Q: macbook infected with fast-ads.us popup virus

Start up in Recovery mode. In the OS X Utilities screen, select Get Help Online. A clean copy of Safari will launch. No plugins, such as Flash, will be available. While in Recovery, you'll have no access to your saved bookmarks or passwords, so make a note of those before you begin, if they're needed for the test.

Test. After testing, restart as usual and post the results.

Thanks. great advice and very much appreciated.

Denon69 wrote:

 

Thanks. great advice and very much appreciated.

So just to make sure we understand (since the OP has not yet solved this issue) you were seeing ads from fast-ads.us and AdwareMedic solved the problem? Do you recall what the name of the Adware found was? If you have forgotten and still have AdwareMedic, can you open it again and choose "Open Log file" from the Scanner Menu (a TextEdit file), then copy and paste the results back here?

fsmobilez wrote:

 

2015-01-22 23:45:05: ----- Scan Started -----

2015-01-22 23:45:05: Scanning with signatures version 48

Thanks. I'm hoping to hear from Denon69 since he/she seems to have solved it.

I'm not sure why they would not show up in the test results, but select the Extensions tab in the Safari preferences window and check for installed extensions. If there are any, delete them. Do the equivalent in your other browsers. Test.

fsmobilez wrote:

 

u mentioned im using 4 browsers while i know about 3 browsers installed, chrome, firefox and safari, can u please mention the fourth one so i can delete that browser.

Opera.

what if i restore using recovery will it solve my problem but please note my data is very important , do recovery deletes any data or its safe to run recovery because i want to get rid of this virus at any cost

Restoring OS X from your Recovery HD does not delete anything (unless you choose to erase your hard drive first). All it does is give you a fresh version of the last version of OS X you installed using a full installer.

Are you in Nigeria, or from there? If not, why do you have software from a Nigerian ISP (Visafone) installed?

You have some pretty dubious apps, including one ("HackStore") that seems to be a torrent client specifically for pirated software. I also notice that Microsoft Office is installed, but the activation daemon that goes along with it is missing. That would mean that Office couldn't run unless it had been hacked.

If you've been running pirated software downloaded from a torrent, you're an excellent candidate to be the first to install every new kind of malware that comes along. Within the scope of a Google search, no one else has ever reported an adware infection like the one you seem to have, not even on Windows.

Taking everything you say at face value, I almost have to suspect that you may have installed some kind of rootkit that modifies the operating system at a level that can't be detected by the means I use. Maybe it's causing the test script to give false results. That's always a theoretical possibility, though I've never actually seen it happen as far as I know. A rooted system can't be trusted to analyze itself.

If I'm right, then the only thing you can do is a full post-intrusion cleanup.

Back up all data to at least two different storage devices, if you haven't already done so. One backup is not enough to be safe. The backups can be made with Time Machine or with Disk Utility. Preferably both.

Erase and install OS X. This operation will destroy all data on the startup volume, so you had be better be sure of the backups. If you upgraded from an older version of OS X, you'll need the Apple ID and password that you used, so make a note of those before you begin.

When you restart, you'll be prompted to go through the initial setup process in Setup Assistant. That’s when you transfer the data from a backup.

Select only users and Computer & Network Settings in the Setup Assistant dialog—not Applications or Other files and folders. Don't transfer the Guest account, if it was enabled.

After that, check the App Store for software updates.

If the problem is resolved after the clean installation, reinstall third-party software selectively. I can only suggest general guidelines. Self-contained applications that install into the Applications folder by drag-and-drop or download from the App Store are usually safe. Anything that comes packaged as an installer or that prompts for an administrator password is suspect, and you must test thoroughly after reinstalling each such item to make sure you haven't restored the problem.

I strongly recommend that you never reinstall commercial "security" products or "utilities," nor any software that changes the user interface or the behavior of built-in applications such as Safari. If you do that, the problem is likely to recur.

Do not reinstall "AVG," any pirated commercial software such as Office, or anything at all that came from a torrent or from a third-world ISP.

Any system modifications that you do choose to install must be kept up to date. None is required for normal operation.

Before installing any software, ask yourself the question: "Am I sure I know how to uninstall this without having to wipe the volume again?" If the answer is "no," stop.

Never install any third-party software unless you know how to uninstall it.

That being done, change all Internet passwords and check all financial accounts for unauthorized transactions. Do this  after the system has been secured, not before.

But not on the Mac in Recovery mode?