ever since i tried to download something from utorrent something happened to safari. Ads pop up in pages where they use to not be any and whenever i click on a link it takes me to a website which advertises things. What should i do?
MacBook Pro
Does this happen in both a different browsers and another user, or just Safari? If it happens universally, it sounds like your hosts file or DNS settings have been hijacked.
Given that it SOUNDS like the popups happen no matter where you go on any browser, it sounds like your /etc/hosts file or your DNS settings have been edited by some malicious software. There are a couple ways to browse to the hosts file, one is through terminal, the other requires 3rd party apps (like textwrangler).
Here's a thread that touches on how to access the hosts file:
Discussions Thread
See Barney-15E's responses.
Something else to add, as I've had a host file hijack before, make sure you browse the full file. In my instance, my hosts file looked just fine, but that's because the hijacked links were added after about a thousand line breaks. So scroll scroll scroll to make sure there's nothing "hiding" in there.
For DNS settings, follow this Apple article:
HT5343
If this isn't universal:
Check for startup/login items. Check for any Safari extensions. The more info you provide, the better we can help!
I do not have another browser but i have deleted uneccessary extensions and ive tried turning off the extensions but the ads and pop up windows are still there. I have also tried reseting safari but they still appear. I have also uninstalled utorrent and cant seem to find any trace of it in any files on my mac.
These are the ads that appear in the margins
I susepct you have this bit of malware that is commonly spread through torrents (get rid of torrnets if you want a stable Mac).
http://www.thesafemac.com/arg-downlite/
We can verify if you run a diagnostic.Please download and install this free utility:
http://www.etresoft.com/etrecheck
It is secure and written by one of our most valued members to allow users to show details of their computer's configuration in Apple Support Communities without revealing any sensitive personal data.
Run the program and click the "Copy report to clipboard" button when it displays the results. Then return here and paste the report into a response to your initial post. It can often show if any harmful files/programs are dragging down your performance. It usually picks up adware/malware.
I really need help now Allan Jones. I followed the link: thesafemac.com and did what it said. I moved to the trash the vlaunch and the daemons etc. and restarted it. But before removing from trash I saw that Safari wasn't working. Sites like apple, hotmail and other websites are not working. So I moved the stuff I deleted back where they were and restarted the computer again. But it still doesn't work. Only google searches works. What should I do?
Ok i fixed the safari problem the http proxy was turned on. Are you sure its safe to follow the steps in the link first link you provided (http://www.thesafemac.com/arg-downlite/)
Here is the infomation from etresoft.com
Hardware Information:
MacBook Pro (13-inch, Early 2011)
MacBook Pro - model: MacBookPro8,1
1 2.3 GHz Intel Core i5 CPU: 2 cores
4 GB RAM
Video Information:
Intel HD Graphics 3000 - VRAM: 384 MB
System Software:
OS X 10.9.2 (13C1021) - Uptime: 0 days 0:44:48
Disk Information:
Hitachi HTS545032B9A302 disk0 : (320.07 GB)
EFI (disk0s1) <not mounted>: 209.7 MB
Macintosh HD (disk0s2) / [Startup]: 319.21 GB (137.31 GB free)
Recovery HD (disk0s3) <not mounted>: 650 MB
MATSHITADVD-R UJ-8A8
USB Information:
Apple Computer, Inc. IR Receiver
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Inc. BRCM2070 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Inc. FaceTime HD Camera (Built-in)
Thunderbolt Information:
Apple Inc. thunderbolt_bus
Gatekeeper:
Mac App Store and identified developers
Kernel Extensions:
[not loaded] com.NovatelWireless.driver.NovatelWirelessUSBCDCECMControl (3.0.13) Support
[not loaded] com.NovatelWireless.driver.NovatelWirelessUSBCDCECMData (3.0.13) Support
[not loaded] com.ZTE.driver.ZTEUSBCDCACMData (1.3.8) Support
