9 Replies Latest reply: Mar 22, 2013 3:13 PM by The hatter
SamahKhan Level 1 Level 1 (0 points)

Hi,

Firefox had this banner that said to download the new HD flash player and i did, but then i found out that it was a virus. Now, random words on the internet are underlined and when i hover above it, an ad appears. Is it malware and how do i fix it?

  • The hatter Level 9 Level 9 (60,800 points)

    Never fall for these - never download flash except directly from http://getflash.com or Adobe or Apple.

     

    That you fell for a common ploy, a scam, duped into downloading malware.

     

    Okay, now how to remove it?

     

    Nuke it.

     

    Restore from backup. You do keep a backup of your system, hopefully a clone in fact.

     

    Assuming you didn't stumble into this forum by accident and have a laptop instead, you do have 65 lb Mac sitting there? Pull the hard drive, slap in a backup or new drive.

     

    Don't use that system.

     

    Use Mountain Lion? use Recovery Mode.

     

    None of that an option? ML does have Gatekeeper.

     

    There are people that keep tabs and posting FAQs and "More like this" on the right side of this page has some common threads. Thomas Reed is active here and Mac OS forum and elsewhere with tutorials and what currently is best.

     

    So going to #2 "malware" thread on the right turns up:

     

    See Thomas Reed's Mac Malware Guide.

  • SamahKhan Level 1 Level 1 (0 points)

    I don't keep back-ups unfortuantely, but i have put all my important documents on a hard drive. So, i don't mind resetting it (is that ok? I read it makes it worse but i don't know if that is true). And I am currently operating on Lion.

    Thanks

  • The hatter Level 9 Level 9 (60,800 points)

    TimeMacine for data. Carbon Copy Cloner for your system - you can use one hard drive with two partitions.

     

    Having the system on say SSD and data on 2TB drive is proper method. Then one external and one internal drive for backups.

     

    That means you data is not just in one place.

     

    As for Lion, fine but now you need to either scrub your system or erase and reinstall. And that depends on what Mac model year and such and what OS did it ship with. And what steps Reed outlines for your type of malware.

  • Linc Davis Level 10 Level 10 (165,445 points)

    Most likely, you installed a malicious Firefox add-on. Disable all add-ons and test.

  • Tycoon24 Level 1 Level 1 (15 points)

    SamahKhan wrote:

     

    Hi,

    Firefox had this banner that said to download the new HD flash player and i did, but then i found out that it was a virus. Now, random words on the internet are underlined and when i hover above it, an ad appears. Is it malware and how do i fix it?

     

    First you should verify which version of Flash you're running, then compare that to the newest version of Flash Player. That should tell you if you have installed a legitimate version. If you're unsure how to do this, here's a guide that should help: http://www.intego.com/mac-security-blog/how-to-tell-if-adobe-flash-player-update -is-valid/ In the future, you should definitely only install those sorts of updates from Adobe. You should also run some form of antivirus scan to be sure your Mac isn't infected with malware, and if it is infected, just remove it and you should be good to go.

  • The hatter Level 9 Level 9 (60,800 points)

    there is an  PUPs (potentially unwanted program) adware from Yontoo that rewrites web pages with popups and injects itself, it also tries to fool the user and system to what it is. Intego and others don't call it a trojan others do.

     

    New Mac Yontoo adware trojan hitting OS X browsers (Windows also) a trojan?

    http://t.co/evRRGmOxTe ZDNet backdoor installer overwrites web pages

  • andyBall_uk Level 7 Level 7 (20,490 points)

    >>Never fall for these - never download flash except directly from http://getflash.com or Adobe or Apple.

     

    I'd avoid getflash.com,  it's just adverts &  a 'domain for sale' sign - if it ever links to something useful, there's no reason to trust it.

  • Grant Bennet-Alder Level 9 Level 9 (52,895 points)

    I think the hatter intended to reference this, the official adobe flash download site:

     

    http://get.adobe.com/flashplayer

  • The hatter Level 9 Level 9 (60,800 points)

    Yes, I just type the first part and should have said "getflash player" and always always be on Adobe web site!!