I'm using osx 10.8.5 and my Mac has been compromised. Every time I am on Youtube and other sites tons of strange ads pop up on the bottom and right side of the screen. Sophos scanned clean. Any suggestions?
MacBook Pro (13-inch Mid 2012), OS X Mountain Lion (10.8.5)
The Adware Medic works perfectly! Thanks for recommendation... No more ads!!! 🙂
Oh deary me . . . I didn't want to find this page but now I have.
My wife has a Mac Mini running Yosemite and going through the same wi-fi network as me, but obviously my MacBook Pro setup is completely different. Plus, I hardly ever go to places like Facebook or click on stupid cat videos -- I've simply been around too long to be linkbait. Well, let's hope so, at least!!
But I can't blame her. They got her a couple of months ago -- adware -- and I tracked it down and got rid of it, but now it's a clearly different one that has infected ALL her browsers.
She didn't even HAVE Firefox on her computer until I downloaded it just now -- she'd been using Safari -- and the NEW Firefox was immediately obviously compromised, with some strange search engine as the home page, all her Safari bookmarks somehow already installed, even though I didn't import them, and the usual "Banish belly fat" cr¢p ads popping up everywhere like weeds.
I also avoid the "fix malware" apps that can pretend to be benign but actually just install more cr§p. But I'm afraid to do anything with Terminal or anything like that -- I'm an OS 9 guy and don't know much about the UNIX base system.
Okay, so it's got her Safari and also her Firefox -- I know that if I install Chrome it will be there immediately.
I wasn't able to go through every post here to see if it addresses my particular issue -- but if there is an answer here that sounds like it might be my issue, could someone please kindly repost it? It's very much appreciated in advance.
I feel really guilty, since I supposedly rescued her from Windows and the **** she was in, only for her to get this.
Nicholas Robinson1 wrote:
I also avoid the "fix malware" apps that can pretend to be benign but actually just install more cr§p.
If you're referring to recommendations that have been made on this topic for AdwareMedic, I'm the developer of AdwareMedic. I can assure you, it will not install anything on your system.
Of course, I'm just a stranger online, and I could be lying to you. Don't take my word for it... do some Google searches, and see what other people are saying about it.
Alternately, if you just can't bring yourself to trust an unfamiliar app and don't feel comfortable following manual removal instructions, you could make an appointment at the Genius Bar at your nearest Apple Store, and the techs there can help you.
Hi Thomas,
No, I wasn't referring to you at all! I was actually thinking about that ad that pops up all the time -- forget the name, but you know the one I mean. Also, Sophos -- I think I tried that one too. Did nothing.
No, I certainly trust someone who posts right here in this forum much more than I would some opportunistic popup ad.
I'm going to go check out your site right now. Good one, and thanks for looking out for the Community. If it works, I will be sure to donate!
Cheers
Nick
Thomas,
Wow! Your app totally worked! No hassles at all. I ran it and restarted and was a bit freaked because Firefox just immediately returned to its infected self, but I just deleted all its history and restarted it and all was fine. It turns out it was the Trovi thingie -- and your app found it and killed it.
I was going to say -- I'm no businessman, but instead of the app showing up after a restart and asking if I've paid yet, instead could you arrange it so that the app works perfectly ONE TIME, then, if the user uses it a second time (which would be explained in a ReadMe) it forces them to register, say for a reasonable fee like $9.99? Or scans, finds the malware the second time around, but only fixes it if the user registers?
I can see how that could be complicated, but it's for sure that it works -- at least, it sure did for me -- and you deserve to get paid for it.
Cheers
if the user uses it a second time (which would be explained in a ReadMe) it forces them to register, say for a reasonable fee like $9.99?
Are you referring to AdwareMedic? If so, there's no limitation to how many times you can use it. It's always free and donations are not mandatory to continue using the app. It does ask this question each time you launch it:
If you like, at any time you can check the box on the left and "Not Now" will change to "Dismiss". Click Dismiss and you'll never see this box again. It's always up to the user to decide if they'd like to make a donation. AdwareMedic will continue as a fully functional app whether you've donated or not.
Kurt
Yes, I was referring to AdwareMedic. I just thought that since it's such a great product, it should demand to get paid instead of just suggesting it! ^-^
Incidentally, while we're on the subject of adware, it seems my wife's problem didn't go away after all. I don't know how these bottom-feeders work, but she recently discovered an Israeli news site called Mako (or something like that) that seems to be a sort of Israeli CNN. But suddenly (or so it seems) in the past week, every time she tries to access it, she's confronted by a commercial by some car company I've never heard of -- "Scion" -- which looks a LOT like adware to me -- the last time she was trying to watch it, the ad just suddenly froze on the entire screen while the news channel sound was running behind it, and I couldn't get a menu bar or anything -- I had to force-quit Safari.