[not loaded] com.ZTE.driver.ZTEUSBMassStorageFilter (1.3.8) Support
[not loaded] com.novamedia.driver.IceraUSB_MSD_Bypass (1.3.0) Support
[not loaded] com.novatelwireless.driver.3G (3.0.13) Support
[not loaded] com.novatelwireless.driver.3GData (3.0.13) Support
[not loaded] com.novatelwireless.driver.DisableAutoInstall (3.0.13) Support
[not loaded] com.option.driver.Option72 (2.15.0) Support
[not loaded] com.option.driver.OptionHS (3.26.0) Support
[not loaded] com.option.driver.OptionMSD (1.21.0) Support
[not loaded] com.option.driver.OptionQC (1.11.0) Support
[kext loaded] com.rim.driver.BlackBerryUSBDriverInt (0.0.67) Support
[not loaded] com.rim.driver.BlackBerryUSBDriverVSP (0.0.67) Support
[not loaded] com.roxio.TDIXController (1.7) Support
[not loaded] com.vodafone.driver (3.0.9) Support
[not loaded] com.vodafone.driver.Data (3.0.9) Support
[not loaded] com.wdc.driver.1394HP (1.0.9) Support
[not loaded] com.wdc.driver.USBHP (1.0.11) Support
[not loaded] com.zte.driver.cdc_ecm_qmi (1.0.1) Support
[not loaded] com.zte.driver.cdc_usb_bus (1.0.1) Support
[not loaded] de.novamedia.driver.NMSamsung (0.0.2) Support
[not loaded] de.novamedia.driver.NMSmartplugSCSIDevice (1.0.1) Support
[not loaded] de.novamedia.driver.NMUSBCDCACMControl (3.2.12) Support
[not loaded] de.novamedia.driver.NMUSBCDCACMData (3.2.12) Support
[not loaded] de.novamedia.oem.vodafone.vtp.huawei.cdc (0.0.2) Support
[not loaded] net.kromtech.kext.AVKauth (2.3.6 - SDK 10.8) Support
[not loaded] net.kromtech.kext.Firewall (2.3.6 - SDK 10.8) Support
Launch Daemons:
[loaded] com.adobe.fpsaud.plist Support
[loaded] com.genieoinnovation.macextension.client.plist Support
[loaded] com.microsoft.office.licensing.helper.plist Support
[loaded] com.oracle.java.Helper-Tool.plist Support
[loaded] com.oracle.java.JavaUpdateHelper.plist Support
[not loaded] com.teamviewer.teamviewer_service.plist Support
[not loaded] com.vsearch.daemon.plist Support
[running] com.vsearch.helper.plist Support
[running] com.zeobit.MacKeeper.AntiVirus.plist Support
[failed] org.glimmerblocker.proxy.plist Support
Launch Agents:
[running] com.epson.epw.agent.plist Support
[running] com.genieoinnovation.macextension.plist Support
[loaded] com.oracle.java.Java-Updater.plist Support
[not loaded] com.teamviewer.teamviewer.plist Support
[not loaded] com.teamviewer.teamviewer_desktop.plist Support
[running] com.vsearch.agent.plist Support
[running] de.novamedia.VodafoneDeviceObserver.plist Support
[loaded] org.glimmerblocker.updater.plist Support
User Launch Agents:
[loaded] com.divx.agent.postinstall.plist Support
[loaded] com.facebook.videochat.[redacted].plist Support
[loaded] com.google.keystone.agent.plist Support
[running] com.microsoft.LaunchAgent.SyncServicesAgent.plist Support
[running] com.spotify.webhelper.plist Support
[running] com.zeobit.MacKeeper.Helper.plist Support
User Login Items:
Spotify
Genieo
Internet Plug-ins:
FlashPlayer-10.6: Version: 13.0.0.206 - SDK 10.6 Support
QuickTime Plugin: Version: 7.7.3
Flash Player: Version: 13.0.0.206 - SDK 10.6 Support
OVSHelper: Version: 1.1 Support
DivXBrowserPlugin: Version: 2.2 Support
Default Browser: Version: 537 - SDK 10.9
SharePointBrowserPlugin: Version: 14.0.0 Support
Unity Web Player: Version: UnityPlayer version 3.4.1f5 - SDK 10.5 Support
Silverlight: Version: 4.0.60531.0 Support
JavaAppletPlugin: Version: Java 7 Update 55 Check version
Safari Extensions:
GoPhoto.it V9.0: Version: 1.222
AdBlock: Version: 2.6.30
DivX Plus Web Player HTML5 <video>: Version: 2.1.2.145
Audio Plug-ins:
BluetoothAudioPlugIn: Version: 1.0 - SDK 10.9
AirPlay: Version: 2.0 - SDK 10.9
AppleAVBAudio: Version: 203.2 - SDK 10.9
iSightAudio: Version: 7.7.3 - SDK 10.9
iTunes Plug-ins:
Quartz Composer Visualizer: Version: 1.4 - SDK 10.9
User Internet Plug-ins:
Picasa: Version: 1.0 Support
3rd Party Preference Panes:
DivX Support
Flash Player Support
Java Support
Time Machine:
Skip System Files: NO
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 297.29 GB Disk used: 169.41 GB
Destinations:
My Passport [Local] (Last used)
Total size: 0 B
Total number of backups: (null)
Size of backup disk: Too small
Backup size 0 B < (Disk used 169.41 GB X 3)
Time Machine details may not be accurate.
