Possible Trojan?

Hi. If you it opens random windows/pages in your web browser this may be the symptom of ad injection.

You may use adware medic tool in order to scan and remove it: http://www.adwaremedic.com/

Download, open adwaremedic dmg file , and run it by clicking “Scan for Adware” button to remove adware.

Once done, quit AdwareMedic and restart your mac. check if it solves the issue.

The only way you can be sure that the computer is not compromised is to erase at least the startup volume and restore it to something like the status quo ante. The easiest approach is to recover the entire system from a backup that predates the attack. Obviously, that's only practical if you know when the attack took place, and it was recent, and you have such a backup. You will lose all changes to data, such as email, that were made after the time of the snapshot. Some of those changes can be restored from a later backup.

If you don't know when the attack happened, or if it was too long ago for a complete rollback to be feasible, then you should erase and install OS X. If you don't already have at least two complete, independent backups of all data, then you must make them first. One backup is not enough to be safe.

When you restart after the installation, you'll be prompted to go through the initial setup process for a new computer. That’s when you transfer the data from a backup in Setup Assistant.

Select only users in the Setup Assistant dialog—not Applications, Other files and folders, or Computer & Network Settings. Don't transfer the Guest account, if it was enabled.

Reinstall third-party software from original media or fresh downloads—not from a backup, which may be contaminated.

That being done, change all Internet passwords and check all financial accounts for unauthorized transactions. Do this after the system has been secured, not before.

c3clark3 wrote:

I let my roommate use my Macbook Pro when I was traveling and when I got back my Macbook has begun to randomly open up internet windows. Usually to mackeeper.

Unless you believe that your roommate has intentionally installed something malicious in order to spy on you or hurt you in some way, there is no need to treat your computer as if it is compromised.

From the sounds of it, you simply have adware installed. I'm guessing that the e-mail messages that are being modified are being written via your e-mail's web mail... is that correct? If so, that's also just another symptom of adware. Some adware has been seen to malfunction and modify e-mail messages composed within an affected web browser.

For help getting rid of the adware, see my Adware Removal Guide.

(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)

Your roomate's intentions are irrelevant. The computer has been under someone else's control. You have no way of knowing what happened to it during that time. Other people, unknown to you, may have had access to it, or it may have been used to download pirated software that could have been infected with dangerous malware. The only thing you can be sure of is that its configuration has been changed in some unknown way, and adware certainly has nothing to do with it.

Linc Davis wrote:

Your roomate's intentions are irrelevant. The computer has been under someone else's control.

Hmmm... so, let's say one of my kids or my wife used my computer for a few minutes, I should erase the hard drive and start fresh? I don't think so. My best friend? Again, I don't think so. My roommate (if I had one)? I think I'd know whether or not to be concerned, based on my relationship with my roommate. A complete stranger? Sure, that would be concerning, and your advised caution would be warranted.

Let's not spread the FUD too far here. There's no indication that anything has happened other than installation of adware. If c3clark3 has reason not to trust the roommate, your advice can be taken, but it's ridiculous to say it must be taken regardless of circumstances.

Adware causes all the problems described in the original post? Seriously?

Linc Davis wrote:

Adware causes all the problems described in the original post? Seriously?

Yes. The symptoms described were:

1. randomly loading new pages in the browser
2. strange formatting of e-mail messages
3. problems with iTunes failing to download

Number 1 is obviously a symptom of adware. Although 2 is not common, I have seen cases where adware has, in the process of modifying the DOM to change the display of the site, caused strange formatting errors in web-based e-mail. 3 is not a symptom I've seen before, but I have seen malfunctioning adware that screwed up the internet connection, which could cause symptoms like that. If it's not due to adware, it could be due to some kind of misinformed approach the roommate may have taken to dealing with said adware, such as modifying the hosts file or installing anti-virus software. Further testing would be needed if removing adware doesn't solve all the problems.

It is not a matter of conjecture whether malicious software was installed on your computer. That has definitely happened. If you do anything other than what I suggested, you will be taking a serious risk of identity theft, among other possibilities. No one can give you any meaningful assurance that it won't happen, or hasn't already happened.

Linc Davis wrote:

It is not a matter of conjecture whether malicious software was installed on your computer. That has definitely happened.

I strongly disagree. We have good evidence that adware is present, but no concrete reason to believe that malware has been at this time. If you are calling adware malicious, and worthy of wiping the hard drive to remove, then I guess you will need to stop recommending other removal methods for people to use to remove adware, as you frequently do.

If you believe that something malicious has been intentionally installed by the roommate, would you care to postulate as to what that might be? I can't think of any reasonable malicious things that someone might want to do that would describe all these symptoms. No Mac malware has ever behaved as described, nor are these symptoms at all a reasonable goal for a malicious hack.