3 Replies Latest reply: Jan 3, 2013 8:34 AM by Linc Davis
fphoekstra Level 1 (0 points)

Sinds a few days my Imac is infected with malware. Everytime i startup Safari, Eset security comes with a popup that there is a problem and Eset puts in in quarantaine. However, in Safari and also in Firefox, whemn i click a highlighted word, it goes to a site with advertisment.


This is what i can find in Eset log. Can someone tell me how I can remove this ??????


/Users/fphoekstra/Library/Caches/com.apple.Safari/Extensions/Yontoo.safariextens ion/global.html                Win32/Adware.Yontoo.C programma        opgeschoond door te verwijderen - in quarantaine geplaatst

iMac (27-inch Mid 2011), OS X Mountain Lion (10.8.2)
  • Linc Davis Level 10 (192,689 points)

    Select Safari Preferences Extensions from the Safari menu bar. Delete the "Yontoo" extension.

  • fphoekstra Level 1 (0 points)

    This solved a part of the problem, but sometimes when i want to go to a page another page is coming up with advertisment like dating sites en mackeeper, how can i solve this problem?

  • Linc Davis Level 10 (192,689 points)

    Please read this whole message before doing anything.


    This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.


    Step 1


    The purpose of this step is to determine whether the problem is localized to your user account.


    Enable guest logins* and log in as Guest. For instructions, launch the System Preferences application, select Help from the menu bar, and enter “Set up guest users” (without the quotes) in the search box. Don't use the Safari-only “Guest User” login created by “Find My Mac.”


    While logged in as Guest, you won’t have access to any of your personal files or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.


    Test while logged in as Guest. Same problem?


    After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.


    *Note: If you’ve activated “Find My Mac” or FileVault, then you can’t enable the Guest account. The “Guest User” login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.


    Step 2


    The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login.


    Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode* and log in to the account with the problem. The instructions provided by Apple are as follows:


    • Shut down your computer, wait 30 seconds, and then hold down the shift key while pressing the power button.
    • When you see the gray Apple logo, release the shift key.
    • If you are prompted to log in, type your password, and then hold down the shift key again as you click Log in.


    Safe mode is much slower to boot and run than normal, and some things won’t work at all, including wireless networking on certain Macs.  The next normal boot may also be somewhat slow.


    The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.


    *Note: If FileVault is enabled, or if a firmware password is set, or if the boot volume is a software RAID, you can’t boot in safe mode.


    Test while in safe mode. Same problem?


    After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of steps 1 and 2.