Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Anon M
Anon M Author
User level: Level 1
17 points

I have a trojan on my iMac, how can I remove it?

I have what I believe is a trojan. Basically what it does is redirect me to http://flvdirect.iamwired.net/ when I'm under Safari.


I've researched this issue and couldn't really find people who had this issue on Mac, even on PC it seems to be rare.


But I think I know what caused it. Earlier today I looked for a way to download Youtube videos. There's several sites where you enter the link, and they ask you to accept something (my Mac warned me that I'm at my own risk). Obviously I declined, but I kept looking around for another solution. Finally I found a Safari extension on a site like Softpedia (don't remember the name however), and I even still have the DMG file: youtube_downloader_pro_mac-1.0.0.0-sf-macosx10.6.dmg


Strangely enough, the "extension" doesn't appear in the Safari extensions menu, and I can't find it anywhere else on my computer either. I tried looking for all possible names or for all possible "culprits" in various folders (Preferences, Logs, Cache, etc.) and also with CCleaner. How can I get rid of it?



I've noticed that it's only on Safari. I renewed the DHCP-Lease, don't ask me why, thought it might help. It reset some stuff. I removed proxies (I think I was using these before, but the trojan might have hacked them in somehow, at least I've read about that), and weirdly enough in the WLAN section of the Network preferences, there was another Wlan hotspot, that I had never seen. I had never seen any WLAN around here actually because there isn't really anyone using it. But maybe I'm wrong. What's weird is that it says "Preferred networks", when clearly, I never connected with that.


I searched for WLAN networks again now, and I can't find this network anymore. Too bad that I removed it from the list already, I should have written down the name first. It started with "ml".


I also noticed that my Safari home page was set to Iamwired.net, that's probably the reason why it redirected me there. What can I do people?


I'm thankfull for all answers! That's the first time something like this happened to me!



Cheers!

iMac, OS X Mountain Lion (10.8.3)

Posted on Apr 28, 2013 1:00 PM

Reply
7 replies
User profile for user: Anon M
Anon M Author
User level: Level 1
17 points

Apr 28, 2013 1:27 PM in response to etresoft

Well that's the problem, it doesn't appear in the extensions tab! I installed it, but I don't find it anywhere. Even though it said it successfully installed.


Also, I installed a Java plugin earlier, and I just read that there were some issues with that not too long ago. Apparently there's a test where you enter something in terminal, to check if you're infected, and apparently I'm not. But it might just be another issue.


I thought I had solved the problem now, because I had changed the Safari home page to nothing again, and removed a few things. Obviously I knew that it would still be hiding somewhere.


And yep, I just restarted Safari (I'm writing from Firefox now), and something set the homepage again to the site I mentioned earlier.



PS: I have still tried to turn of all extensions. It doesn't seem to make a difference however. Earlier I had done this as well and I had turned off plugins too in the security menu. It seemed to be gone, even after restarting after some time, but now eventually it came back. It's gone again now, but only because I changed the home page. It isn't really gone actually, and it will eventually reset the homepage to that site in some minutes or so...


Message was edited by: Anon M

Reply
User profile for user: etresoft
etresoft
User level: Level 8
46,768 points

Apr 28, 2013 1:29 PM in response to Anon M

You seem to be pretty game to install things from unknown sources, what's one more 🙂


I wrote a little diagnostic program to help show what is installed on someone's system. Download EtreCheck from http://www.etresoft.com/download/EtreCheck.zip, run it, and paste the results here.



Disclaimer: Although EtreCheck is free, there are other links on my site that could give me some form of compensation, financial or otherwise.

Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,989 points

Apr 28, 2013 2:43 PM in response to Anon M

It sounds like you may have downloaded and installed some junk adware. You've got to be careful about what you download and from where. Sites like Download.com, Softpedia and Softonic are to be avoided, as they are not authentic downloads and have been known to contain adware, added by those sites to help them make money.


You should be able to find and remove it using the information here:


Eliminating browser redirects and advertisements


If you wouldn't mind, contact me privately (using the Contact Me link at the bottom of the page I linked to above). I'd like to examine a copy of that installer you downloaded.

Reply
User profile for user: Anon M
Anon M Author
User level: Level 1
17 points

Apr 28, 2013 3:13 PM in response to thomas_r.

@ etresoft: Well, I downloaded it from the official Java site, so I supposed it should be safe! And by the way, how do I know you're software doesn't contain malware now? 🙂


@ Thomas: I read your article and removed those internet plugins. I also removed anything Java related, or at least I believe I did. I didn't notice anything suspicious in the internet plugins however. I'm still bothered where this "Youtube downloader" plugin has gone. I mean I've installed it, it MUST be somewhere...


If you want I can send you that DMG file, in case you think you could analyse it somehow? I still have the site I downloaded it from somewhere in my history, it shouldn't be hard to find it. But I don't want you to get infected as well, so I wouldn't open it! Perhaps you can analyze it in a way without opening it however?


For now however, Safari seems to work. No more redirecting. Java is allowed, so are plugins and also extensions. I'm still worried that the thing is hiding somewhere in my computer and that it may get hold of private data.



I've run an app called VirusBarrier express earlier (downloaded from the App store, should be safe!), it scanned by whole computer and didn't find anything. But then... it may not have found anything because this isn't a virus, right? Do you believe it can found trojans or other malware?


@ etre: I've still run your program and don't think I've noticed anything suspicious! I don't want to post everything on here since it also may contain private data (I saw an email address) 😉 so maybe you can tell me what to look out for? There's a few things where it says "failed" but I've had these for ages.

Reply
User profile for user: Anon M
Anon M Author
User level: Level 1
17 points

Apr 28, 2013 3:31 PM in response to andyBall_uk

That's exactly what it is! You know what's funny? Before I downloaded it I was surprised that it was downloaded so many times, but nobody gave a review yet (as opposed to the other plugins when you search for "youtube").


As a joke I thought it must be a virus and everyone's computer is dead now, so they can't give a review 😝



edit: I've restarted my computer now and Safari still works. Nothing suspicious at the moment.

Reply

I have a trojan on my iMac, how can I remove it?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up