Tonight I started getting this behavior--about every minute a new Safari tab automatically opens with this url: https:://staticxx. facebook.com/ common/ referer_frame.php
If Safari is closed it opens to it. NOTE: I intentionally added spaces so it doesn't become an active url.
What is this thing and how to I stop or get rid of it?
Mac mini (Late 2012), null
Force quit Safari using the Command + Option + Escape keyboard shortcut then relaunch Safari while holding down the Shift key.
That will prevent previous sessions from loading.
I tried that a coupe of times and it's still doing it. Any other ideas?
I see the domain says facebook.com but it sure looks suspicious. Do you think this is a virus or a some facebook thing gone rouge? I haven't even launched Facebook in Safari for weeks.
Steve Edelstein wrote:
I tried that a coupe of times and it's still doing it. Any other ideas?
I see the domain says facebook.com but it sure looks suspicious. Do you think this is a virus or a some facebook thing gone rouge? I haven't even launched Facebook in Safari for weeks.
There are no viruses for OS X at this time, so that's not what it is. Try uninstalling all extensions you may have, then relaunch Safari. Are you still experiencing the same problem?
Try running this program and then copy and paste the output in a reply. The program was created by Etresoft, a frequent contributor. Please use copy and paste as screen shots can be hard to read. This will show what is running on your computer. No personal information is shown.
Eric, first I checked for extensions and there are none installed.
I ran Etresoft and the results are below.
I noticed another problem. Safari was covering ip the below error message which I never saw before. I have no user called "realsoftware" or any realsoftware according to Clean My Mac. Maybe it's unrelated but it seems like maybe it could be related.
==========================
EtreCheck version: 2.9.11 (264)
Report generated 2016-04-28 08:01:44
Download EtreCheck from https://etrecheck.com
Runtime 4:38
Performance: Good
Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Problem: Other problem
Description:
A new Safari tab automatically opens about every minute to the below url. When the tab is closed it reopens. If Safari is not running it automatically starts up with the url.
https://staticxx.facebook.com/common/referer_frame.php
Hardware Information:ⓘ
Mac mini (Late 2012)
[Technical Specifications] - [User Guide] - [Warranty & Service]
Mac mini - model: Macmini6,2
1 2.3 GHz Intel Core i7 CPU: 4-core
4 GB RAM Upgradeable - [Instructions]
BANK 0/DIMM0
2 GB DDR3 1600 MHz ok
BANK 1/DIMM0
2 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: Unknown
Video Information:ⓘ
Intel HD Graphics 4000
HP w2338h 1920 x 1080
System Software:ⓘ
OS X El Capitan 10.11.3 (15D21) - Time since boot: less than an hour
Disk Information:ⓘ
APPLE SSD SM256E disk0 : (251 GB) (Solid State - TRIM: Yes)
EFI (disk0s1) <not mounted> : 210 MB
Macintosh HD (disk0s2) / : 250.14 GB (151.39 GB free)
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
USB Information:ⓘ
Apple, Inc. Keyboard Hub
Apple Inc. Apple Keyboard
Apple, Inc. IR Receiver
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
VIA Labs, Inc. USB3.0 Hub
VIA Labs, Inc. USB3.0 Hub
Western Digital My Book 1234 2 TB
EFI (disk2s1) <not mounted> : 210 MB
My Book for Mac (disk2s2) /Volumes/My Book for Mac : 1.73 TB (824.56 GB free)
Clone Disk (disk2s3) /Volumes/Clone Disk : 271.64 GB (34.69 GB free)
VIA Labs, Inc. USB2.0 Hub 1 TB
LaCie LaCie Hard Drive Quadra 1 TB
EFI (disk1s1) <not mounted> : 210 MB
Lacie 1TB (disk1s2) /Volumes/Lacie 1TB : 999.86 GB (451.94 GB free)
VIA Labs, Inc. USB2.0 Hub
Thunderbolt Information:ⓘ
Apple Inc. thunderbolt_bus
Gatekeeper:ⓘ
Mac App Store and identified developers
Kernel Extensions:ⓘ
/Library/Application Support/Avast/components/fileshield/unsigned
[loaded] com.avast.AvastFileShield (3.0.0 - SDK 10.10 - 2016-04-12) [Support]
/Library/Application Support/Avast/components/proxy/unsigned
[loaded] com.avast.PacketForwarder (2.1 - SDK 10.10 - 2016-04-12) [Support]
/Library/Extensions
[loaded] com.karios.driver.DuetDisplay (1.1.2 - SDK 10.10 - 2016-03-22) [Support]
[not loaded] com.sony.driver.dsccamDeviceInfo00 (1.3.0.07310 - SDK 10.7 - 2016-03-22) [Support]
