Q: IOS El Capitan downloaded with adware

Writing an effective Apple Support Communities question

It comes from your browsing habits, not OS X (it's not iOS which is for iPhones, etc.)

Remove Browser Pop-up Problems

     Malwarebytes Anti-Malware 1.0.1.7

     Adblock Plus 1.8.9, GlimmerBlocker, or AdBlock

     Remove adware that displays pop-up ads and graphics on your Mac

     How to remove the FlashMall adware from OS X

     Stop pop-up ads and adware in Safari - Apple Support

Please download and install EtreCheck from http://etrecheck.com/

Run it and post the report here.

Follow the advice of: Kappy, Allan Eckert, and stedman1

since upgrading to El Capitan,  I have adware on my macbook pro, as if it were part of it, ...

Assuming you obtained the El Capitan upgrade through the Mac App Store (its only legitimate source), adware most certainly does not accompany the upgrade. Although adware relies upon deception to become installed, you have to explicitly consent to its installation. Read How to install adware to find out how that happens, and what you should do about it.

How to safely use MacUpdate to download malware-free software:

This site has both free and paid membership accounts. If you have neither then some software will be distributed as an installer wrapper that includes adware/malware you may not want. Such a download may appear on your computer like this: Firefox Installer.dmg. Delete the download and return to the main site where you will find a direct link to the developer's website. Use that link from which to download the software.

To avoid such downloads from MU just create a free membership account. Log into your account prior to using the site. This will avoid the installer wrappers and downloading adware or malware. I continue to use their site without any problems.

If you prefer not to create a membership account then note that on the download page under the price box will be the link to the developer’s site. Use that link and download the software directly from the developer circumventing the use of MU altogether.

You may be sent warnings from a user that warns that the site is “dangerous.” This is an exaggeration. Learn the facts. You merely need to use the site intelligently. Support the site but do so wisely - establish a free or paid membership to avoid problems with malware. Don’t pay attention to other users who warn you away with hyperbole.

A

Links have been posted in this thread to the "macupdate" website. Do not follow the links, and never download anything from that site. It intentionally distributes OS X malware by packaging some free applications (such as "Firefox" and "Skype") in an unnecessary and malicious "installer."

All software should be downloaded directly from the developer's website or from the App Store. Don't trust any site such as "macupdate" that aggregates links.

B

You may have installed ad-injection malware ("adware").

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

Some of the most common types of adware can be removed by following Apple's instructions.

If you're not already running the latest version of OS X ("El Capitan"), updating or upgrading in the App Store may cause the adware to be removed automatically. Back up all data before taking that step. If you're already running the latest version of El Capitan, you can nevertheless download the current updater from the Apple Support Downloads page and run it. Again, some kinds of malware will be removed. That may be all you need to do as far as removal is concerned, but you'll still need to make changes to the way you use the computer to protect yourself from further attacks.

If the above steps don't work for you, see below.

This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.

Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. That will disable the malware temporarily.

Step 1

Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

          Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

Leave the folder open for now.

Step 2

Do as in Step 1 with this line:

/Library/LaunchAgents

The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

Step 3

Repeat with this line:

/Library/LaunchDaemons

This time the folder will be named "LaunchDaemons."

Step 4

Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

Step 5

If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

The advice posted here by Kappy is spot-on.

Happy New Year, Steve Thanks for the support.

If you're confused by the dangerous misinformation in this thread, please see below.

...MacUpdate, long considered to be one of the only remaining trustworthy download aggregation sites for the Mac, has succumbed to the same plague that has ruined most of the others: adware. ...

Download.com (formerly VersionTracker) and Softonic have both been engaging in this kind of behavior for some time, and for this reason, Mac experts have been recommending against the use of such sites. Although it’s generally recommended to only download software from the developer’s site (such as skype.com in the case of Skype), some have continued to recommend MacUpdate, which hasn’t engaged in such behavior… until now. It appears MacUpdate may need to be added to the boycott list.

The oft-repeated advice for those looking for software to download bears repeating once again: only download apps from the Mac App Store or from the official developer’s website.

Has MacUpdate fallen to the adware plague?

MacUpdate is bundling adware with some third-party apps, without the permission of the developers of those apps, and is no longer to be trusted. ... A free MacUpdate account does not protect you from the adware installers.

Is Utorrent a virus?

Any time. Always happy to steer users away from questionable or misleading advice.

Happy New Year to you as well!

I only ever download apps directly from vendor sites.  I do check

Macupdate and Download.com for any new stuff or updates

to current items.  Sometimes to search for some specialty app

that I may need, just to get the info for were it is from.  But that is it.

I never download from them.  Also, so far have not got anything

"injected" from them from just browsing.

Even without adware, it is quite possible to get infected apps and

fraudulent links from these sites, though at this point not common (yet).

I agree with the others here, only download directly from vendors.

Also, when looking at downloading/purchasing a new app, do a little investigation

of the vendor itself.  Some vendors will download additional "crapware" with their

app and install anonymously, though some will actually ask you if you want to

install it.  A little homework goes a long way.

Linc Davis wrote:

 

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

Apple in their OFFICIAL documentation does condone the use of AV applications making this statement in conflict with OFFICIAL Apple policy.

https://support.apple.com/en-us/HT201675

The best course of action the user should take is to download Malwarebytes for Mac:

https://www.malwarebytes.org/antimalware/mac/

Is faster, simpler and more comprehensive than any other approach to adware/malware removal.

Ciao.

To avoid such downloads from MU just create a free membership account.

Exactly. I created a free account with them years ago. I can download items from them at any time and I never get adware with my downloads. Why they make that distinction, I don't know. Other than it gets you on their email lists and you get advertising for their site that way. But they are even good about that and don't deluge the user with email notices. I only see emails from MacUpdate about once a week. Unlike some other businesses that will send out as many as six a day.