hbpix virus removal? (hbpix.dms file)

Can't find anything wrong there.

There are other possibilities:

Use safe mode to isolate issues with your Mac - Apple Support

• Determine if the problems exist in Safe Mode. Then, restart normally.

Use the following procedure to determine if the problem is internal or external to your Mac. Causes may involve your router, your ISP, the DNS Server(s) it uses, or certain user-configurable options.

1. Shut down your Mac.
2. Load macOS Recovery by holding ⌘ and r (two fingers) while you start your Mac with a third finger.
3. At the macOS Utilities screen, release those two fingers.
4. Choose Get Help Online.
5. Safari will launch, but it will lack your bookmarks, favorites, history and other preferences.

Determine if the problem persists while using Safari in that mode. After that, restart your Mac normally, and reply with your observations.

Do you already have this bottom check box on?

Even if you do, it doesn't block everything. It's a constant cat-and-mouse game between vendors such as Apple figuring out how to block popups, and those who want you to see the popups figure out how to get around the current blocks.

That, and sites do use popups for legitimate purposes. There are at least two I use for ordering supplies where popup blocking must be off, or you never see the ordering screens.

I don't have any extensions.

Now that is interesting. No browser extensions. As far as we can see, no unknown agents or daemons. But if the sites aren't generating the ads, then something must be on your system somewhere.

I'd have to guess at the moment that the sites are using JavaScript to create the popups. On the same Security tab of Safari shown above, turn off JavaScript. If the ads go away, that's exactly what it is. Unfortunately, JavaScript must be on for most of the web to function. Such as for the row of gray tabs at the top of this page.

JavaScript is also the current favorite of scammers who generate popups from their site that claim your Mac, iPhone, Galaxy, PC, you-name-it, is infected with xxx number of viruses. The popups are designed to use JavaScript to display the exact same popup when you close it, making it appear you're stuck on the site.

If JavaScript is indeed the issue, you can only do one of two things. Disable it before visiting the sites generating the ads, or simply stop using those sites.

what to do about a widespread virus that's been going around for months.

How would I get it? It doesn't seem to be so widespread that I have managed to get it.

Do you often download software from aggregating sites such as CNET, Softonic, Softpaedia, MacUpdate, etc? They all will bundle adware into their legitimate software downloads. That's how they generate revenue.

You will generally need some third-party software to remove the adware that you installed as the adware will plunk various bits of things in random places that is difficult to find or link back to the source app. They generally have many variants with differing file names, so it is difficult to post specific removal instructions. Much easier to use a program designed to remove the adware.

If Etrecheck does not detect it, then you may have to try MalwareBytes Anti-malware for Mac.

Adware is generally considered "legitimate" software, and you must install it yourself. You are often tricked into installing it, but you still must install it yourself. If you want to know the answer to my first question, read this User Tip: How to install adware

Where does this file get deposited on your Mac? For example, Downloads, or on your Desktop, or...?

I searched for any file containing "hbpix" on the Mac I happen to be using at the moment, and can't find one. Nearly all websites deposit files on Macs. They cannot cause unwanted behavior unless you actively participate by installing something that modifies its behavior. By agreeing to do that, by definition they cease to be unwanted Those files then proceed to do exactly what they say they're going to do—which is screw up their Macs. Still, plenty of people insist upon doing that. If they would only think before they click, that wouldn't occur. Thinking is hard... apparently.

Some websites are simply ill-mannered, but for most of them that's just the way they work.

Most the "solutions" you can find on Google are just websites shilling for MacKeeper

Most of the solutions found by conducting a web search will be advertisements for garbage products that should never be installed on any Mac. That's not surprising. Google search is probably the most popular vector for malware intrusion on Macs, because Google is not a search company, it's an advertising company. Dissemination of unbiased facts doesn't accrue revenue for anyone.

That's getting off subject. If you are looking for a solution more information is needed. Provide a representative website that deposits that file on a Mac, describe where it gets deposited on yours, and perhaps someone can help.

brsm1990 wrote:

The pop unders are back with a vengeance.

It's definitely adware. To learn how to recognize adware's appearance so that you don't make that mistake again, please read How to install adware.

If you don't want to install anything that's fine. Adware on the other hand is "installed" in that a confirmation dialog will appear asking you to read and agree to terms and conditions before any modifications to your Mac will occur. In other words you already installed something that you obviously don't want.

Eradicating adware is simple but if you are unwilling to use non-Apple software to identify it, then you'll have to methodically examine the contents of each of the following folders:

~/Library/LaunchAgents/

/Library/LaunchAgents/

/Library/LaunchDaemons/

/Library/Application Support/

To navigate to them, copy and paste each one of the above lines into the Finder's Go menu > Go to Folder... field.

