IOS El Capitan downloaded with adware
since upgrading to El Capitan, I have adware on my macbook pro, as if it were part of it, has anyone else had this happen?
iPhone 4S
18 replies
It comes from your browsing habits, not OS X (it's not iOS which is for iPhones, etc.)
Remove Browser Pop-up Problems
Malwarebytes Anti-Malware 1.0.1.7
Adblock Plus 1.8.9, GlimmerBlocker, or AdBlock
Remove adware that displays pop-up ads and graphics on your Mac
Follow the advice of: Kappy, Allan Eckert, and stedman1
since upgrading to El Capitan, I have adware on my macbook pro, as if it were part of it, ...
Assuming you obtained the El Capitan upgrade through the Mac App Store (its only legitimate source), adware most certainly does not accompany the upgrade. Although adware relies upon deception to become installed, you have to explicitly consent to its installation. Read How to install adware to find out how that happens, and what you should do about it.
How to safely use MacUpdate to download malware-free software:
This site has both free and paid membership accounts. If you have neither then some software will be distributed as an installer wrapper that includes adware/malware you may not want. Such a download may appear on your computer like this: Firefox Installer.dmg. Delete the download and return to the main site where you will find a direct link to the developer's website. Use that link from which to download the software.
To avoid such downloads from MU just create a free membership account. Log into your account prior to using the site. This will avoid the installer wrappers and downloading adware or malware. I continue to use their site without any problems.
If you prefer not to create a membership account then note that on the download page under the price box will be the link to the developer’s site. Use that link and download the software directly from the developer circumventing the use of MU altogether.
You may be sent warnings from a user that warns that the site is “dangerous.” This is an exaggeration. Learn the facts. You merely need to use the site intelligently. Support the site but do so wisely - establish a free or paid membership to avoid problems with malware. Don’t pay attention to other users who warn you away with hyperbole.
A
Links have been posted in this thread to the "macupdate" website. Do not follow the links, and never download anything from that site. It intentionally distributes OS X malware by packaging some free applications (such as "Firefox" and "Skype") in an unnecessary and malicious "installer."
All software should be downloaded directly from the developer's website or from the App Store. Don't trust any site such as "macupdate" that aggregates links.
B
You may have installed ad-injection malware ("adware").
Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.
Some of the most common types of adware can be removed by following Apple's instructions.
If you're not already running the latest version of OS X ("El Capitan"), updating or upgrading in the App Store may cause the adware to be removed automatically. Back up all data before taking that step. If you're already running the latest version of El Capitan, you can nevertheless download the current updater from the Apple Support Downloads page and run it. Again, some kinds of malware will be removed. That may be all you need to do as far as removal is concerned, but you'll still need to make changes to the way you use the computer to protect yourself from further attacks.
If the above steps don't work for you, see below.
This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.
Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.
If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.
Step 1
Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.
If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.
There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.
Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.
Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.
Leave the folder open for now.
Step 2
Do as in Step 1 with this line:
/Library/LaunchAgents
The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.
Step 3
Repeat with this line:
/Library/LaunchDaemons
This time the folder will be named "LaunchDaemons."
Step 4
Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.
Step 5
If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.
The advice posted here by Kappy is spot-on.
Happy New Year, Steve Thanks for the support.
If you're confused by the dangerous misinformation in this thread, please see below.
...MacUpdate, long considered to be one of the only remaining trustworthy download aggregation sites for the Mac, has succumbed to the same plague that has ruined most of the others: adware. ...
Download.com (formerly VersionTracker) and Softonic have both been engaging in this kind of behavior for some time, and for this reason, Mac experts have been recommending against the use of such sites. Although it’s generally recommended to only download software from the developer’s site (such as skype.com in the case of Skype), some have continued to recommend MacUpdate, which hasn’t engaged in such behavior… until now. It appears MacUpdate may need to be added to the boycott list.
The oft-repeated advice for those looking for software to download bears repeating once again: only download apps from the Mac App Store or from the official developer’s website.
Has MacUpdate fallen to the adware plague?
MacUpdate is bundling adware with some third-party apps, without the permission of the developers of those apps, and is no longer to be trusted. ... A free MacUpdate account does not protect you from the adware installers.
Any time. Always happy to steer users away from questionable or misleading advice.
