Google Chrome has been infected with vnpapps ads, does anyone know how to remove these. I don't see an extension and program to uninstall. It appears to only have infected Google Chrome, Safari and Firefox.
There doesn't seem to be much information on this type of Malware.
Thank you for your help.
iMac (27-inch Mid 2011), OS X Yosemite (10.10.5)
You may have installed ad-injection malware ("adware").
Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.
Some of the most common types of adware can be removed by following Apple's instructions. If those instructions don't work for you, or if you have trouble following them, see below.
This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure that doesn't involve downloading anything.
Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.
If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.
Step 1
Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.
If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.
There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.
Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.
Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.
Leave the folder open for now.
Step 2
Do as in Step 1 with this line:
/Library/LaunchAgents
The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.
Step 3
Repeat with this line:
/Library/LaunchDaemons
This time the folder will be named "LaunchDaemons."
Step 4
Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.
Step 5
If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.
Get Malwarebytes Anti-Malware for Mac (formerly Adware Medic) to scan and remove the adware. It has been developed by a high level contributor of many years to these forums, and it has been used and proven to be safe and effective by numerous high level contributors here, who would most certainly have seen if it did anything that could possibly be considered unsafe or harmful. It will not compromise your security or privacy, nor will it do anything the least bit harmful to your Mac.
I have used it, know exactly what files it installs, and what it does. Rather than searching through numerous directories and following complicated instructions for manual removal of the adware infection which you have been given, it should be your first step.
Your question brings up the subject of removing adware. This is a general comment on that subject.
Under no circumstances should you ever allow anti-virus software to delete something for you.
The only tools that anyone needs to detect and remove adware are the Finder and a web browser, both of which you already have. Anyone who has enough computer skill to install adware can just as well remove it without using anything else.
Apple's general statements about malware protection are here and here, and here are its instructions for removing the most common types of ad-injection malware. Those statements don't mention any third-party "anti-virus" or "anti-malware" product. Apple's method for removing adware involves only the Finder and a web browser, as stated above.
You become infected with malware by downloading unknown software without doing research to determine whether it's safe. If you keep making that mistake, the same, and worse, will keep happening, and no anti-malware will rescue you. Your own intelligence and caution are the only reliable defense.
The Windows/Android anti-malware industry had more than $75 billion in sales in 2014 [source: Gartner, Inc.] Its marketing strategy is to convince people that they're helpless against malware attack unless they use its products. But with all that anti-malware, the Windows and Android platforms are still infested with malware—most of it far more harmful than mere adware. The same can be expected to happen to the Mac platform if its users trust the same industry to protect them, instead of protecting themselves.
You are not helpless, and you don't have to give full control of your computer—and your data—to strangers in order to be rid of adware.
These are generalities. Regarding the "malwarebytes" product in particular, you may be told that there are no reports that is has caused damage. In fact, there are such reports, for example in this ASC thread. Read it and draw your own conclusions. The Windows version of the product has been known to delete essential system files, as the developer itself admitted.
Whether the software damages the system or not, it prompts for your password in order to take full adminstrative control, and connects via the Internet to a server controlled by the developer. The developer's privacy policy, linked directly to the product page, reads in part as follows:
"Without limiting the Privacy Policy, you agree that Malwarebytes may track certain data it obtains from your Computer including data about any malicious software or other threats flagged by the Software, data about your license, data about what version of the Software you are using and what operating conditions it runs under and data concerning your geographic location."
(Emphasis added.) So the developer admits to tracking your location, as well as other unspecified data, and gives itself the legal right to collect any data it chooses. How it uses that right, you don't know. By running the software, you accept these terms.
It's sometimes said that the Malwarebytes product only removes adware rather than malware as such (if there's a difference), and that it therefore shouldn't be stigmatized as anti-malware. The developer's own description does distinguish between adware and malware, and specifically mentions removing malware as a selling point six times. A self-described employee of the developer wrote in an ASC discussion, "Actually, it's also a malware removal app..." (emphasis added.)
In this thread, a user reported that "Malwarebytes" failed to remove his malware, but manual removal was both effective and easy.
The question then is: as a security-conscious computer user, do you want to take risks where there is no benefit?
Here are the screen shots.
Apple's general statements about malware protection are here and here, and here are its instructions for removing the most common types of ad-injection malware. Those statements don't mention any third-party "anti-virus" or "anti-malware" product. Apple's method for removing adware involves only the Finder and a web browser, as stated above.
So What? Specious logic: They don't specifically advise against using any either. In fact, it is very likely that if you drop into an Apple Store or call tech support this program will be suggested.
The report in that thread that the program caused damage has been debunked on numerous occasions, yet this user desperately persists in linking to it. It has been edited out by the hosts as well, and I shall report it now for editing.
Re. the Privacy Policy to which you purportedly agree: There is NO SUCH THING PRESENTED TO THE END USER FOR THIS MAC PROGRAM. At no time, from the page on which the program appears, to the download link, to the actual download, to running the installer, WAS I EVER ASKED TO AGREE TO SUCH A THING. It does NOT track me in anyway whatsoever. THAT IS TAKES FULL ADMINISTRATIVE CONTROL OF YOUR MAC IS AN OUTRIGHT FALSEHOOD. IT DOES NO SUCH THING.
Mr. Davis, admits to the fact that he has never tested this program on his own system in order to see if anything he says is valid or not. Unlike this user, who relentlessly attacks this program whenever possible, and for no good reasons, I HAVE TESTED IT ON MY MAC. It does not compromise my security or privacy. It does not take control of my system, and the only outbound connections it makes are to the update definitions server--an absolutely necessary feature in order to be be able to include the latest adware for scanning. In addition, when you run this program, it will not remove any adware it has found until you allow it to. Before allowing it to remove anything, you can investigate the particular infection it has claimed to find, and, if necessary, contact the developer for further instructions--this is very rarely necessary.
