Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: vla-wot
vla-wot Author
User level: Level 1
0 points

Safari Virus!

My MacBook Air 2011 MAC OS X 10.9
Safari Virus how delete help please!


Safari version 7.0.9537.71



User uploaded file


User uploaded file

MacBook Air, OS X Mavericks (10.9), ( BootCamp Windows 7 )

Posted on Nov 19, 2013 7:18 AM

Reply
9 replies
User profile for user: dominic23
dominic23
User level: Level 10
83,916 points

Nov 19, 2013 8:48 AM in response to vla-wot

Quit Safari.

Hold the shift key down and relaunch Safari.



Reset Safari.


Click Safari in the menu bar.

From the drop down select "Reset Safari".

Uncheck the box next to " Remove saved names and passwords".

Click "Reset".




Empty Caches


Safari > Preference > Advanced

Checkmark the box for "Show Develop menu in menu bar".

Develop menu will appear in the Safari menu bar.

Click Develop and select "Empty Caches" from the dropdown.


Turn off Extensions if any, and launch Safari.

Safari > Preferences > Extensions

Reply
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,547 points

Nov 19, 2013 11:29 AM in response to vla-wot

From the Safari menu bar, select

Safari ▹ Preferences ▹ Extensions

Turn all extensions OFF and test. If the problem is resolved, turn extensions back ON and then disable them one or a few at a time until you find the culprit.


Otherwise, continue.

This procedure is a diagnostic test. It won’t solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.

Third-party system modifications are a common cause of usability problems. By a “system modification,” I mean software that affects the operation of other software — potentially for the worse. The following procedure will help identify which such modifications you've installed. Don’t be alarmed by the complexity of these instructions — they’re easy to carry out and won’t change anything on your Mac.


These steps are to be taken while booted in “normal” mode, not in safe mode. If you’re now running in safe mode, reboot as usual before continuing.


Below are instructions to enter some UNIX shell commands. The commands are harmless, but they must be entered exactly as given in order to work. If you have doubts about the safety of the procedure suggested here, search this site for other discussions in which it’s been followed without any report of ill effects.


Some of the commands will line-wrap or scroll in your browser, but each one is really just a single line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, and you can then copy it. The headings “Step 1” and so on are not part of the commands.


Note: If you have more than one user account, Step 2 must be taken as an administrator. Ordinarily that would be the user created automatically when you booted the system for the first time. The other steps should be taken as the user who has the problem, if different. Most personal Macs have only one user, and in that case this paragraph doesn’t apply.


Launch the Terminal application in any of the following ways:


☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)


☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.


☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.


When you launch Terminal, a text window will open with a line already in it, ending either in a dollar sign (“$”) or a percent sign (“%”). If you get the percent sign, enter “sh” and press return. You should then get a new line ending in a dollar sign.


Step 1


Triple-click anywhere in the line of text below on this page to select it:

kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}' | open -ef


Copy the selected text to the Clipboard by pressing the key combination command-C. Then click anywhere in the Terminal window and paste (command-V). I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window will open with the output of the command. If the command produced no output, the window will be empty. Post the contents of the TextEdit window (not the Terminal window), if any — the text, please, not a screenshot. You can then close the TextEdit window. The title of the window doesn't matter, and you don't need to post that. No typing is involved in this step.

Step 2


Repeat with this line:

{ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix\.cron)|org\.(amav|apac|cups|isc|ntp|postf|x)/{print $3}'; echo; sudo launchctl getenv DYLD_INSERT_LIBRARIES; echo; sudo defaults read com.apple.loginwindow LoginHook; echo; sudo crontab -l; } 2> /dev/null | open -ef


This time you'll be prompted for your login password, which you do have to type. Nothing will be displayed when you type it. Type it carefully and then press return. You may get a one-time warning to be careful. Heed that warning, but don't post it. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.


Note: If you don’t have a login password, you’ll need to set one before taking this step. If that’s not possible, skip to the next step.


Step 3

{ launchctl list | sed 1d | awk '!/0x|com\.apple|org\.(x|openbsd)/{print $3}'; echo; launchctl getenv DYLD_INSERT_LIBRARIES; echo; crontab -l 2> /dev/null; } | open -ef


Step 4

ls -A /e*/{cr,la,mach}* {,/}Lib*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts .la* 2> /dev/null | open -ef

Important: If you formerly synchronized with a MobileMe account, your me.com email address may appear in the output of the above command. If so, anonymize it before posting.


Step 5

osascript -e 'tell application "System Events" to get name of login items' | open -ef


Remember, steps 1-5 are all copy-and-paste — no typing, except your password. Also remember to post the output.


You can then quit Terminal.

