Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: SamOsiris
SamOsiris Author
User level: Level 1
8 points

reallifecam pop-up

I have a Mac laptop - my computer has Sophos Anti-Virus (9.4.0) and Safari is my internet browser (6.1.6). I believe I'm using OS X Mountain Lion; I may have upgraded to El Capitan and forgot.

While browsing on Safari, I noticed History items for reallifecam (a voyeur and/or po'rn site), even though I hadn't visited it. I deleted them from my History. When I closed the Safari window, there was another window with reallifecam on it. It must have opened underneath the window I was using. One of the webpages I was on must have been hacked or unsafe.

So, I closed the window and quit Safari. After that I looked to see if my computer had been affected.

  • I scanned my computer with Sophos a bunch of times and it came up with 'no threats found'.
  • There appears to be nothing new in my Downloads folder.
  • I looked in Applications > Utilities. The newest item there is Adobe Flash Player Install Manager. I know that there are some fraudulent programs given the name Adobe. I was suspicious that the icon was a dark red box with the f-shaped Adobe logo instead of a bright red box with the f-shaped Adobe logo. The Flash Player icon in System Preferences is a square with the f-shaped Adobe logo and it is of the same dark shade of red. I looked on one of the discussions on Apple Support and apparently this is correct. Get Info says as follows - Does this seem all right and in order?
    • Kind: Application (Intel)
    • Size: 738,797 bytes (836 KB on disk)
    • Where: /Applications/Utilities
    • Created: Tuesday, 12 January 2016 01:44
    • Modified: Tuesday 19 January 2016 22:41
    • Version: 20.0.0.286
    • Copyright: Copyright © 2008 - 2016 Adobe Systems Incorporated. All Rights Reserved.
    • More Info: --
    • Name & Extension: Adobe Flash Player Install Manager.app
  • When I looked in Safari Preferences I saw cookies from reallifecam, so I removed them.
  • I looked on Apple.com and found this page - Stop pop-up ads and adware in Safari - Apple Support - I followed the instructions and found nothing. I also found this page - Viruses, Trojans, Malware - and other aspects of Internet Security.
  • I checked for Software Updates, but there don't seem to be any out about now.
  • I turned on my firewall in System Preferences > Security & Privacy for potential future incidents, and disabled Guest User in System Preferences > Users & Groups, just incase.

Since the first incident, I've had no bother with pop-ups, from reallifecam or otherwise, I've seen no ads for reallifecam, and my computer seems to be working normally.

I have had a few worries though. These only started happening after the pop-up - they may be coincidental, but I don't want to rule anything out so think these are worth mentioning:

  • In my email account, the spam folder received two emails with .nl (Netherlands) and .sk (Slovakia) extensions, though I have had no acquaintance with either country or anyone from there whatsoever. The .nl email was apparently a Unilet malware scam, which I deleted before I could open, and the .sk email appeared to be impersonating my sister. I deleted that too and I made a note of the email address it came from. My sister says that her email must have been hacked, and that all she had to do whenever her email has been hacked before was change her password.
  • I also got a scam text on my Nokia phone (not a smartphone) from an unknown sender telling me to update my Apple ID, even though I didn't have an Apple ID at the time. I admittedly opened it, because when my phone says I've received a message it doesn't tell me who they're from until I press Open. I deleted it, and I haven't gotten any other texts like that since. I did transfer my SIM card to a different Nokia phone (also not a smartphone), so I don't know if that did anything or if it was just the one text.

What worries me is there was only one pop-up window that I saw, but there were at least six or seven reallifecam items on my History. This means the website must have been transitioning between its own webpages or opening new tabs without my realising. I would like to make triple-sure that my computer and my information online haven't been compromised. Please, does anyone have any advice?

Posted on Jan 28, 2016 9:38 AM

Reply
Question marked as Best reply
User profile for user: Eric Root
Eric Root
User level: Level 10
684,045 points

Posted on Jan 29, 2016 7:56 AM

Safari/Preferences/Advanced - enable the Develop menu, then go there and Empty Caches. Quit/reopen Safari and test. Then try Safari/History/Show History and delete all history items. Quit/reopen Safari and test. You can also try try Safari/Reset Safari. The down side is it clears all cookies. Doing this may cause some sites to no longer recognize your computer as one that has visited the web site. Go to Finder and select your user/home folder. With that Finder window as the front window, either select Finder/View/Show View options or go command - J. When the View options opens, check ’Show Library Folder’. That should make your user library folder visible in your user/home folder. Select Library./Caches/com.apple.Safari/Caches.db and move it to the trash.


