How do I get the Rival Gaming malware off my mac?
ClamX didn't get rid of it, and SOPHOS doesn't seem to work either.
iMac (27-inch Late 2009), Mac OS X (10.7.5)
I'll check this out and let you know what happens. Thanks!
31 replies
Evercookie:
http://arstechnica.com/security/2010/10/it-is-possible-to-kill-the-evercookie/
And this long meandering, but interesting, thread capped off by some Permissions repair panacea nonsense.
https://discussions.apple.com/thread/2737085?start=0&tstart=0
michaelsip4 wrote:
there is a product called ccleaner in the app store which u may want to run for safety (in case it is browser related) only have the browser areas checked when you start your analyze and then clean up (the app has given some people strange results to people at times when more then there browser areas were cleaned up)
So I'm having trouble with understanding how this can possibly help. The web site is a bit short on details of what this does (even the docs are mostly Windows oriented), but in examining the screenshots provided it does not appear to do even as much as Safari Reset does. I have not done a side by side comparison of it to other utilities available, but I don't see anything there that OnyX doesn't do.
So why would I recommend OnyX over this offering. I must admit up front that my personal experience with early Mac cleaners has had a marked effect on my vowing never to use one again, but let's give you the benefit of the doubt here. The developer of CCleaner, Periform, has a whole stable of Windows only tools, which I understand have been around for years and are generally well regarded in that environment. This tool is the first that they have ported to OS X. Cleaning is and always has been a standard requirement for almost any user of a Windows PC. Having been forced to use one at work, I can attest to that need at least through 2007 when I was mercifully allowed to leave the PC world. My personal opinion is that CCleaner has not proven that it understands OS X well enough yet to be accepted as worth taking a chance that it may make matters worse. I would give them some time to refine their product and be reviewed in comparison to competing products before trusting my computer to it. There are plenty of alternative utilities that have been working with OS X for years that I would pick ahead of this one, at least for the present.
One more thing I need to point out. Although everything I could find regarding system requirements says it will work on OS X 10.5 (Leopard) and above, they left out the part about Intel only Macs.
There is ample testimony and evidence from expert OS X maintainers that Macs do not require nearly as much third party care in that area. There are certainly times when corruption sets in on most any Mac and require some amount of attention, but it tends to be focused on the issue being experienced which is almost never solved by either broad spectrum "cleaning" or periodic maintenance. The latter is almost exclusively being attended to these days by the OS itself. If a problem arrises (e.g. runaway log entries) it needs to be attacked directly and not through some work-around of deleting everything in site.
I could write some words about iAntivirus, as well, but since I can't test it for myself I'll refer you to what Thomas Reed had to say in the second update to his article Beware iAntivirus.
To MadMacs (to everyone else this is a side bar)
Staying on the OP mindset and stepping away from opendns and the evercookie ( I also support onyx)
I simply recommended CC-Cleaner and Iantivuris and I will elaberate.
I suggested ccleaner as a tool to clean there browsers (firefox and safari) its a simple easy product to use if you use it at the browser level as an additional verification that all is clean......the product in my opinion works well in this area - where other options are somewhat questionable (based on personal experience - supporting your opinion regarding its original source environment - win and an incomplete understanding of macs) --- just a safety check...for the OP
As for I anti-virus speaking candidly, I have downloaded or placed on my mac several win and malware based scenarios/situations from Eicar and other sources = I antivirus worked very well as did several other products
sophos and clamxav however I antivirus was the only product which caught it the moment I placed it on the intel mac..... the others did not.... hense the response to the OP - if it is downloaded from the app store it is sandboxed as well.....again just a safety check for the OP
I have no debates with any of your thoughts, I actually support them..but my focus was the OP and simplicity
as for the additional account thought (the mindset was really along the lines of is it a system issue vs a user id issue for further review.
michaelsip4 wrote:
I have downloaded or placed on my mac several win and malware based scenarios/situations from Eicar and other sources = I antivirus worked very well as did several other products
sophos and clamxav however I antivirus was the only product which caught it the moment I placed it on the intel mac..... the others did not....