Reply
User profile for user: American In Morocco
American In Morocco
User level: Level 1
0 points

Jan 20, 2014 3:57 PM in response to Linc Davis

I have the same problem I think. I did what you said and here's the reults:


The 1st TextEdit Box:


com.torch.update.agent

com.microsoft.office.licensing.helper

com.adobe.SwitchBoard

com.adobe.fpsaud

cn.com.zte.PPPMonitor.plist


The 2nd TextEdit Box:


com.bittorrent.uTorrent.27312

com.google.GoogleDrive.8128

com.adobe.dynamiclinkmanager.55120.369C3017-89CA-4E9F-899F-45FF327F18F9

com.huawei.HWPortCfg.plist

cn.com.zte.usbswapper.plist

com.google.keystone.user.agent

com.adobe.AAM.Scheduler-1.0


The 3rd TextEdit Box:


com.bittorrent.uTorrent.27312

com.google.GoogleDrive.8128

com.adobe.dynamiclinkmanager.55120.369C3017-89CA-4E9F-899F-45FF327F18F9

com.huawei.HWPortCfg.plist

cn.com.zte.usbswapper.plist

com.google.keystone.user.agent

com.adobe.AAM.Scheduler-1.0


The 4th TextEdit Box:


/Library/Components:



/Library/Extensions:

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext



/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

OSXFUSE.framework

PluginManager.framework

iTunesLibrary.framework



/Library/Input Methods:



/Library/Internet Plug-Ins:

AdobeAAMDetect.plugin

AdobePDFViewer.plugin

Default Browser.plugin

Flash Player.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

Silverlight.plugin

flashplayer.xpt

nsIQTScriptablePlugin.xpt



/Library/Keyboard Layouts:



/Library/LaunchAgents:

HWPortCfg.plist

cn.com.zte.usbswapper.plist

com.adobe.AAM.Updater-1.0.plist



/Library/LaunchDaemons:

cn.com.zte.PPPMonitor.plist

com.adobe.SwitchBoard.plist

com.adobe.fpsaud.plist

com.microsoft.office.licensing.helper.plist

com.torch.update.agent.plist



/Library/PreferencePanes:

Flash Player.prefPane

OSXFUSE.prefPane



/Library/PrivilegedHelperTools:

com.microsoft.office.licensing.helper



/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator



/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component



/Library/ScriptingAdditions:

Adobe Unit Types.osax



/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter



/Library/StartupItems:

HWNetMgr

HWPortDetect

StartOuc



/etc/mach_init.d:



/etc/mach_init_per_login_session.d:



/etc/mach_init_per_user.d:

com.adobe.SwitchBoard.monitor.plist



Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle



Library/Fonts:

ANGEL___.otf

AmazOOSTROBBold.ttf

AmazOOSTROVOutline.ttf

AmazOOSTROVv.2.ttf

American Brewery Rough.ttf

BrannbollFet.ttf

Buffalo Nickel.ttf

CANDY___.otf

Calligraphic Frames Soft.otf

ClearLine_PERSONAL_USE_ONLY.ttf

CoventryGardenNF.ttf

FargoFaroNF.ttf

Fontscafe_HandShopTypography-A20_demo.ttf

Hustlers Rough Demo.ttf

LITTLELO.TTF

LicensePlate.ttf

Lobster 1.4.otf

Montezuma.ttf

Nymphette.ttf

OutlinerNo.45 DEMO-KCFonts.ttf

Pacifico.ttf

Parkvane.ttf

Pilar Display Typeface.otf

Prida65.otf

RNS-B.ttf

Spliffs.ttf

SteelTown.ttf

SubwayNovellaDEMO.ttf

The Green Life.ttf

VarietÇ Cascadeur.ttf

VarietÇ Casino.ttf

VarietÇ Colege.ttf

VarietÇ Folies.ttf

Vibe.ttf

WELTRON2.TTF

WHOOPASS.TTF

bimasakti.ttf

finalship.ttf

go to the sky.ttf

ltsweetnothings.ttf



Library/Input Methods:

.localized



Library/Internet Plug-Ins:

RealPlayer Plugin.plugin



Library/Keyboard Layouts:



Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.apple.CSConfigDotMacCert-******************@me.com-SharedServices.Agent.plist

com.google.keystone.agent.plist



Library/PreferencePanes:


The 5th TextEdit Box:


iTunesHelper, Google Drive, uTorrent



Library/Services:

.localized




-------------------------------------------


PLEASE HELP ME FIGURE THIS OUT! So far, I've seen your answers on a few other threads and you seem extremely knowledgeable and helpful. I really really need to get my computer to work again! Thank you in advance!!

Reply

Safari Virus!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up