System Launch Agents:ⓘ
[not loaded] 7 Apple tasks
[loaded] 153 Apple tasks
[running] 76 Apple tasks
System Launch Daemons:ⓘ
[not loaded] 45 Apple tasks
[loaded] 157 Apple tasks
[running] 86 Apple tasks
Launch Agents:ⓘ
[not loaded] com.adobe.AAM.Updater-1.0.plist (2016-04-12) [Support]
[running] com.adobe.AdobeCreativeCloud.plist (2016-02-14) [Support]
[running] com.avast.secureline.update-agent.plist (2016-04-27) [Support]
[loaded] com.avast.secureline.userinit.plist (2016-04-27) [Support]
[running] com.avast.update-agent.plist (2016-04-27) [Support]
[loaded] com.avast.userinit.plist (2016-04-27) [Support]
[loaded] com.google.keystone.agent.plist (2016-03-01) [Support]
[loaded] com.oracle.java.Java-Updater.plist (2016-03-12) [Support]
[running] com.sony.SonyAutoLauncher.agent.plist (2014-10-20) [Support]
[running] com.sony.WirelessAutoImportLauncher.agent.plist (2012-06-08) [Support]
[not loaded] com.teamviewer.teamviewer.plist (2015-11-29) [Support]
[not loaded] com.teamviewer.teamviewer_desktop.plist (2015-11-29) [Support]
Launch Daemons:ⓘ
[running] com.adobe.adobeupdatedaemon.plist (2016-04-12) [Support]
[loaded] com.adobe.agsservice.plist (2016-04-12) [Support]
[loaded] com.adobe.fpsaud.plist (2016-04-15) [Support]
[loaded] com.avast.init.plist (2016-04-27) [Support]
[loaded] com.avast.secureline.init.plist (2016-04-27) [Support]
[loaded] com.avast.secureline.uninstall.plist (2016-04-27) [Support]
[loaded] com.avast.secureline.update.plist (2016-04-27) [Support]
[loaded] com.avast.uninstall.plist (2016-04-27) [Support]
[loaded] com.avast.update.plist (2016-04-27) [Support]
[loaded] com.bombich.ccc.plist (2014-08-27) [Support]
[running] com.bombich.ccchelper.plist (2014-11-05) [Support]
[running] com.crashplan.engine.plist (2016-04-19) [Support]
[loaded] com.google.keystone.daemon.plist (2016-03-01) [Support]
[loaded] com.macpaw.CleanMyMac2.Agent.plist (2015-07-25) [Support]
[loaded] com.macpaw.CleanMyMac3.Agent.plist (2015-10-17) [Support]
[loaded] com.microsoft.office.licensing.helper.plist (2010-08-25) [Support]
[loaded] com.oracle.java.Helper-Tool.plist (2016-03-12) [Support]
[loaded] com.teamviewer.Helper.plist (2015-01-15) [Support]
[not loaded] com.teamviewer.teamviewer_service.plist (2015-11-29) [Support]
User Launch Agents:ⓘ
[loaded] com.adobe.AAM.Updater-1.0.plist (2014-08-25) [Support]
[loaded] com.avast.home.userinit.plist (2016-04-27) [Support]
[loaded] com.avast.secureline.home.userinit.plist (2016-04-27) [Support]
[loaded] com.macpaw.CleanMyMac3.Scheduler.plist (2016-04-28) [Support]
[running] com.spotify.webhelper.plist (2016-03-25) [Support]
User Login Items:ⓘ
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
LineIn Application (/Applications/LineIn.app)
Alfred 2 Application (/Applications/Alfred 2.app)
Dropbox Application (/Applications/Dropbox.app)
CrashPlan menu bar Application (/Applications/CrashPlan.app/Contents/Helpers/CrashPlan menu bar.app)
CCC User Agent Application (/Applications/Carbon Copy Cloner-3.app/Contents/Library/LoginItems/CCC User Agent.app)
SpyderUtility Application (/Applications/Datacolor/Spyder5Express/Support/SpyderUtility.app)
CleanMyMac 3 Menu Application (/Applications/CleanMyMac 3.app/Contents/MacOS/CleanMyMac 3 Menu.app)
Other Apps:ⓘ
[running] com.adobe.CCLibrary.323552
[running] com.adobe.CCXProcess.340512
[running] com.adobe.acc.AdobeDesktopService.96032.849934E0-615A-434C-94F2-701F59AAA403
[running] com.adobe.accmac.340832
[loaded] com.avast.account
[loaded] com.avast.crashreport
[running] com.avast.daemon
[running] com.avast.fileshield
[running] com.avast.helper
[running] com.avast.proxy
[running] com.avast.secureline.avastsecurelinehelper
[loaded] com.avast.secureline.burger
[running] com.avast.secureline.service
[running] com.avast.service
[running] com.bombich.cccuseragent.48352
[running] com.code42.b42menuextra.87712
[running] com.fabriceleyne.menubarrearranger.6112
[loaded] com.fabriceleyne.menubarrearrangerloginhelper
[loaded] com.fiplab.fbloginhelper
[loaded] com.fiplab.gmailoginhelper
[running] com.fiplab.goforfacebook.331552
[running] com.fiplab.goforgmail.332192
[running] com.getdropbox.dropbox.49312
[running] com.hp.devicemonitor
[running] com.macpaw.CleanMyMac3.528352
[running] com.macpaw.CleanMyMac3.Menu.93152
