I accidentally downloaded some software called Utorrent. Right after I downloaded it I put it in the trash and deleted the trash. Then I restarted my computer and found my Safari homepage had been changed to hmining.mobi/homepage. Is this a virus? If so, how to I get rid of it? U
MacBook Air, OS X Yosemite (10.10.5)
No, uTorrent 1.8.7 is not a virus. It's legitimate software for downloading torrent files. But you should have no need for it.
hmining.mobi/homepage appear to be adware. To remove it, try https://www.malwarebytes.org/antimalware/premium/
A
Links have been posted in this thread to the "macupdate" website. Do not follow the links, and never download anything from that site. It distributes OS X malware by packaging some free applications (such as "Firefox" and "Skype") in an unnecessary and malicious "installer."
All software should be downloaded directly from the developer's website or from the App Store. Don't trust any site such as "macupdate" that aggregates links.
B
"Utorrent" is not malware, but if you downloaded it from a malware site such as "macupdate," you may also have installed ad-injection malware ("adware").
Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.
Some of the most common types of adware can be removed by following Apple's instructions.
If you're not already running the latest version of OS X ("El Capitan"), updating or upgrading in the App Store may cause the adware to be removed automatically. Back up all data before taking that step. If you're already running the latest version of El Capitan, you can nevertheless download the current updater from the Apple Support Downloads page and run it. Again, some kinds of malware will be removed. That may be all you need to do as far as removal is concerned, but you'll still need to make changes to the way you use the computer to protect yourself from further attacks.
If the above steps don't work for you, see below.
This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.
Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.
If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.
Step 1
Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.
If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.
There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.
Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.
Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.
Leave the folder open for now.
Step 2
Do as in Step 1 with this line:
/Library/LaunchAgents
The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.
Step 3
Repeat with this line:
/Library/LaunchDaemons
This time the folder will be named "LaunchDaemons."
Step 4
Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.
Step 5
If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.
<Edited by Host>
Regarding the use of MacUpdate:
This site has both free and paid membership accounts. If you have neither then some software will be distributed as an installer wrapper that includes adware you may not want. Such a download may appear on your computer like this: Firefox Installer.dmg. Delete the download and return to the main site where you will find a direct link to the developer's website. Use that link from which to download the software.
Should another member post remarks discouraging use of MacUpdate or other download sites:
Please ignore his information as it is incorrect or invalid based entirely on the poster's opinion and without any scientific support. Although nearly all users do not need to purchase and install anti-malware software, that does not also mean the software will cause you problems. Remember that no matter where the download site is or who manages it, you can still get malware.
Furthermore, there is no reason to avoid MacUpdate as download site. It is true that some of their software is included in an adware wrapper, such as Skype, but this is not as yet true of all their software. Furthermore, if you sign up for a free membership then any software you download is free of any adware install wrappers. I have and continue to use their site without any problems. Of course if you don't wish to risk downloading software that may come in a wrapper with adware, then don't use the site or be selective about what you download. Only a fool truly believes there is no risk downloading from a developer's site. Sort of like claiming that if you run into tree in your backyard then you won't be injured.
If you're confused by the nonsense in this thread, please see below.
...MacUpdate, long considered to be one of the only remaining trustworthy download aggregation sites for the Mac, has succumbed to the same plague that has ruined most of the others: adware. ...
Download.com (formerly VersionTracker) and Softonic have both been engaging in this kind of behavior for some time, and for this reason, Mac experts have been recommending against the use of such sites. Although it’s generally recommended to only download software from the developer’s site (such as skype.com in the case of Skype), some have continued to recommend MacUpdate, which hasn’t engaged in such behavior… until now. It appears MacUpdate may need to be added to the boycott list.
The oft-repeated advice for those looking for software to download bears repeating once again: only download apps from the Mac App Store or from the official developer’s website.
https://blog.malwarebytes.org/news/2015/11/has-macupdate-fallen-to-the-adware-pl ague/
Crapware at best. These are completely mis-leading statements that should be ignored. Follow my earlier remarks and never download adware from the site in question.
Allan Eckert wrote:
hmining.mobi/homepage appear to be adware. To remove it, try https://www.malwarebytes.org/antimalware/premium/
Yes, that's adware. µTorrent will install adware on your computer, and it should not be used.
Unfortunately, that link goes to the Windows version of Malwarebytes Anti-Malware. The Mac version can be found here:
https://malwarebytes.org/antimalware/mac/
<I may receive some form of compensation, financial or otherwise, from my recommendation or link.>
Thomas Reed
Director of Mac Offerings, Malwarebytes
<Edited by Host>
What nonsense, Linc, and did you mean the entire thread?
Kappy wrote:
These are completely mis-leading statements that should be ignored.
Kappy, I've been trying very hard to stay out of this ongoing disagreement between you and Linc. You know that I don't agree with Linc on a great many things and would rather never have to defend one of his points of view. However, the words Linc is quoting, which you are saying are "mis-leading statements," are mine, so I feel I must step in.
Linc is absolutely correct on this particular issue. MacUpdate is bundling adware with some third-party apps, without the permission of the developers of those apps, and is no longer to be trusted. I know that you believe it's easy to identify which apps on MacUpdate contain adware, but trust me when I say from extensive experience dealing with victims of adware that this is not the case for everyone. Many people fall for these kinds of scams every day, and they should not be encouraged to trust a site that will try to perpetrate this kind of scam on them.
