HT201516: Mac OS X: How to troubleshoot a software issue

Learn about Mac OS X: How to troubleshoot a software issue
ksouthern73

Q: How can I safely verify if my system has malware/adware or possible virus on MacBook Pro (2012) using OSX 10.9.5?

How to run a SAFE test on MacBook Pro (2012) running OSX 10.9.5 for malware/adware or possible virus? A few nights ago I was online and all of a sudden Google Chrome browser stated I had a trojan or virus and asks to call 800# which is a known scam and I did not call nor allow any remote access but I am concerned that my daughter MAY have downloaded something she shouldn't have from the internet.  (possibly, Skype because I saw where it had been downloaded a few days PRIOR to this issue but she must have either not fully downloaded the program OR deleted it after using it since its not I no longer see Skype on my system)

 

Specifically, the box that came on the screen stated:

The page at emergencyvirussupport.com says:

"Your Browsing Activity Has Ben Restricted"

 

**Your system has been infected with critical Spyware/Malware/Trojans**

A browser lock is in place to prevent further infection of your network, and the network of others.

 

Call-1-855-202-13076 (Toll Free) for Immediate Assistance

 

Prevent this page from creating additional dialogs (Has option to check a box)

 

I tried to close the page and was unable to do so and eventually had to "Force Quit" and log back on.  Under history I see where "Network Defender" and "EmergencyVirusSupport" is on system at 8:12pm which was the same night that the issue started.  I tried to upload the screenshot but its not allowing me to and says file may be too large but Ive uploaded pics on here in the past without any problems so I didn't know if this may have to do with something bad being downloaded off the internet?

Could someone please help me with the steps to safely runs test on my system? 

I want to add that approx. 2 weeks ago I started having issues with Safari and Chrome not being able to "verify certificates" and in my Keychain Access I see where several pages have a red "X" beside them and are expired. Could this be a part of my problem too? Thank you very much! Much appreciated!

MacBook Pro (13-inch Mid 2012), OS X Mavericks (10.9.5)

Posted on May 16, 2015 2:53 PM

Close

Q: How can I safely verify if my system has malware/adware or possible virus on MacBook Pro (2012) using OSX 10.9.5?

  • All replies
  • Helpful answers

  • by stedman1,

    stedman1 stedman1 May 16, 2015 2:55 PM in response to ksouthern73
    Level 9 (73,345 points)
    Apple Watch
    May 16, 2015 2:55 PM in response to ksouthern73

    Those messages are nothing more than annoying popups.

    Quit or force quit Safari, then restart Safari while holding the shift key. If the popups continue, see below.

     

    Please review the options below to determine which method is best to remove the Adware installed on your computer.

     

    The Easy, safe, effective method:

    http://www.adwaremedic.com/index.php

     

    If you are comfortable doing manual file removals, use the Apple support document below.

    http://support.apple.com/en-us/HT203987

     

    Also read the articles below to be more prepared for the next time there is an issue on your computer.

    https://discussions.apple.com/docs/DOC-7471

    https://discussions.apple.com/docs/DOC-8071

    http://www.thesafemac.com/tech-support-scam-pop-ups/

  • by ksouthern73,

    ksouthern73 ksouthern73 May 16, 2015 3:06 PM in response to stedman1
    Level 1 (0 points)
    May 16, 2015 3:06 PM in response to stedman1

    Thank you for the prompt reply stedman1.  I am reading over the links you provided now. The pop-ups are no longer showing and haven't showed up since I "force quit" but my system DOES seem to run slower and that's why I wanted to run a test on it. 

     

    ** Could you tell me if I should individually delete the links in Keychain Access that have a red "X" by them? I am thinking that may solve issues w/ verifying certain sites?  I have not had any issues w/ my Mac until a few weeks ago and unfortunately I am not a tech savvy person so please excuse any repeated questions I may have asked.  I am very careful on the internet and in a complete tizzy that my daughter felt that it was alright to download random programs to my Mac!

  • by stedman1,

    stedman1 stedman1 May 16, 2015 3:09 PM in response to ksouthern73
    Level 9 (73,345 points)
    Apple Watch
    May 16, 2015 3:09 PM in response to ksouthern73

    I would run the AdWare Medic App to allow it to detect and remove any forms of AdWare.

  • by Linc Davis,

    Linc Davis Linc Davis May 16, 2015 5:54 PM in response to ksouthern73
    Level 10 (207,926 points)
    Applications
    May 16, 2015 5:54 PM in response to ksouthern73

    There is absolutely no reason to download anything, nor is it safe to download anything without doing your own research to determine whether it's safe. You can't take anyone's word for it.

     

    If the computer is running slowly, it's for reasons that have nothing to do with the web scam that you encountered.

    When you see a beachball cursor or the slowness is especially bad, note the exact time: hour, minute, second.  

    These instructions must be carried out as an administrator. If you have only one user account, you are the administrator.

    Launch the Console application in any of the following ways:

    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

    ☞ In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

    ☞ Open LaunchPad and start typing the name.

    The title of the Console window should be All Messages. If it isn't, select

              SYSTEM LOG QUERIES All Messages

    from the log list on the left. If you don't see that list, select

              View Show Log List

    from the menu bar at the top of the screen.

    Each message in the log begins with the date and time when it was entered. Scroll back to the time you noted above.

    Select the messages entered from then until the end of the episode, or until they start to repeat, whichever comes first.

    Copy the messages to the Clipboard by pressing the key combination command-C. Paste into a reply to this message by pressing command-V.

    The log contains a vast amount of information, almost all of it useless for solving any particular problem. When posting a log extract, be selective. A few dozen lines are almost always more than enough.

    Please don't indiscriminately dump thousands of lines from the log into this discussion.

    Please don't post screenshots of log messages—post the text.

    Some private information, such as your name, may appear in the log. Anonymize before posting.

    When you post the log extract, you might see an error message on the web page: "You have included content in your post that is not permitted," or "The message contains invalid characters." That's a bug in the forum software. Please post the text on Pastebin, then post a link here to the page you created.