[running] com.rogueamoeba.LineIn2.338912
[running] com.runningwithcrayons.Alfred-2.47712
[loaded] 415 Apple tasks
[running] 216 Apple tasks
Internet Plug-ins:ⓘ
AdobeAAMDetect: 3.0.0.0 - SDK 10.9 (2016-04-12) [Support]
FlashPlayer-10.6: 21.0.0.226 - SDK 10.6 (2016-04-21) [Support]
QuickTime Plugin: 7.7.3 (2016-02-10)
Flash Player: 21.0.0.226 - SDK 10.6 (2016-04-21) [Support]
Default Browser: 601 - SDK 10.11 (2016-02-10)
PMCADownloader: 1.2.1998.896 - SDK 10.5 (2014-12-19) [Support]
SharePointBrowserPlugin: 14.6.3 - SDK 10.6 (2016-04-27) [Support]
Google Earth Web Plug-in: 7.1 (2015-10-24) [Support]
Silverlight: 5.1.30514.0 - SDK 10.6 (2015-10-24) [Support]
JavaAppletPlugin: Java 8 Update 77 build 03 (2016-03-25) Check version
User internet Plug-ins:ⓘ
NugsterPlugin: Unknown - SDK 10.7 (2015-03-06) [Support]
3rd Party Preference Panes:ⓘ
Flash Player (2016-04-15) [Support]
Java (2016-03-25) [Support]
Time Machine:ⓘ
Skip System Files: NO
Mobile backups: OFF
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 250.14 GB Disk used: 98.75 GB
My Book for Mac: Disk size: 1.73 TB Disk used: 903.69 GB
Destinations:
Time Capsule [Network]
Total size: 2.00 TB
Total number of backups: 73
Oldest backup: 8/29/15, 7:52 AM
Last backup: 4/27/16, 10:12 PM
Size of backup disk: Too small
Backup size 2.00 TB < (Disk used 1.00 TB X 3)
Top Processes by CPU:ⓘ
9% Go for Gmail
8% WindowServer
6% LineIn
3% kernel_task
3% com.hp.devicemonitor
Top Processes by Memory:ⓘ
592 MB kernel_task
135 MB mdworker(12)
98 MB com.apple.WebKit.WebContent(4)
86 MB Go for Facebook
82 MB com.avast.daemon
Virtual Memory Information:ⓘ
94 MB Free RAM
3.90 GB Used RAM (1.14 GB Cached)
69 MB Swap Used
Diagnostics Information:ⓘ
Apr 28, 2016, 07:49:01 AM Self test - passed
Apr 27, 2016, 10:33:27 PM ~/Library/Logs/DiagnosticReports/SpyderUtility_2016-04-27-223327_[redacted].cra sh
??? - /Applications/Datacolor/*/SpyderUtility.app/Contents/MacOS/SpyderUtility
Your computer is mess.
.
Thanks. I'll do the uninstalls and will let you know if that resolves it. Actually, I installed Avast last night out of desperation thinking it might find something but of course it didn't.
Steve --
The EtreCheck will show you what you have . . . and MalWareBytes can delete most all Malware garbage. Both apps were developed by wonderful long-time helpers here, and have proven to be highly effective, and free.
I've done these things and the problem still exists:
Have noticed that when I reboot Safari launches at startup and goes directly to the bad actor. It does not start with Home page I have set which is Google.
Have also noticed that when I go to this message thread, below the last message it says "Auto-saved version of this content were found." and I can Recover or Delete. I have never had this before but now it's every time I come here.
I think I found the problem. Thinking about FaceBook I realized a I had an app called Go for Facebook so I deleted it and while I was at it, deleted Go For Gmail. Both were marginally useful anyway so no great loss. Since then the problem stopped. I'll wait awhile to make sure it's gone but it's looking good. Thanks for all the advice.
I am having this problem with my Mac Yoseemite10.10.5. I tried to move Go for Facebook to Trash and it won't let me because "The item “Go for Facebook.app” can’t be moved to the Trash because it’s open."
What do I need to do? Pls
On my Mac the app had an icon in the top toolbar which has some menu items with Quit as the bottom one I believe. You should be able to use Quit and then it should be able to be deleted. If that doesn't work try to Force Quit it an then delete the app.
My app icon for Go for Facebook does not have a Quit but it has show in Finder. So I went to Finder and tried to Move to Trash. It did not work, because it says the app was Running. So I used Force Quit on it but it did not show that the Go for Facebook was running. I highlighted the golf for Facebook app on Finder and tried Force Quit, it will only Force Quit Finder. So my problem is still there. Thanks though.
Ok, I opened the Go for Facebook app itself and turned off the Open at Log In. Then I went back to Finder to find the app and then Move to Trash. It worked!!
Thanks!
This feels like a virus. Is it?