If you wish to encourage people to use MacUpdate to search for apps or look at reviews, I've got no arguments, but they need to be warned to NEVER download an app from MacUpdate. Always download directly from the developer's site.
Of course, as this topic demonstrates, even that isn't always enough, since µTorrent includes adware even when downloaded from the official µTorrent site. However, downloading directly from the developer does give users the best possible chance to avoid adware.
Hello Thomas (and Kappy),
some nuances:
" to stay out of this ongoing disagreement between you and Linc ", it is not just Kappy, but a lot of others too.
" Linc is absolutely correct on this particular issue. MacUpdate is bundling adware " indeed he is correct; the adware is not bundled in every app; that does not change my standpoint in this: never really install from Macupdate.
" use MacUpdate to search for apps or look at reviews " this is harmless when you do not download/install, my opinion on the reviews however is that it mostly looks fabricated and not based on serious experiences.
Lex
As he said it I read it to include all posts.
Lex
Tom,
I partially disagree. If one opens a free account with MacUpdate, which I have, then software does not get delivered in the adware wrapper. However, if you don''t log in as a member user then some, but not all, software downloads in the wrapper. According to MacUpdate the wrapper does not actually install any adware unless you have it do so (I have not yet verified this.) So, you can safely download from MacUpdate by simply creating your free account and logging in to use it adware-free.
It is in this context that your advice is extreme and unwarranted as long as one recognizes there is an alternative. Hopefully MacUpdate will stop the practice, but for now one can still avoid the adware wrapper.
My complaint with Davis as with your previous remarks is the "Never." It is not valid if one bothers to read. Davis carries this to an extreme which is unwarranted and most likely untested. Then he goes further with statements that impugn the reliability of advice you give.
I test download µTorrent without any adware. Regardless of whether it presents advertising it does not install any adware as far as i can tell. If you download from MacUpdate without being a member (free or otherwise) then it will appear in the adware wrapper. If one were to issue any type of warning it would be not to use or download torrents which may be full of malware. A torrent is likely to do more damage than µTorrent.
Posts like this from Davis:
If you're confused by the nonsense in this thread, please see below.
...MacUpdate, long considered to be one of the only remaining trustworthy download aggregation sites for the Mac, has succumbed to the same plague that has ruined most of the others: adware. ...
Download.com (formerly VersionTracker) and Softonic have both been engaging in this kind of behavior for some time, and for this reason, Mac experts have been recommending against the use of such sites. Although it’s generally recommended to only download software from the developer’s site (such as skype.com in the case of Skype), some have continued to recommend MacUpdate, which hasn’t engaged in such behavior… until now. It appears MacUpdate may need to be added to the boycott list.
The oft-repeated advice for those looking for software to download bears repeating once again: only download apps from the Mac App Store or from the official developer’s website.
https://blog.malwarebytes.org/news/2015/11/has-macupdate-fallen-to-the-adware-pl ague/
********
Were I to suggest one consider something as nonsense it would be Davis' so called advice. How can anyone take seriously that the only safe source for software is the developer's site. This implies that developer's will never pass on malware through their sites and/or software. The man contradicts himself in one sentence. Not even Apple can guarantee no malware from the App Stores. Frankly, I'm a bit surprised at how nonchalant you have been to agree with anything that comes from Davis. And, all taken from the words of a single user.
<Edited by Host>
Kappy wrote:
And, all taken from the words of a single user.
As I told you when you e-mailed me privately to accuse me of spreading unsubstantiated rumors based on the words of a single user, I have done a considerable amount of research on this topic. The recommendations I made, which were quoted by Linc along with a link to my article, were made based on that research, not on what any one person said about MacUpdate. I thought that had been made clear in our private discussions, but evidently I was mistaken.
I believe it is reasonable to assume that MU can provide safe downloads as opposed to Davis' and your assertions to the contrary. I still believe that MU is not a dangerous site to use if one becomes at least a FREE member (as I am.) I might add that I also sign in on CNET which appears to also shield me from their installer wrappers unless they have finally given up the practice. Hopefully, this will happen on MU if they receive enough user complaints directed at them.
Thus, I still insist the claims against MU are not fully substantiated. However, I do believe that even were you to agree with me, Davis would continue to post his crap in an effort to drive away other helpers who are unpleased with his insulting arrogance.
Tom, if my earlier remarks offended you that was not my intention. I do disagree with you in this matter but I still respect your efforts of behalf of all Mac users.
Thomas posted his doubts about Macupdate already a long time ago, as I remember about the time he went to Malwarebytes. And he did so on the website.
He also said that it looked as if there was no malware when you use the Macupdate installer(updater.
I have since downloaded about 30 apps directly from Macupdate to test, in one case there was a real infection (of course I uninstalled them all, because I always use the source). I don't know how or who caused this app being infected.
But for me this is enough to not run the risk that the next one can be infected too.
If a website wants to earn more money than from the advertisements, it becomes a risk in my opinion. And personally I would never take that risk however small.
As for the statements of linc: they are always very without any nuance and often unbased and orthodox. They can not always be taken literally.
Lex
Is Utorrent a virus?
