your Mac. The contributor also alerted us to not install Norton on the Mac as it is damaging to the OS.
- Some users did the shift button with the Safari button thinking they were done with the whole thing, but realized there was a Trojan on their Mac, still alive. Sending to trash and emptying trash- not sure if that is all you need to do finding it using spotlight?
- Things that didn't work for other users and other threads to read:
Any help on this would be greatly appreciated!!!!!
An additional question I have:
I have a Time Capsule. Could I just restore from two days ago and not have to worry about any of the above actions?