It's sometimes said that the Malwarebytes product only removes adware rather than malware as such (if there's a difference), and that it therefore shouldn't be stigmatized as anti-malware. The developer's own description does distinguish between adware and malware, and specifically mentions removing malware as a selling point six times. A self-described employee of the developer wrote in an ASC discussion, "Actually, it's also a malware removal app..." (emphasis added.)
First, in addition to adware, it does scan for some known Mac trojans. But it is not a full blown anti-virus. My question: so what if it does? Should the user continue to allow a Mac trojan to persist on his system? Besides that, some, but not, all A-V are worrisome for Macs. It depends very much on which A-V. Used here, this is a completely specious, straw manargument.
These are generalities. Regarding the "malwarebytes" product in particular, you may be told that there are no reports that is has caused damage. In fact, there are such reports, for example in this ASC thread. Read it and draw your own conclusions. The Windows version of the product has been known to delete essential system files, as the developer itself admitted.
First, it is entirely irrelevant what the Windows versions does to whether or not you should use this Mac version. Besides that, irrelevant as it is, the Windows version is one of the most highly recommended A-V for Windows, where an A-V of some kind is an absolute necessity.
The OP in this thread, where it was claimed that the adware infection wasn't found never replied to the following:
Old Toad wrote: Did you run the application or just download it? It needs to be run in order to do its job.
FROM https://blog.malwarebytes.org/news/2013/04/yesterdays-database-update-issue/
kilz853
Hey Marcin,
I just want to say MBAM has saved me many more times than it’s ever harmed me and yesterday’s incident will not affect my use of MBAM whatsoever.
I’m just an old man with time on my hands and know my computer and how to keep it running as it should, but I don’ have any technical training.
However if there’s anything I can do as a “Test Pilot” or “Wing Man” please let me know.
I’m registered at the forum if you want to reply to this, or I suppose you can reply right here come to think of it
MBAM For Life OnLine!,
skilz853
And from this thread, where it purportedly wasn't able to find the infection:
OId Toad wrote:Did you run the application or just download it? It needs to be run in order to do its job.
wafflemonger
jimmythegeek
Just run the program, and odds are you will be done with this infection in a few seconds. I can guarantee you that no harm of any kind will come of running it.
<Edited By Host>
You don't have any adware, so anything you do to try to remove adware will be a waste of time, at best. I'm assuming that all three browsers are affected, and no extensions are installed in any of them.
You may be seeing normal web content, or there may be a problem with your router or your ISP. Please post a link to a web page on which you see the ads.
Despite Mr. Davis' conclusion that you don't have any adware, I would still recommend running Malwarebytes Anti-Malware for Mac. It may come to a similar conclusion, or it may not. No harm in seeing what the outcome of running it is.
Also, are you certain that you have no Safari extensions or extensions for any other browsers? Looks like you have Google Chrome. Open it and enter this in the URL field: "about:extensions" no quotes.
And if you have Firefox, open the Add-ons Manager and look in Extensions.
You might be interested in this discussion:
BEWARE: Malwarebytes Anti Malware for Mac my negative experience
BEWARE: Malwarebytes Anti Malware for Mac my negative experience
Read through the entire thread. The conclusion that this program was the cause of any harm is highly dubious.
Bad move, it scanned and said it found nothing. Then literally a couple minutes later I went to Amazon.com using Chrome. Chrome auto downloaded an "f.txt" file twice. (I visit Amazon multiple times weekly on multiple computers and have never had this occur before.)
There is no proof whatsoever that MBAMFM was responsible for this Amazon download. In fact, there is nothing about the program that would cause this to happen, whether or not it's from the same CDN. Again, Mr. Davis has never even bothered to test the program on his own Mac, so how would he even begin to know what it does and doesn't do! All this so called proof is nothing more than third-hand speculation.
No extensions on Google Chrome.
I deleted Google Chrome and re-installed it, I waiting for the issue to resurface so I can take a screen shot of it.
Linc Davis wrote:
You might be interested in this discussion:
You might also be interested in this discussion:
...wherein it is apparent that the problem described there has nothing whatsoever to do with Malwarebytes, as you contend, and is a problem being suffered by numerous people using Amazon in the last couple days. It's an issue with Amazon's ad network, and not in any way relevant to this topic or to helping sardo34.
You do not appear to have any adware-related launch agents or daemons installed. That certainly does not mean that you don't have any adware installed, though.
First, can you clarify that you have no Chrome extensions installed? In Chrome, choose Extensions from the Window menu. What extensions are listed on the page that loads? If you have any that are not Google-related? If so, try disabling them and see if that solves the problem.
If there are none there, try Safari. Is it also affected? If so, most likely you have a compromised network. See:
How can I troubleshoot my wireless router or modem with my Mac?
(Fair disclosure: I am affiliated with Malwarebytes, whose site I am linking to above.)
I had the vnpapps issue in Chrome on my Mac today. Malwarebytes did not detect it. I ended up deleting all extensions and resetting Chrome. Seems to be gone now. I think the suspect app that caused the issue was Facebook Invite All Friends 2015. Not sure though. That was the last extension I installed this week.
rockstar70 wrote:
I think the suspect app that caused the issue was Facebook Invite All Friends 2015. Not sure though. That was the last extension I installed this week.
Thanks for the alert, I'll check that out.
Did you download that from the Chrome store? If so, you should be aware that the Chrome store is a hotbed of adware. Google has tried to clean it up, and made definite improvements, but did not (and probably never will) entirely succeed. You should exercise extreme caution about what you download there.
Thomas Reed
Director of Mac Offerings, Malwarebytes
vnpapps ads infected Google Chrome