Go to Safari Preferences/Extensions and turn all extensions off. Test. If okay, turn the extensions on one by one until you figure out what extension is causing the problem.


Safari Corruption See post by Linc Davis

View in context
8 replies
Question marked as Best reply
User profile for user: Eric Root
Eric Root
User level: Level 10
684,045 points

Jan 29, 2016 7:56 AM in response to SamOsiris

Safari/Preferences/Advanced - enable the Develop menu, then go there and Empty Caches. Quit/reopen Safari and test. Then try Safari/History/Show History and delete all history items. Quit/reopen Safari and test. You can also try try Safari/Reset Safari. The down side is it clears all cookies. Doing this may cause some sites to no longer recognize your computer as one that has visited the web site. Go to Finder and select your user/home folder. With that Finder window as the front window, either select Finder/View/Show View options or go command - J. When the View options opens, check ’Show Library Folder’. That should make your user library folder visible in your user/home folder. Select Library./Caches/com.apple.Safari/Caches.db and move it to the trash.


Go to Safari Preferences/Extensions and turn all extensions off. Test. If okay, turn the extensions on one by one until you figure out what extension is causing the problem.


Safari Corruption See post by Linc Davis

Reply
User profile for user: SamOsiris
SamOsiris Author
User level: Level 1
8 points

Jan 29, 2016 4:20 PM in response to Eric Root

How do I 'test' after I quit/reopen Safari? Is that just using Safari like normal to see if it works?


If you don't mind me asking, what do these instructions do? Like, what do I achieve if I delete my history and empty my caches and so forth?


Thanks for replying, by the way. I've had a worry that one day in the future I might have to buy something online (e.g. from Vistaprint, Amazon, etc.) and next thing I know my bank account is empty, if there is indeed anything gone wrong with my computer because of this pop-up. My computer hasn't really been showing any symptoms that I can tell, so I don't even know if there's a problem for me to identify, but better to be sure that there's nothing hiding on it.

Reply
User profile for user: pinkstones
pinkstones
User level: Level 5
4,228 points

Jan 29, 2016 5:00 PM in response to SamOsiris

The first thing you should is uninstall Sophos. There are no viruses that can damage OS X. There just aren't. Anti-virus programs on a Mac are essentially useless because they're not actually protecting you from anything. There's nothing to protect you from. It's taking up space on your hard drive and using up RAM. Secondly, that Adobe logo is not fraudulent. When I have to update my Flash player, the Install Manager looks just like you describe, and I've never had any problems with pop-up windows or browser hijackers. Thirdly, the only danger to Macs are Trojans, which come in the form of malware/adware that gets downloaded and installed on your computer by you. You have to physically put them on your computer, they don't just spontaneously show up. So, unless you've downloaded something recently that didn't come from either the Mac App Store or the developer's website, it's highly unlikely anything is on your system, actively compromising it.


In the future, you need to avoid the following kinds of sites, so as to prevent this from happening again:


  • XXX sites
  • aggregate download sites (CNET, Softonic, MacUpdate, etc.)
  • torrent sites
  • mp3 download sites (Mp3 Skull, mp3monkey, etc.)
  • any site that says you can download something for free you know actually costs money to use


I don't know how "reallifecam" ended up in your browser history, but you obviously went somewhere you shouldn't have gone where a pop-up or window or tab redirected your browser there several times. You didn't get it by staying on Twitter and Yahoo.

Reply
User profile for user: SamOsiris
SamOsiris Author
User level: Level 1
8 points

Jan 30, 2016 10:24 AM in response to Eric Root

Thanks, Eric.


Am I going to need to backup my files before I do this? I have Time Machine on my Mac but apparently you need an external hard drive to use it (Use Time Machine to back up or restore your Mac). Hopefully I can get one big enough from the Apple Store. If I did need to make backups, do you think I would need to backup my Applications too?