Now I know that these companies (YouTube etc.) are trying to monetize by running targeted ads -- I get Canadian, sometimes even French Canadian ads when I access YouTube through my Apple TV -- but in the Scion case, you can't skip it after five seconds. She doesn't even object to that, but I'm convinced it's adware. However, AdwareMedic, while taking care of the Trovi virus, did not make the Scion ads go away. I tried Googling the problem, but came up empty.
How do I know if her computer is infected, or it really is a company paying to run its ads on the Israeli site?
Yes, I was referring to AdwareMedic. I just thought that since it's such a great product, it should demand to get paid instead of just suggesting it! ^-^
Ah! I give Thomas much credit for making his app available as donation-ware. Especially considering the time he puts into it.
Scion is a division of Toyota. You'll find both makes on the same Toyota car lots.
You may have run across a new form of adware that hasn't been seen much. Just like AV software can only recognize known malware, AdwareMedic can only detect known adware. So Thomas can check to see if that's the case, follow these instructions (obtained from clicking the Next Steps button in AdwareMedic).
Submit a system snapshot
If you have done all of the above and the problem still has not been resolved, you may have some new adware that is a bit more invasive than a simple browser extension. In this case, open AdwareMedic and choose Take System Snapshot from the Scanner menu. Submit that snapshot report to The Safe Mac for analysis. Be sure to describe all steps you have taken to solve the problem!
It's also possible your router has been compromised. This is particularly likely if you're seeing the same ads on every computer device accessing the same network.
Nicholas Robinson1 wrote:
Wow! Your app totally worked! No hassles at all.
Glad to hear it!
I ran it and restarted and was a bit freaked because Firefox just immediately returned to its infected self, but I just deleted all its history and restarted it and all was fine. It turns out it was the Trovi thingie -- and your app found it and killed it.
Note that, in the case of Trovi, some variants of the adware are known to make non-trivial modifications to both the Firefox app and the data in the Firefox profile. AdwareMedic should have alerted you to this, but it's possible you might have accidentally dismissed it before you got the chance to read it. For information on how to proceed, see:
http://www.adwaremedic.com/kb/firefox-mod.php
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)
I was going to say -- I'm no businessman, but instead of the app showing up after a restart and asking if I've paid yet, instead could you arrange it so that the app works perfectly ONE TIME, then, if the user uses it a second time (which would be explained in a ReadMe) it forces them to register, say for a reasonable fee like $9.99?
That's not a very appealing option for me. I don't want to be perceived as holding anyone hostage, so to speak. Especially since this is an area of computing where trust is often thin to start with.
Can someone help me? (sorry my english is not perfect)
I'm in mac, and today in firefox appear a page asking money and i couldn't close it so I need to restart firefox.
After that in firefox itself gmail didn't work, later youtube. later internet was off. I restar my mac and again appear the same page asking money in firefox, i open chrome and after some minutes appear the same page. I restarted the modem.
The tricky thing is that in the computer of my husband (windows) start not working gmail. And some minutes later appear the same page asking money!, please can you tell me what I should do, looks like the virus is in the modem more than in the mac or windows. We passed the antivirus in the window computer and nothing appeared. Im still having this radom pages coming out anytime.
Any help I will appreciated.
Thanks!
FL
ferraby_love wrote:
I'm in mac, and today in firefox appear a page asking money and i couldn't close it so I need to restart firefox.
After that in firefox itself gmail didn't work, later youtube. [...]
The tricky thing is that in the computer of my husband (windows) start not working gmail. And some minutes later appear the same page asking money!
Those pages are scams, so don't try to respond to them in any way. See:
Since you're seeing the same thing on two different computers, and had some other internet issues as well, it's possible that your network hardware has been hacked. See:
http://www.adwaremedic.com/kb/hackedrouter.php
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)
Thanks for the quick replied.
For installing Adwaremedic, I need first do a backup anyway?
Thanks again!
FL
ferraby_love wrote:
For installing Adwaremedic, I need first do a backup anyway?
Well, note that it's unlikely that AdwareMedic will help here. What you describe does not sound like adware.
Still, if you want to run it and see what it finds, that can't hurt. If you don't have any backups, it would definitely be wise to make backups first... not because running AdwareMedic is particularly dangerous, but because using a computer in general without backups is inherently VERY dangerous!
Oh, sorry Thomas, I understood the solution was install Adwaremedic. So then its a virus? If its so what can I do now?
Thanks!
Hello,
The only advice I can give when you identify a virus, Trojan, Keylogger, etc. is to run off Time Machine.
I received some virus by e-mail, and my antivirus could not delete or repair the Time Machine Files.
My Mac has a Virus!
