Thea15

Q: malware

Hello,

 

I joined the membership for TheHairStyler.com

and ended up having to download : devil zip and once this downloaded it asked me to download Totiteck. I clued in and canceled. However  I now have an unknown person called "matthew PC" in my finder board and when i open Safari, it is no longer my regular homepage that shows up, but an unknown and unadvertised search program. I have trashed Devil zip and restarted my computer. Is this a big problem ? Advice ?

 

<Link Edited by Host>

MacBook, OS X Yosemite (10.10.5), null

Posted on Feb 27, 2016 9:17 PM

Close

Q: malware

  • All replies
  • Helpful answers

  • by stevejobsfan0123,Solvedanswer

    stevejobsfan0123 stevejobsfan0123 Feb 27, 2016 9:14 PM in response to Thea15
    Level 8 (43,768 points)
    iPhone
    Feb 27, 2016 9:14 PM in response to Thea15

    Sounds more like adware. Run a scan using MalwareBytes: http://malwarebytes.org/antimalware/mac.

  • by Thea15,

    Thea15 Thea15 Feb 27, 2016 9:37 PM in response to stevejobsfan0123
    Level 1 (0 points)
    Feb 27, 2016 9:37 PM in response to stevejobsfan0123

    I thought this problem was solved, but Matthew PC has re-appeared in my Finder board under "shared".

     

    I downloaded Melaware which found 8 or so links under with the name Totiteck. I deleted these and restarted my computer. Matthew-PC seemed gone. The unknown search browswer in Safari was still there. Now Matthew-PC (10 minutes later) is back.

     

    My problem isn't solved....i'm afraid this is a Trojan ?


    Thank you for your help.

  • by stevejobsfan0123,Helpful

    stevejobsfan0123 stevejobsfan0123 Feb 27, 2016 10:22 PM in response to Thea15
    Level 8 (43,768 points)
    iPhone
    Feb 27, 2016 10:22 PM in response to Thea15

    You're welcome, and glad to hear that MalwareBytes solved the problem for you. MalwareBytes got rid of the adware which changed your browser settings, but you will need to change it back manually. Go to Safari > Preferences > Search, and change the search engine back. You should not use any search engine instantiated by adware.

  • by Thea15,

    Thea15 Thea15 Feb 27, 2016 10:22 PM in response to stevejobsfan0123
    Level 1 (0 points)
    Feb 27, 2016 10:22 PM in response to stevejobsfan0123

    I thought this problem was solved, but Matthew PC has re-appeared in my Finder board under "shared".

     

    I downloaded Melaware which found 8 or so links under with the name Totiteck. I deleted these and restarted my computer. Matthew-PC seemed gone. The unknown search browswer in Safari was still there. Now Matthew-PC (10 minutes later) is back.

     

    My problem isn't solved....i'm afraid this is a Trojan ?


    Thank you for your help.

  • by stevejobsfan0123,

    stevejobsfan0123 stevejobsfan0123 Feb 27, 2016 10:34 PM in response to Thea15
    Level 8 (43,768 points)
    iPhone
    Feb 27, 2016 10:34 PM in response to Thea15

    No, it is not. The browser search engine redirect was adware. Seeing a listing under "Shared" is not at all malware related.

  • by etresoft,

    etresoft etresoft Feb 28, 2016 5:27 AM in response to Thea15
    Level 7 (29,258 points)
    Mac OS X
    Feb 28, 2016 5:27 AM in response to Thea15

    Thea15 wrote:

     

    I thought this problem was solved, but Matthew PC has re-appeared in my Finder board under "shared".

     

    I downloaded Melaware which found 8 or so links under with the name Totiteck. I deleted these and restarted my computer. Matthew-PC seemed gone. The unknown search browswer in Safari was still there. Now Matthew-PC (10 minutes later) is back.

     

    My problem isn't solved....i'm afraid this is a Trojan ?


    Thank you for your help.

    Hello Thea15,

    You will have to manually change your search engine back. In Safai, go to the Safari menu and choose Preferences. I think it is under General.

     

    If you are still concerned about any adware that could still be running in the background, you can a little diagnostic program i wrote called EtreCheck. Download EtreCheck from http://www.etrecheck.com, run it, and paste the results here. EtreCheck is perfectly safe to run, does not ask for your password to install, and is signed with my Apple Developer ID.

     

    EtreCheck will list all software installed and running in the background. Hopefully, you won't have anything fishy listed, but we can give you a confirmation of that fact. MalwareBytes is a nice tool, but it is a bit of a "black box".

     

    Disclaimer: Although EtreCheck is free, there are other links on my site that could give me some form of compensation, financial or otherwise.