Happy New Year to you as well!
I only ever download apps directly from vendor sites. I do check
Macupdate and Download.com for any new stuff or updates
to current items. Sometimes to search for some specialty app
that I may need, just to get the info for were it is from. But that is it.
I never download from them. Also, so far have not got anything
"injected" from them from just browsing.
Even without adware, it is quite possible to get infected apps and
fraudulent links from these sites, though at this point not common (yet).
I agree with the others here, only download directly from vendors.
Also, when looking at downloading/purchasing a new app, do a little investigation
of the vendor itself. Some vendors will download additional "crapware" with their
app and install anonymously, though some will actually ask you if you want to
install it. A little homework goes a long way.
Linc Davis wrote:
Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.
Apple in their OFFICIAL documentation does condone the use of AV applications making this statement in conflict with OFFICIAL Apple policy.
https://support.apple.com/en-us/HT201675
The best course of action the user should take is to download Malwarebytes for Mac:
https://www.malwarebytes.org/antimalware/mac/
Is faster, simpler and more comprehensive than any other approach to adware/malware removal.
Ciao.
To avoid such downloads from MU just create a free membership account.
Exactly. I created a free account with them years ago. I can download items from them at any time and I never get adware with my downloads. Why they make that distinction, I don't know. Other than it gets you on their email lists and you get advertising for their site that way. But they are even good about that and don't deluge the user with email notices. I only see emails from MacUpdate about once a week. Unlike some other businesses that will send out as many as six a day.
Your question brings up the subject of removing adware. This is a general comment on that subject.
Under no circumstances should you ever allow anti-virus software to delete something for you.
The only tools that anyone needs to detect and remove adware are the Finder and a web browser, both of which you already have. Anyone who has enough computer skill to install adware can just as well remove it without using anything else.
Apple's general statements about malware protection are here and here, and here are its instructions for removing the most common types of ad-injection malware. Those statements don't mention any third-party "anti-virus" or "anti-malware" product. Apple's method for removing adware involves, as I say, only the Finder and a web browser.
You become infected with malware by downloading unknown software without doing research to determine whether it's safe. If you keep making that mistake, the same, and worse, will keep happening, and no anti-malware will rescue you. The only safety lies in safe computing practices.
The Windows/Android anti-malware industry had more than $75 billion in sales in 2014 [source: Gartner, Inc.] Its marketing strategy is to convince people that they're helpless against malware attack unless they use its products. But with all that anti-malware, the Windows and Android platforms are still infested with malware—most of it far more harmful than mere adware. The same can be expected to happen to the Mac platform if its users trust the same industry to protect them, instead of protecting themselves.
You are not helpless, and you don't have to give full control of your computer—and your data—to strangers in order to be rid of adware.
These are generalities. Regarding the "malwarebytes" product in particular, you may be told that there are no reports that is has caused damage. In fact, there are such reports; for example:
I found malware or adware on my system the other day. I removed it with Maleware Bytes and since then Safari has not worked proper at all.
preferences pane will not load
Read that report and draw your own conclusions—not anyone else's conclusions.
The developer itself admitted that the Windows version of the product has been known to delete essential system files.
Whether the software damages the system or not, it prompts for your password in order to take full adminstrative control, and connects via the Internet to a server controlled by the developer. The developer's privacy policy, linked directly to the product page, reads in part as follows:
"Without limiting the Privacy Policy, you agree that Malwarebytes may track certain data it obtains from your Computer including data about any malicious software or other threats flagged by the Software, data about your license, data about what version of the Software you are using and what operating conditions it runs under and data concerning your geographic location."
(Emphasis added.) So the developer admits to tracking your location, as well as other unspecified data, and gives itself the legal right to collect any data it chooses. How it uses that right, you don't know. By running the software, you accept these terms.
It's sometimes said that the Malwarebytes product only removes adware rather than malware as such (if there's a difference), and that it therefore shouldn't be stigmatized as anti-malware. The developer's own description does distinguish between adware and malware, and specifically mentions removing malware as a selling point six times. A self-described employee of the developer wrote in an ASC discussion, "Actually, it's also a malware removal app..." (emphasis added.)
The question then is: as a security-conscious computer user, do you want to take risks where there is no benefit?
IOS El Capitan downloaded with adware