Q: What is this adware?

If you don't know, then we certainly don't know

The usual suspects are downloads from shady or torrent sites, emails and most often from websites.

Reading this might also be helpful.

Mac Malware Guide: How do I protect myself?  http://www.thesafemac.com/mmg-defense/

 Apple ❦ Lover  wrote:

 

My Macbook Pro Early 2015 has been infected with adware. I scanned it with Bitdefender and it brought up Adware.MAC.OSX.Macinst.A. Where did I get this adware from? I recently tried to download a file on Softonic (Logic Pro X) but stopped. Could that be the problem? I think it is. I tried to remove it using Malwarebytes, but it didn't work. When I tried to delete the file, it prompted me for an administrator password. I am not the administrator of my computer, but that is not the problem right now: Where did I get this adware from?

1. Never download anything from an aggregate download site.  This includes but is not limited to CNET, Download (dot) com, MacUpdate, Softpedia, Softonic, etc.  The installers are many times bundled with malware and adware, so when you install what you were looking for, you end up installing a whole lot that you weren't.  So, to that end, BitDefender didn't protect you from anything.  Any application/plugin/extension/driver you put on your system should be downloaded either from the Mac App Store or from the developer's own website.  That's it.  That's not always a 100% guarantee of chicanery-free downloads, but it's a far cry from chancing it with a torrent or one of the websites I listed above.
2. Logic Pro X is not free.  It costs $199.99 in the Mac App Store.  If you want it, pay for it.
3. You got the adware from trying to download a program from an aggregate download site and the installer was bundled with it.  That's what can happen when you do something risky like that.
4. You need to contact the administrator and tell them what's going on so they can use their password to remove the file(s) you put on the computer. 

You will need to have administrative access (admin account + password) to attempt

to resolve this issue when you have a lesser status account. And there are several

places where some bits of these adware or malware-like items may hide.

There is nothing free in the way of retail applications from sites that have been

associated with softonic or any number of shady downloads of illegal copies;

even if the files themselves are true to their original content, they'd be illegal.

• Stop pop-up ads in Safari - Apple Support

• Tech Guides  (adware, malware, performance) the Safe Mac:

http://www.thesafemac.com/tech-guides/

When you are not an admin, and cannot authenticate your ownership or privileges

in the OS X, one of the first things you'd not want to do or try, is to get some copy

of a retail application that may be loaded with bad-ware. Any combination of items

that are designed to disrupt, damage, or create havoc; or used to undermine your

computer security (passwords, methods of online payment, personal identity, etc)

are to be avoided. No matter how 'free' they sound the real costs are much higher

than an authentic application correct to the system (not some other version) and

capable of correctly being installed by an Admin user who often is the legal owner.

Should Linc Davis see this thread he may offer a set of instructions to test and see

what you really have; some suggestions can help in a logical way to find and remove

certain bits of the adware that are in hiding, in folders in the system library files, etc.

Since I'm not keeping up on the latest methods, and I avoid odd sites or 'free' deals,

sorry to say my advice is fairly slim. Usually a report generated by use of Etrecheck

app can say a lot about the computer, OS X, and a bit of software/hardware status.

Given you do not have admin access, you cannot even start in Safe mode because

you'd have to log in with the Admin password. Contact the admin or owner for help.

In any event...

Good luck & happy computing!

You may have installed ad-injection malware ("adware").

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

Back up all data first.

If you're not already running the latest version of OS X, updating or upgrading in the App Store may cause the adware to be removed automatically. If you are already running the latest version, please log out or restart the computer. Again, some kinds of malware will be removed—not all. There is no such thing as automatic removal of all possible malware, either by OS X or by third-party software. That's why you can't rely on software to protect you.

If the malware is removed in your case, you'll still need to make changes to the way you use the computer to protect yourself from further attacks. Ask if you need guidance.

If the malware is not removed automatically, see below.

This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.

Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. The malware will be disabled temporarily.

Step 1

Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

          Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

Leave the folder open for now.

Step 2

Do as in Step 1 with this line:

/Library/LaunchAgents

The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

Step 3

Repeat with this line:

/Library/LaunchDaemons

This time the folder will be named "LaunchDaemons."

Step 4

Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

Step 5

If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

 Apple ❦ Lover  wrote:

 

My Macbook Pro Early 2015 has been infected with adware. I scanned it with Bitdefender and it brought up Adware.MAC.OSX.Macinst.A.

Trying to download from CNET is a likely source of the adware.

However, from the sounds of it, all you've got is an installer, probably still in your downloads folder, and I'm guessing unopened. The current version of Malwarebytes Anti-Malware for Mac doesn't look for that kind of stuff, it's specifically designed to look for and remove installed threats.

Bitdefender should be able to tell you where the file is that it is identifying as adware. What is the full path to that file? If you can find it, you should be able to drag it to the trash, although I caution you not to do this if the file is in a Time Machine backup or is (for whatever unlikely reason) attached to an e-mail message. Deleting such things in the Finder is not a good idea.

@Apple ❦ Lover: I searched "Adware.MAC.OSX.Macinst.A.", and found that F-Secure had added that adware into its antivirus database, according to this page@ https://www.f-secure.com/dbtracker/Aquarius/2015-08-19_07.html Or you then can give F-Secure for Mac a try: update yr installation and scan your system later. Meantime, plz make sure you've updated MBAM to its latest version as well.

More, plz feel free to provide us with more details, such as the name of that app, path info.

And plz be careful when running/opening internet stuff: always scan your downloaded items before taking actions.