Suspected virus attack

Please review the options below to determine which method is best to remove the Adware installed on your computer.

The Easy, safe, effective method:

http://www.adwaremedic.com/index.php

If you are comfortable doing manual file removals use the somewhat more difficult method:

http://support.apple.com/en-us/HT203987

Also read the articles below to be more prepared for the next time there is an issue on your computer.

https://discussions.apple.com/docs/DOC-7471

https://discussions.apple.com/docs/DOC-8071

http://www.thesafemac.com/tech-support-scam-pop-ups/

1. Force Quit .

Press command + option + esc keys together at the same time. Wait.

When Force Quit window appears, select Safari if not already.

Press Force Quit button at the bottom of the window. Wait.

Safari will quit.

2. Relaunch Safari holding the shift key down.

3. Turn off wifi and turn it back on.

Turn off Wifi. Click Wifi icon in the menu bar and select “Turn Wifi off”.

Visit another website.

You won’t have internet connection.

Turn on Wifi. Click Wifi icon in the menu bar and select “Turn Wifi on”.

Select your Network.

Is it a built-in extension in Safari? Should I uninstall it.

It isn't built-in, so you can uninstall it if you want.

Remove ESET using the Developer's uninstall instructions.

You should now be okay, but be very careful about what web sites you visit.

Ray Li1 wrote:

Under Extensions tab, there is only one installed SaveFrom.net helper 4.90.

If that is adware, it's not adware I've ever seen or heard of before. It may be new. If keeping it disabled solves the problem, I'd like to get a copy of that extension before you delete it. I'd also be concerned that there may be more to the adware than just that extension. Please contact me at thomas at thesafemac.com if you're willing to follow some instructions to send me a copy of that file.

On the other hand, I'm unclear as to whether this was actually adware, or just a cascade of ads from a bad site that was difficult to dismiss, in which case there would be no adware involved, and following dominic23's instructions about starting Safari with the shift key down would have solved it.

Adware, if that is in fact what caused the problem, is not a virus and pursuing an "anti-virus" solution is inappropriate. ESET is particularly worthless. Be sure to uninstall it using its Uninstall program. See the screenshot below. Use no other method.

Ray Li1 wrote:

John,

If the problem was caused by Adware, how can we prevent it?

Read How to install adware. That's if the problem was in fact a result of installing adware, and it's yet not clear what it is.

... May I know how you can be so sure there is no attack to Mac system as market share of Mac system is growing up as per Apple CEO mentions in their press conferences.

There are plenty of threats. Viruses are not among them. I personally tested all the popular Mac "anti-virus" programs including ESET. It is far from the worst but it is capable of nothing beneficial. Read a more thorough explanation below.

Of course the Mac operating system market share is growing. It has been for a very long time. The epoch of computing history marked by the prevalence of "viruses" is the result of one cause: Microsoft Windows. From its very inception Windows was fundamentally prone to viruses and other malware by virtue of its design. That epoch is drawing to a close due to its demise, and the popularity of the Mac which offsets it. OS X was designed from the start to be secure and was specifically intended to keep users separate from one another. If not for Windows we would not be having this discussion.

The traditional Windows "anti-virus" peddlers are in abject panic because their market has been crumbling around them, along with the demise of the legacy PC platform on whose users they depend. For one, Symantec's own VP for information security recently declared "anti-virus" software "dead" as nefarious entities turn from mere computer vandalism to ventures more likely to result in direct revenue for them.

For several technologically sound reasons, adware is not a "virus". No automated means of its interception and prevention exists, nor is there likely to be any, because it relies on deception. You have to stop that threat yourself, by intelligently recognizing its appearance so that you can avoid installing it. To learn how to do that read the User Tip above.

There will always be threats to your information security associated with using any Internet - connected communications tool:

1. You can mitigate those threats by following commonsense practices
2. Delegating that responsibility to software is an ineffective defense
3. Assuming that any product will protect you from those threats is a hazardous attitude that is likely to result in neglecting point #1 above.

OS X already includes everything it needs to protect itself from viruses and malware. Keep it that way with software updates from Apple.

A much better question is "how should I protect my Mac":

• Never install any product that claims to "clean up", "speed up", "optimize", "boost" or "accelerate" your Mac; to "wash" it, "tune" it, or to make it "shiny". Those claims are absurd.

  Such products are very aggressively marketed. They are all scams.