Reply
User profile for user: pinkstones
pinkstones
User level: Level 5
4,228 points

Jan 30, 2016 11:01 AM in response to SamOsiris

SamOsiris wrote:


Thanks, Eric.


Am I going to need to backup my files before I do this? I have Time Machine on my Mac but apparently you need an external hard drive to use it (Use Time Machine to back up or restore your Mac). Hopefully I can get one big enough from the Apple Store. If I did need to make backups, do you think I would need to backup my Applications too?


No. You just need to open Safari, like Eric said. As for using Time Machine to make backups, it makes backups of your entire system. That's all of it. Not just files and folders. The whole kit and caboodle. That's why you need an external hard drive at least 3x larger than the amount of space currently used up on your computer's internal drive. I'd go for a 1 TB drive, personally.

Reply
User profile for user: SamOsiris
SamOsiris Author
User level: Level 1
8 points

Feb 1, 2016 4:16 AM in response to Eric Root

Thanks for the advice, everyone.


So I emptied caches, deleted my history, reset Safari, and moved Cache.db from com.apple.Safari to the Trash.

Cache.db has been replaced in the folder com.apple.Safari, probably because I've been on Safari since then.

The weird thing is after resetting Safari and testing, Safari Preferences > Privacy shows a bunch of cookies for websites I haven't been to since:

  • 2o7.net
  • amazon-adsystem.net
  • amazon.com
  • apple.com
  • atdmt.com
  • atticwicket.com
  • badgeville.com
  • bbc.co.uk
  • cdn-apple.com
  • cnn.com
  • content.googleapis.com
  • criteo.com
  • crwdcntrl.net
  • d3biamo577v4eu.cloudfront.net
  • d3qxwzhswv93jk.cloudfront.net
  • disney.co.uk
  • disney.com
  • doubleclick.net
  • ebay.com
  • exelator.com
  • facebook.com
  • fbcdn.net
  • flixster.com
  • ggpht.com
  • glam.com
  • google-analytics.com
  • google.co.uk
  • google.com
  • googlesyndication.com
  • googleusercontent.com
  • gstatic.com
  • imrworldwide.com
  • krxd.net
  • licdn.com
  • linkedin.com
  • media6degrees.com
  • npr.org
  • openx.net
  • quantserve.com
  • realtime.co
  • revsci.net
  • rottentomatoes.com
  • servedbyopenx.com
  • usatoday.com
  • weather.com
  • webspectator.com
  • wikipedia.org
  • wsj.com
  • yelp.com
  • yelpcdn.com
  • yldbt.com
  • youtube.com
  • ytimg.com
  • zergnet.com

Well, I've been on Apple, YouTube, Facebook, and I've done a Google search or two.

I think some of these cookies came from Safari > Top Sites after I reset Safari. It shows:

  • iCloud
  • Twitter
  • Wikipedia
  • Yahoo
  • BBC
  • Amazon.com
  • CNN
  • Disney
  • ESPN
  • eBay
  • NPR
  • Flickr
  • USA Today
  • LinkedIn
  • The Wall Street Journal
  • Rotten Tomatoes
  • Yelp
  • YouTube
  • and one blank one called Title. I clicked on it and it took me to a webpage on weather.com that was either mostly blank or didn't load properly.


So, the sites I visited and the ones displayed in Top Sites aside, I don't know how I got these cookies.

I looked some of the more unfamiliar ones up - a lot of results for revsci.net in particular mention spyware.

Reply
User profile for user: SamOsiris
SamOsiris Author
User level: Level 1
8 points

Feb 3, 2016 9:55 AM in response to SamOsiris

I found this website by following a link posted on Apple Support Communities - The Safe Mac >> Mac Malware Guide : Am I infected? According to this:


"Browser windows opening on their own are not a symptom of malware. This is just caused by obnoxious or outright malicious JavaScript on the page. This could be because the site itself is malicious, but is more likely to be caused by a bad advertisement on the page or a hack of some kind (either the site itself has been hacked or a site it pulls content from – such as an ad site – has been hacked)."


Even if we rule out the possibility of a virus, or it being an issue with Safari, can you can get other malware from a browser window that opened by itself?

Reply

reallifecam pop-up

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up