Macbook Pro infected by ads.adsmatte malware

Question

Level 1

0 points

Macbook Pro infected by ads.adsmatte malware

Hello,

I've been struggling to purge my MBP of a malware called adsmatte for almost a month now. Not only is it an annoyance, it's also making my system extremely slow and worryingly unstable.

These are the steps I've taken so far:

Modem-***-router hard reset--this has cleared the Windows system of the malware (thankfully!) but not my mac.
I installed and ran AdwareMedic multiple times: it hasn't been able to find anything. (I looked for a way to send a system snapshot as recommended by AdwareMedic, but it seems to be disabled/non-existent?)
I followed all the alternative steps recommended by on http://www.thesafemac.com/arg/ and AdwareMedic:
- Modified the preferences in Safari and looked for any extensions that should not be there...nothing.
- I did not reset the DNS. Not being a tech-savvy person, I'm frankly wary of doing something that may take me into murkier waters.
- I went into the Library and Systems folders to look for and manually delete the malware file, if possible, as recommended by Thomas Reed and other Apple communities--but I couldn't really identify it. I guess no one has gotten round to identifying the file name and where it can be located yet. For a layperson like me, it would be really, really hard to spot something that shouldn't be there.
One community conversation also recommended installing the ClamXAV antivirus, and said that it's always better to download something from the App store (it was a discussion on the merits of Sophos vs. ClamXAV). Now here's the thing: I downloaded ClamXAV from the store as recommended, but I don't think it was genuine. For one, it kept telling me to update the version, but since it had last been updated in Aug 2014, there were obviously no updates. So i went into an endless loop of dialog boxes telling me to update and then telling me there were no updates! Then the whole thing seemed to freeze (I assume it was scanning, but it looked more like it had hanged). And then, in tiny letters at the bottom of the window ,it told me not to panic, and go to clamav (note the missing x)>communities>faqs. So I did, and landed on some weird site that was very obviously not ClamXAV. I removed the bogus AV in a hurry.

Can someone please HELP?

Thank you very much.

MacBook Pro (13-inch Mid 2012), OS X Yosemite (10.10.1)

Posted on Jul 7, 2015 8:22 AM

Reply

Answer 1

Jul 7, 2015 8:43 AM in response to mganguli

Try downloading Detect X. Also when you delete ad-ware make sure to empty the trash and restarting the computer. Just to make sure the ad-ware is gone. If the problem is still there I suggest bringing it to apple.

http://sqwarq.com/detectx/

Reply

Answer 2

thomas_r.

Level 7

31,989 points

Jul 7, 2015 9:38 AM in response to mganguli

Adsmatte is known to be caused by a network hardware hack. If resetting the router cured your Windows machine, but not your Mac, that probably means your Mac is using bad cached DNS data. Try flushing the DNS cache:

Reset the DNS cache in OS X - Apple Support

Reply

Answer 3

mganguli Author

Level 1

0 points

Jul 12, 2015 11:16 AM in response to Arshdeep26

Tried DetectX...it didn't find anything :-|

Reply

Answer 4

mganguli Author

Level 1

0 points

Jul 12, 2015 11:27 AM in response to thomas_r.

I tried to flush the DNS cache, but it wouldn't let me proceed!😕

The message i got was that running the 'sudo' command can harm important system files (can't remember the exact words, but that seemed to be the gist of it). It asked me to enter my password to proceed (or Control+C to abort), but when i tried to enter the password, it just did not take it...the cursor was frozen in front of the 'password' command field.

A geek friend did a long distance investigation over the phone and found out that the DNS numbers that my router was giving my mac were apparently in the UK (I'm in India). The DNS would disappear when i switched the wifi off. So he guided me to manually reset the DNS on my mac to OpenDNS. This solved the adware problem. But now just connecting to my wifi is a huge issue. It keeps freezing and hanging, and I have to keep switching my wifi off and on every time i click on a link. Even Google doesn't want to open!

Reply

Answer 5

thomas_r.

Level 7

31,989 points

Jul 13, 2015 5:07 AM in response to mganguli

What you saw from the sudo command was normal. It was not "frozen," it simply doesn't show what you type as your password as a security measure.

As for the problem, it sounds like your network hardware either still isn't working properly or has been hacked again. See:

http://www.adwaremedic.com/kb/hackedrouter.php

(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)

Reply