You should be absolutely certain those folders contain nothing but items required for software that you want installed on your Mac. Apple installs only a few items in them so it should be easy to determine what they should contain. Post their contents if you are uncertain.

brsm1990 wrote:

I'll try thanks.

<Link Edited by Host>

Thanks for participating in the Apple Support Communities.

We’ve edited your posthbpix virus removal? (hbpix.dms file)because it contained link(s) that weren't directly related to the original poster's question. To read our terms and conditions for using the Communities site, see this page: Apple Support Communities - Terms of Use

We hope you’ll keep using our Support Communities forums. You can find more information about participating here: Apple Support Communities - Tutorials

We’ve included a copy of your original post below.

Thanks,
Apple Support Communities Staff

Apparently Apple thinks threads discussing the exact same problem in this forum and on reddit are worthy of censorship. Ridiculous.

Or they removed the link to reddit.

I don't have a sample to analyze and can't confirm if it is a virus or not. But I read some articles about it and think it might be a issue on web server side. Please try Adblock extension and let me know if the issue is still present.

Do you have cancer? Oh no? Well then it must not exist.

Why would that matter? I only asked how you managed to install a virus on your Mac. For instance, what website were you browsing when you got this problem.

It's pretty difficult to find a solution to a problem you cannot replicate.

I absolutely did not install this. I am extremely careful about what I install. I check the signatures of the software, only download from trusted sources etc. That's why I'm saying it's gotta be a virus.

You would have to have done something to install a virus, also. A virus spreads by infecting other files. Is that happening?

None of the references suggest that file is related to popups and such. They all just reference a file being downloaded, I imagine through javascript.

As infosee has suggested, it is likely some javascript ad exploit on the websites that is downloading the file. The popups are probably something else.

What you describe is not a virus. It could be adware, but it sounds more like a misbehaving website. What site are you visiting when you see this behavior? Is it always the same one?

Note that if you search these days for "xyz virus removal", where the "xyz" is anything that someone may ever have asked that question about, you're going to get a bunch of results telling you that yes indeed it is a virus. Most or all of those results will be scams, trying to get you to download some junk software to fix a problem that is, in most cases, not actually due to any kind of malware or adware.

Hello brsm1990,

This appears to be a "pixel bug". It may have other names as well. It is an image that consists of only a single transparent pixel. It is incorporated into an ad on various websites so that they can track ad impressions. There are a number of reasons why you would be seeing this as a separate download. It could be some security software that is interfering. It could be a problem on the web site hosting the ad or the web site hosting the image.

It is most definitely not a virus. Apple has included several layers of security protection built right into the macOS operating system. A file that downloads automatically like this is not a risk. Even if you double-click on a truly malicious file (which you shouldn't), Apple's security software would warn you that it was downloaded and might not be trustworthy. If you try to go ahead an open it, another level of protection will warn you that it isn't signed. If you persist and open it anyway, yet another level of security will ensure that it isn't something that is known to be malicious. If you were to persist in attempting to open such a file, and it was malicious, and you were really unlucky, then it is possible to be infected. But generally, you have to really work at it and try to become infected or just be really, really unlucky. And that only applies to malicious executables, which this pixel bug is not.

Unfortunately, Apple has chosen not to address the "grey market" of malicious software known as adware. Some of Apple's built-in protections will stop some adware. But sometimes the adware is just grey enough to bypass it just enough to trick you into installing it. For that reason, effective anti-adware apps like MalwareBytes are often recommended here on Apple Support Communities. Sometimes people just recommend it as a placebo. People are worried. They don't accept stories like what I just posted above and want 3rd party security protection. OK. So we recommend a tool that is known to work and usually does not cause problems like most 3rd party security software does. Sometimes they can't describe the problem well enough and people recommend my own app, EtreCheck, to get a better idea of what is going on. Since adware is a huge problem, EtreCheck will go ahead and offer to remove any adware it finds.

Unfortunately, there is nothing Apple can do to stop poorly-designed websites and ad servers. Any website can download a file to your machine like this. Most of them don't because that freaks people out. But in truth, this is how the world-wide-web works. You download an HTML file. That HTML file has references to scripts, stylesheets, advertisements, and images, all of which are downloaded next. If it all works properly, it all gets displayed in a pretty picture of cats in hats doing something funny. If something goes wrong, any of the above could be misdirected as a download file instead being properly processed and displayed. As big as the internet is, things are always going wrong.