• Never install pirated or "cracked" software, software obtained from dubious websites, or other questionable sources.
  • Illegally obtained software is almost certain to contain malware.
  • "Questionable sources" include but are not limited to spontaneously appearing web pages or popups, download hosting sites such as C net dot com, Softonic dot com, Soft pedia dot com, Download dot com, Mac Update dot com, or any other site whose revenue is primarily derived from junk product advertisements.
  • If you need to install software that isn't available from the Mac App Store, obtain it only from legitimate sources authorized by the software's developer.
• Don’t supply your password in response to a popup window requesting it, unless you know what it is and the reason your credentials are required.
• Don’t open email attachments from email addresses that you do not recognize, or click links contained in an email:
  • Most of these are scams that direct you to fraudulent sites that attempt to convince you to disclose personal information.
  • Such "phishing" attempts are the 21st century equivalent of a social exploit that has existed since the dawn of civilization. Don’t fall for it.
  • Apple will never ask you to reveal personal information in an email. If you receive an unexpected email from Apple saying your account will be closed unless you take immediate action, just ignore it. If your iCloud, iTunes, or App Store account becomes disabled for valid reasons, you will know when you try to buy something or log in to this support site, and are unable to.
• Don’t install browser extensions unless you understand their purpose:

  Go to the Safari menu > Preferences > Extensions. If you see any extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone.

• Don’t install Java unless you are certain that you need it:
  • Java, a non-Apple product, is a potential vector for malware. If you are required to use Java, be mindful of that possibility.
  • Java can be disabled in System Preferences.
  • Despite its name JavaScript is unrelated to Java. No malware can infect your Mac through JavaScript. It’s OK to leave it enabled.
  • The same precaution applies to Adobe Flash Player. Newly discovered Flash vulnerabilities appear almost weekly.
• Beware spontaneous popups: Safari menu > Preferences > Security > check "Block popup windows".
  • Popup windows are useful and required for some websites, but unsolicited popups are commonly used to deceive people into installing unwanted software they would never intentionally install.
  • Popups themselves cannot infect your Mac, but many contain resource-hungry code that will slow down Internet browsing.
  • If you ever receive a popup window indicating that your Mac is infected with some ick or that you won some prize, it is 100% fraudulent. Ignore it.
  • The same goes for a spontaneously appearing dialog insisting that you upgrade your video player right this instant. Such popups are frequently associated with sites that promise to deliver "free" movies or other copyrighted content that is not normally "free".
  • The more insistent it is that you upgrade or install something, the more likely it is to be a scam. Close the window or tab and forget it.
• Ignore hyperventilating popular media outlets that thrive by promoting fear and discord with entertainment products arrogantly presented as "news". Learn what real threats actually exist and how to arm yourself against them:
  • The most serious threat to your data security is phishing. Most of these attempts are pathetic and are easily recognized, but that hasn't stopped prominent public figures from recently succumbing to this age-old scam.
  • OS X viruses do not exist, but intentionally malicious or poorly written code, created by either nefarious or inept individuals, is nothing new.
  • Never install something without first knowing what it is, what it does, how it works, and how to get rid of it when you don’t want it any more.
  • If you elect to use "anti-virus" software, familiarize yourself with its limitations and potential to cause adverse effects, and apply the principle immediately preceding this one.
  • Most such utilities will only slow down and destabilize your Mac while they look for viruses that do not exist, conveying no benefit whatsoever - other than to make you "feel good" about security, when you should actually be exercising sound judgment, derived from accurate knowledge, based on verifiable facts.
• Do install updates from Apple as they become available. No one knows more about Macs and how to protect them than the company that builds them.

Summary: Use common sense and caution when you use your Mac, just like you would in any social context. There is no product, utility, or magic talisman that can protect you from all the evils of mankind.

Ray Li1 wrote:

If the problem was caused by Adware, how can we prevent it?

I believe ESET is able to protect my computer from virus or other types of attack but obvious not.

To avoid getting infected with adware or malware in the future, see:

http://www.thesafemac.com/mmg-defense

ESET and other anti-virus software won't protect you. No anti-virus software detects adware very well, so you can't rely on anything other than yourself to prevent adware infections. As for actual malware, there is currently no malware capable of infecting an up-to-date Mac system. If something new appears in the future, it will be able to get past the built-in anti-malware protection in Mac OS X, but will also be able to get past any anti-virus software you might have installed. Anti-virus software doesn't detect new malware.

(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)

Did you purchase ESET on CD-ROM? The uninstallation program is included with its installer .dmg file as in the screenshot. Its uninstaller should not have left any active components behind, including the animated menu icon or anything in /Applications.

The only file that required manual removal was

/Library/Application Support/ESET

... but it contained nothing that should remain active after running its uninstaller. Remove it anyway. You will be asked to authenticate.

This is with ESET versions 5.0.x.x and 6.0.x.x. and they were both distributed by software download. I have not tested any version earlier than those two. If you have an earlier version or one that was distributed on optical media you may need to contact them for instructions.