-
All replies
-
Helpful answers
-
Dec 14, 2014 7:49 PM in response to ralekaby Kappy,Helpful Links Regarding Malware Problems
If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide, AdwareMedic, or Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support.
Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.
The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.
Fix Some Browser Pop-ups That Take Over Safari.
Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.
Quit Safari
Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.
Relaunch Safari
If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.
This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.
An excellent link to read is Tom Reed's Mac Malware Guide.
Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
See these Apple articles:
Mac OS X Snow Leopard and malware detection
OS X Lion- Protect your Mac from malware
OS X Mountain Lion- Protect your Mac from malware
OS X Mavericks- Protect your Mac from malware
If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)
-
Dec 14, 2014 10:48 PM in response to ralekaby Linc Davis,There is no need to download anything to solve this problem.
You may have installed the "CinemaPlus" ad-injection malware. I suggest the procedure below to disable it. This procedure may leave a few small files behind, but it will permanently deactivate the malware (as long as you never reinstall it.)
Malware is always changing to get around the defenses against it. These instructions are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
Back up all data before proceeding.
Step 1
From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall any extensions you don't know you need, including one called "Cinema-Plus." If in doubt, uninstall all extensions. Do the equivalent in the Chrome browser, if you use it.
Step 2
Triple-click anywhere in the line below on this page to select it:
~/Library/Application Support/Mozilla/Extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/144ee21a-8997-41ab-96a6-b13f40648ffd@1ab45825-655a-4789-a375-a283ea7ca5c5.comRight-click or control-click the line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.
If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder may open with an item selected. It will have a long name ending in ".com". Move it to the Trash.
Move this item, if it exists, to the Trash in the same way:
~/Library/LaunchAgents/cinemas-+-plus-+_updater.plist
If there are any other files in the same folder with a similar name beginning in "cinemas-+-plus", move them to the Trash too.
Log out or restart the computer and empty the Trash.
This malware is sometimes distributed with another kind of ad-injection malware called "SearchProtect" or "Trovi." If applicable, follow the instructions on this Apple Support page to remove it.