I think I have a virus picked up from a CNET download, cananyone suggest a way to get rid of it? When I open a browser, an additional tab opens with no content. I can't get it to go away even after restarts.
MacBook, iOS 7.0.3
You don't have a virus. See:
Helpful Links Regarding Malware Protection
An excellent link to read is Tom Reed's Mac Malware Guide.
Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
See these Apple articles:
Mac OS X Snow Leopard and malware detection
OS X Lion- Protect your Mac from malware
OS X Mountain Lion- Protect your Mac from malware
If you require anti-virus protection I recommend using VirusBarrier Express 1.1.6 or Dr.Web Light both from the App Store. They're both free, and since they're from the App Store, they won't destabilize the system. (Thank you to Thomas Reed for these recommendations.)
You don't have a virus. See:
Helpful Links Regarding Malware Protection
An excellent link to read is Tom Reed's Mac Malware Guide.
Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
See these Apple articles:
Mac OS X Snow Leopard and malware detection
OS X Lion- Protect your Mac from malware
OS X Mountain Lion- Protect your Mac from malware
If you require anti-virus protection I recommend using VirusBarrier Express 1.1.6 or Dr.Web Light both from the App Store. They're both free, and since they're from the App Store, they won't destabilize the system. (Thank you to Thomas Reed for these recommendations.)
Thank! This will be very helpful.
Kappy,
You indicated I don't have a virus...so what could this be. It started after that CNET download.
You should never download anything from CNET's Download.com. It's not to be trusted. Both Download.com and Softonic have been known to insert self-serving adware into the installers of applications downloaded through their sites. However, the adware in question is not technically malware, and will not be detected as such by most anti-virus software.
The behavior you describe, though, does not sound like adware (or malware, for that matter). Is this happening only in one browser? If so, which one? It sounds like the browser may be trying to restore a previous state when it reopens, and thinks that state should be two empty tabs. If the browser in question is Safari, try quitting Safari, then holding down the shift key while re-opening Safari.
Is that entire string actually in the URL field? That looks like badly corrupt data, including a bunch of HTML code.
One clue I see in there, though, points to a bit of adware called MyBrowserBar.com. Do you have something along those lines installed somewhere? Check your browsers extensions. In Safari's preferences, check the Extensions tab. What do you see there?
There is a thing called "Search me" along with an Amazon and Ebay ext.
I do have K9 by Blue Coar Systems installed which blocks sites that have spyware/malware, **** etc. I opened Chrome preferences and noticed the second tab that was showing up was now listed as a start up page - i removed it.
There is a thing called "Search me" along with an Amazon and Ebay ext.
That is an adware program that probably rode in on some other app's installer. Did this show up right after you installed the app you downloaded from CNET? If so, what app was it that you downloaded? They may be up to their old tricks again.
Delete the SearchMe extension in Safari's Extensions preferences. Look at Chrome's preferences, too... click the Extensions link in the left-hand column in Chrome's preferences, and if you see a similar SearchMe item, remove it from there as well.
I do have K9 by Blue Coar Systems installed which blocks sites that have spyware/malware, **** etc.
I suspected you may have something like that installed. That also explains the text you posted above, found in the URL field in your browser, and the fact that all these tabs are opening blank... K9 would seem to be not functioning properly. I would advise removing that as well. As long as you keep your browser, and any internet plug-ins (like Flash), up-to-date, and keep Java disabled, you have nothing to fear from malware sites. (See my Mac Malware Guide for more information.)
Thanks Thomas - the file was "X Lossless Decoder"
I just downloaded that and installed it in a clean test system. CNET is caught red-handed! Not only does the installer add SearchMe, but it is also responsible for the Amazon and Ebay extensions you found. On my test system, it also installed a Slick Savings extension!
All of those extensions should be removed, and you should never visit Download.com again!
Thomas,
It's not just "X Lossless Decoder" that is being bundled with the toolbars, but a large number of popular Mac apps, including antivirus apps such as Sophos Antivirus for Mac Home Edition and clamXav. See http://securemac.com/cnet-installer.php for more details.
SecureMac has created a complete user guide to identify and remove the CNET adware from Macs: http://securemac.com/cnet_adware_removal_guide.php
I have been trying to get rid of this malware for 2 weeks
I have installed Sophos and ran it on my Mac, OS X Version 10.7.5 , It found infected files quarenteed them and deleted them, I ran Sophos again just to be sure , rebooted my Mac and I still get these pop ups.
I am using Chrome, and have run Sophos on the specifically on the Crome browers after running it on all files on my Mac, no infected files found. Can you please advise what I can do to get ride of the mal ware?
See my Adware Removal Guide.
(Fair disclosure: The Safe Mac is my site, and contains a Donate button, so I may receive compensation for providing links to The Safe Mac. Donations are not required.)
how do I get rid of Malware/Spyware?
