Q: Malware

getting adds of a specific variety is not proof of anything malware on your computer.

what sites are you going to where you're seeing these ads is likely the cause.

Aside from sites with questionable content I get ads for MacCrapper on you-tube, Cnet and other mac oriented sites because they pay for advertising and spam the living $#!+ out of the internet sometimes.

The adware makers have been seriously ramping up their efforts lately. It is getting much harder to detect or remove both by automated or manual methods. A recent find by MalwareBytes is that one adware maker uses a dictionary of over 220,000 words to name the files they install. And on top of that, detect the attempt to remove them and re-download the missing components - with yet a different randomly chosen file name.

Adware isn't just adware anymore that was simple, or not all that difficult to remove. It has become invasive malware. Unfortunately, it has gotten so difficult to remove some of this, I can't give you a helpful comment that doesn't involve erasing the drive and restoring it to a state before this garbage got on your Mac. If you have no such backup, you'll have to rebuild it from scratch.

Hold off on that Draconian step, though. Others may have a better idea of finding and removing it. But as a side note, never, ever download anything from illegal pirate sites or P2P sites. And not even from legal sites such as www.download.com or www.softonic.com, which are two of the worst. Almost everything you get from them includes adware installers. If you want to try freeware or shareware, get it only from the site of the vendor who makes it.

You may have installed ad-injection malware ("adware").

Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

Back up all data first.

If you're not already running the latest version of OS X, updating or upgrading in the App Store may cause the adware to be removed automatically. If you are already running the latest version, please log out or restart the computer. Again, some kinds of malware will be removed—not all. There is no such thing as automatic removal of all possible malware, either by OS X or by third-party software. That's why you can't rely on software to protect you.

If the malware is removed in your case, you'll still need to make changes to the way you use the computer to protect yourself from further attacks. Ask if you need guidance.

If the malware is not removed automatically, see below.

This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.

Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. The malware will be disabled temporarily.

Step 1

Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

          Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

Leave the folder open for now.

Step 2

Do as in Step 1 with this line:

/Library/LaunchAgents

The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

Step 3

Repeat with this line:

/Library/LaunchDaemons

This time the folder will be named "LaunchDaemons."

Step 4

Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

Step 5

If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

you mentioned you reinstalled the OS, was it a clean install and did you restore data? A clean install would not re-inherent any infection, or it would be very remote it could. Another application or rogue application could be the cause.

does this behavior happen on other browsers

have you reset any of them?

for Safari go to

Safari>Preferences>

from the Privacy tab

click "remove all website data..."

from the Security tab

go to "plug-in settings..." and remove anything that shouldn't be there

Quit Safari

reopen Safari using the SHIFT key.

If you're absolutely sure your Mac is 'clean', it might well be an infected router:

http://www.thesafemac.com/how-to-manage-a-hacked-wireless-router/

Safari – Popup takes over

Safari – Popup takes over (2)

Popup remover – Scam Zapper

Safari/Browsers - Eliminating browser redirects and advertisements

Safari/Browsers - Eliminating browser redirects and advertisements (2)