LMWill

Q: Malware problem

Hi,

 

I have malware taking over my Safari and Chrome browsers, it tell me my computer is infected, on other sites it places buying ads, and on other pages it keeps me from performing functions such as clicking on tabs. this is a screenshot of what it looks like.Screen Shot 2016-05-10 at 1.54.52 PM.png

 

I am running OS X El Capitan 10.11.4

 

Thanks

Brian

MacBook Pro with Retina display, OS X El Capitan (10.11.4)

Posted on May 10, 2016 11:04 AM

Close

Q: Malware problem

  • All replies
  • Helpful answers

  • by Carolyn Samit,

    Carolyn Samit Carolyn Samit May 10, 2016 11:10 AM in response to LMWill
    Level 10 (123,937 points)
    Apple Music
    May 10, 2016 11:10 AM in response to LMWill

    Hi Brian,



    It's a scam not malware.

     

    Force quit Safari by using the Command + Option + Esc keyboard shortcut then relaunch Safari while holding down the Shift key. That prevents the auto restore of your last Safari session.


    You can also Force Quit Chrome the same way.

     

    Stop pop-up ads in Safari

  • by LMWill,

    LMWill LMWill May 10, 2016 11:20 AM in response to Carolyn Samit
    Level 1 (4 points)
    Notebooks
    May 10, 2016 11:20 AM in response to Carolyn Samit

    Carolyn,

     

    Thanks for the quick reply, That didn't work. I also have a file that keeps downloading itself, we may have accidentally installed it within the past few days, I am not sure as I share this with my wife. it is a file called amc_rb_mrtmac.pk. I get this screenshot now.

    Screen Shot 2016-05-10 at 2.12.45 PM.png

  • by Carolyn Samit,

    Carolyn Samit Carolyn Samit May 10, 2016 11:33 AM in response to LMWill
    Level 10 (123,937 points)
    Apple Music
    May 10, 2016 11:33 AM in response to LMWill

    That's for MacKeeper which you do not want on your Mac.

     

    Help for uninstalling >  http://www.macworld.com/article/2861435/software-utilities/how-to-uninstall-mack eeper-from-your-mac.html

  • by Linc Davis,

    Linc Davis Linc Davis May 10, 2016 11:52 AM in response to LMWill
    Level 10 (208,037 points)
    Applications
    May 10, 2016 11:52 AM in response to LMWill

    You installed a fake "utility" called "Advanced Mac Cleaner" and/or "AdwareCleaner." Like any software that purports to automatically "clean up" or "speed up" a Mac, it's a scam.

    To remove it, please take the steps below. Some of the files listed may be absent in your case. Back up all data before proceeding.

    Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

    If you paid for the software with a credit card, consider reporting the charge to the bank as fraudulent.

    Step 1

    Triple-click anywhere in the line below on this page to select it:

    ~/Library/LaunchAgents

    Right-click or control-click the highlighted line and select

              Services Open

    from the contextual menu.* A folder named "LaunchAgents" may open. If it does, look inside it for files with a name that begins in either of these ways:

              com.pcv.

              com.adwarecleaner.

    Move any such files to the Trash.

    Log out or restart the computer and empty the Trash.

    *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select

              Go Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. You may not see what you pasted because a line break is included. Press return.

    Step 2

    The malware is now permanently inactivated, as long as you don't reinstall it. This step is optional.

    Delete the following items, if they exist, as in Step 1:

    /Library/Application Support/amc
    ~/Library/AdvancedMacCleaner

    There's no need to log out or restart after taking this step.

    The problem started when you downloaded something, perhaps an application called "FileZilla" or "NicePlayer," when prompted to do so by a popup on a website. Never visit that site again. All legitimate software should be downloaded directly from the developer's website or from the Mac App Store, if applicable.

    "Advanced Mac Cleaner" may have been bundled with other malware that was installed at the same time. If you still have problems with web browsers after removing it, ask for instructions.

  • by Carolyn Samit,

    Carolyn Samit Carolyn Samit May 10, 2016 12:04 PM in response to LMWill
    Level 10 (123,937 points)
    Apple Music
    May 10, 2016 12:04 PM in response to LMWill

    Brian ..

     

    Follow the instructions posted by:  Linc Davis


    I hadn't seen, Advanced Mac Cleaner before. He can help you.