All volumes being backed up may not be listed.
Top Processes by CPU:
9% WindowServer
5% com.apple.WebKit.WebContent
4% Safari
2% hidd
1% PluginProcess
Top Processes by Memory:
319 MB com.apple.WebKit.WebContent
213 MB Safari
209 MB AntiVirus
143 MB com.apple.IconServicesAgent
102 MB Spotify
Virtual Memory Information:
195 MB Free RAM
1.65 GB Active RAM
1.25 GB Inactive RAM
928 MB Wired RAM
414 MB Page-ins
0 B Page-outs
You installed the "DownLite" trojan, perhaps under a different name. Remove it as follows.
Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
Back up all data.
Triple-click anywhere in the line below on this page to select it:
/Library/Application Support/VSearch
Right-click or control-click the line and select
Services â–¹ Reveal in Finder (or just Reveal)
from the contextual menu.* A folder should open with an item named "VSearch" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
Repeat with each of these lines:
/Library/LaunchAgents/com.vsearch.agent.plist /Library/LaunchDaemons/com.vsearch.daemon.plist /Library/LaunchDaemons/com.vsearch.helper.plist /Library/LaunchDaemons/Jack.plist /Library/PrivilegedHelperTools/Jack /System/Library/Frameworks/VSearch.framework
Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
Restart and empty the Trash. Don't try to empty the Trash until you have restarted.
From the Safari menu bar, select
Safari â–¹ Preferences... â–¹ Extensions
Uninstall any extensions you don't know you need, including any that have the word "Spigot" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
This trojan is distributed on illegal websites that traffic in pirated movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the DownLite developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. It must be said that this failure of oversight is inexcusable and has seriously compromised the value of Gatekeeper and the Developer ID program. You cannot rely on Gatekeeper alone to protect you from harmful software.
*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go â–¹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
Thank you very much the ads seem to have dissapeared and safari is back to normal
You would do well to rid your computer of MacKeeper & Genieo, both of which show in the report; even if they don't cause you any noticeable problems.
how do i delete all the leftovers from genieo. I have deleted the application bit there are still leftovers in the library. do you know all the paths?
all I can say THANK YOU 🙂
I had the same problem
I followed your advice
and everything is clean and working
I was on the verge of a nervous breakdown
a big thank you !!!!!!!!!!!!!!!!!!!!!!!!!
This solved my problem and saved my day... 🙂
Many thanks!
My popup windows in some secure sites just were not working at all in Safari 7 using Mavericks.
I found one folder, VSearch, and deleted it. Found several files as listed in your long report, and deleted them. After a restart, I emptied the trash using the Option key to remove even locked files. Then I disabled (not uninstalled) half a dozen Safari Extensions.
When I opened Safari both my back account popup window for bill paying and the NFL's Game Rewind windows popped up as normal.
Now I'll test each extension separately, and re-enable those that work.
The problem, I see now, was in those vSearch files.
****. Now I'll have to get some virus-blocking software, I guess. I was hoping to avoid the expense.
Safari ads and pop ups