Without knowing the details of how you conducted such tests, I can't tell you why this happened, but having conducted similar tests dozens of times I feel confident that the real-time scanners of both Sophos and the web version of ClamXav Sentry (not available with the AppStore version), properly configured, will immediately detect the Eicar. This really isn't the place to go into details, so I would hope you would find the time to report your findings to the vendors as soon as possible.
MadMacs,
regarding our sidebar (cold installs, definition updated, default settings, 1 scan) orderly shut down accross the board...orderly startup, introduction of test case.
On the other side, At times (as you know) people ask a question on a forum and are bombarded with feed back
(which is good) however at times, we (people) who are trying to help, loose site of the original post/mindset and question - personally, I attempt to stay with the original posters mindset/question and then based on feed back from them attempt to respond to the given out come they report. no one have ever attempted to provide, bad information to harm some one from what I have seen, however, things at times get lost in all of rhertorc that occurs after the original post --- normally i would pm you with this response to keep our sidebar sep and distinct
from the original.
I was on a card game site and foolishly clicked on a link that promised to take me to the Angry Birds game. What I got was Rival Gaming malware. A word on a website will be double underlined and highlighted; and when the cursor happens to roll over the word, the little window pops up with an ad relating to the word, completely independent from the meaning of the word in the context. Clicking the red button does not close it.
I have tried the recommended process for Firefox:
1. type "about:config" in url box
2. type "keyword.url" in search box. R click and reset.
3. type "browser.search.defaultengine" in search box. R click and reset.
Unfortunately the "reset" is grayed out. I have tried it several times. My daughter has also tried it on her Mac with the same result of grayed out "reset."
Lassen Lass wrote:
I have tried the recommended process for Firefox:
1. type "about:config" in url box
2. type "keyword.url" in search box. R click and reset.
3. type "browser.search.defaultengine" in search box. R click and reset.
Unfortunately the "reset" is grayed out. I have tried it several times. My daughter has also tried it on her Mac with the same result of grayed out "reset."
That's because it is already at it's default value. Yours is not a search problem, but simple adware. It's known by several names "Vibrant Ads", "AdSense", "IntelliTXT". You can usually eliminate it by using an ad blocking extension. "AdBlock" and "AdBlocker" are two I know of. I also use Ghostery to block tracking cookies.
Where did you find this link, and did you actually download and install something?
I was finally able to get rid of this adware by finding out what it was. It's called "Text Enhance". It's a new kind of advertising trick that I think is in poor taste. Just YouTube "Remove Text Enhanced" and watch a video if you are on a PC.
The Rival Gaming stuff is actually an extension that installs itself. Just click on your Safari preferences and look under the "Extensions" tab. It should be sitting there ready to be "Uninstalled". 🙂
Safari extensions can't be installed by themselves. You must have installed something that also installed that extension. It would be good to know what that was. If you know when this started happening, you can go to the System Information app (in Mountain Lion) and look at the Installations list. See what was installed around that time.
My wife claims she did not install anything but I was not there when she was on the Rival Gaming site. I think she may have approved something without really knowing what it was. The only other item installed was the Television Fanatics toolbar, which may have been a factor as well.
I don't have access to the Installations list right now because I am at work. I'll look it up when I get home. Thanks!
Safari Preferences....then select the "Extentions" tab. A Rival Gaming extension should be in this section. Just select "Uninstall" and it will remove all of the garbage links from the Browser.
Shibz21 wrote:
Safari Preferences....then select the "Extentions" tab. A Rival Gaming extension should be in this section. Just select "Uninstall" and it will remove all of the garbage links from the Browser.
That's exactly what the OP did here.
thanks to mick mcart ive still gota try it but the safari preferance i think will work
How do I get the Rival Gaming malware off my mac?