I'm using osx 10.8.5 and my Mac has been compromised. Every time I am on Youtube and other sites tons of strange ads pop up on the bottom and right side of the screen. Sophos scanned clean. Any suggestions?
MacBook Pro (13-inch Mid 2012), OS X Mountain Lion (10.8.5)
You don't have a "virus" because there is no such thing as a virus for OS X.
You may have a browser hack in Safari.
Try resetting it. (Safari>Reset Safari)
Also look into GlimmerBlocker for Safari. It'll prevent annoyoing ads from ever appearing.
And you don't need Sophos. In fact, you don't need ANY anti-virus on a Mac because there is nothing for it to protect you against that OS X doesn't already do quite well on its own.
Thanks for the reply. Except I don't use Safari at all. I use Chrome. Same advice or is there another process? I've cleared all browsing history. I will try resetting it.
I have an idea as to what caused it. I (idiotically) visited download.com. Nuff said.
You may want to do a complete uninstall and reinstall of Chrome.
Use AppZapper to remove preferences and profiles.
Double check [user]/Library/Application Support/Google to be sure the Chrome folder is deleted.
Hold the "Option" Key when you click "Go" from the Finder menu to access your [user]/Library folder.
Try opening a New Incognito Window in Chrome (that's an option available thorugh the menu). Visit YouTube and see if the odd ads show up.
If not, you've got an extension installed that needs to be removed. Type chrome:extensions and look through the list & delete anything you don't recognize.
~Lyssa
You may have installed the "Genieo" search-hijacking rootkit. There is an uninstaller, but as the developer is dishonest, you can't use it. I suggest the tedious procedure below to disable Genieo.
Back up all data. You must know how to restore from a backup even if the system becomes unbootable. If you don't know how to do that, or if you don't have any backups, stop here and ask for guidance.
Triple-click anywhere in the line below on this page to select it:
/etc/launchd.conf
Right-click or control-click the line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.
If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar, paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.
A folder may open with a file selected, or the file may not exist, in which case you'll get a message that it can't be found. If it does exist, it's a configuration file created or replaced by the Genieo installer. Any software installer that does this should be considered ipso facto malware. Move the file to the Trash. You'll be prompted for your administrator password. Then restart, empty the Trash, and continue as below.
IMPORTANT: If the launchd.conf file exists, you must move it to the Trash and restart before continuing. Otherwise the system may become unbootable. In that case, restore from your backup and start over. That's how badly Genieo has sabotaged your system. If you're not completely sure you can complete this step, stop here and ask for guidance.
Once you have trashed the launchd.conf file and restarted, or verified that the file doesn't exist, quit the Genieo application, if it's running. Force quit if necessary.
Move each of these items to the Trash in the same way as above:
/Applications/Genieo.app
/Applications/Uninstall Genieo.app
/Library/Frameworks/GenieoExtra.framework
/Library/LaunchAgents/com.genieo.engine.plist
/Library/LaunchAgents/com.genieoinnovation.macextension.plist
/Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist
/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
/usr/lib/libgenkit.dylib
/usr/lib/libgenkitsa.dylib
/usr/lib/libimckit.dylib
/usr/lib/libimckitsa.dylib
There's no need to restart after each one. Again, some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
Restart and empty the Trash. Don't try to empty the Trash until you have restarted.
Your web browser(s) should now function normally, and you should be able to reset the home page and search engine. If not, stop here and post your results.
From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall any extensions you don't know you need, including ones called "Genieo" or "Omnibar," and any that have the word "Spigot" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
The Genieo installer may also install the "Silverlight" web plugin from Microsoft. If you have no use for that plugin, you can remove it according to Microsoft's instructions. Don't remove it if you subscribe to "Netflix" or any other video-streaming service that uses it.
This procedure may leave a few files behind, but it should deactivate Genieo. Make sure you don't repeat the mistake that led you to install it. Chances are you got it from one of the Internet's open sewers such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site.
Finally, be forewarned that when Genieo is mentioned on this site, the developer sometimes shows up under the name "Genieo support." If that happens, don't believe anything he says, but feel free to tell him what you think of his scam.
This is not malware, but it could be adware. (There's a subtle difference.) It could also be a problem with your network, such as DNS poisoning or a hacked wireless router. Start troubleshooting here:
Eliminating browser redirects and advertisements
With regard to some of the replies you've gotten...
Although there are no Mac viruses, by the strictest definition of the term, there is Mac malware out there, though it's rare. Don't get the impression that there's nothing dangerous out there and that you're invulnerable, or you'll end up infected sooner or later. See my Mac Malware Guide.
Also, apps like GlimmerBlocker block ads that are supposed to be there. They usually cannot block ads that have been injected into a site by something else, as sounds like is the case with you. If it actually did work to block the ads, you would still have the problem that is causing it, but would just be covering it up. I don't recommend this as a solution.
Finally, I strongly recommend against use of apps like AppZapper. They can often remove too little or, worse, too much. Removal of an app should be done properly, using the uninstaller if one is provided by the developer of the app. Uninstalling Chrome would be overkill anyway... the only way that removing Chrome, and all associated files and folders, would help would be if this is being caused by a Chrome extension, and you can remove those easily through Chrome's preferences.
Thanks for the feedback everyone.
It is fixed now!
What was the fix? Did you find adware? Was there a network issue?
thomas,
I just cleared Chrome's browsing and reset the browser.
Fixed.
I just cleared Chrome's browsing and reset the browser.
Fixed.
If that's all it took, that probably means you had a network issue that was fixed by your provider, and clearing the cache made the browser recognize the change.
I am having the same problem on BOTH Chrome and Firefox and I cannot figure out how to permanently disable these annoying malware ads. It is happening on almost every page I click on, a window appears on the screen or two separate windows pop up simultaneously. How do I get rid of it?
See my Adware Removal Guide.
(Fair disclosure: The Safe Mac is my site, and contains a Donate button, so I may receive compensation for providing links to The Safe Mac. Donations are not required.)
Thomas, your TSM Adware Removal Tool does the trick ! Works like magic !
Hello.
I followed the steps in your response and found almost every file, but my browser responds the same.
I am receiving countless ads, especially on youtube. The ad blocker shows 1056 or so each time. What should I do?
Help!
Thank you
Thank you so much! your adware removal software is exceptional.
My Mac has a Virus!
