hbpix virus removal? (hbpix.dms file)

brsm1990 wrote:

They removed two links about this same exact issue, one to another thread here, and one to a discussion on reddit.

I'm not sure what their reasons are. I suspect it is just a misunderstanding.

If you Google "hbpix.dms", one of the top hits is a reddit thread about this issue. The only thing noteworthy about that link is how useful and informative it is. Someone dug into that file and explained in detail what it was. It is a harmless grey pixel used for tracking.

I think think those pixel bugs are very ethical though. I recently had some lawyer draft a new privacy policy for my company. They included lots of standard boilerplate and part of that said that I might use a pixel bug (called a "spy pixel" in French). I removed that language. I might use some kind of analytics tool for tracking how people use my website, but I would never use a "spy pixel".

etresoft wrote:

I think think those pixel bugs are very ethical though. I recently had some lawyer draft a new privacy policy for my company. They included lots of standard boilerplate and part of that said that I might use a pixel bug (called a "spy pixel" in French). I removed that language. I might use some kind of analytics tool for tracking how people use my website, but I would never use a "spy pixel".

You think they're ethical? Or did you mean unethical?

If this is coming from, and only the same site when visited, stop going there.

Otherwise, no matter your claims that you did not install anything, you did. Otherwise, you wouldn't be seeing all of these ads. They can't come from nowhere.

Since you didn't find anything in the LaunchAgents and other folders, check the Extensions tabs of Safari, Firefox or Chrome. Whichever browser it is you're using. Disable all extensions. If the issue stops (it likely will), start turning them back on one at a time. When the problem returns, disable that extension again and delete it. There may be more than one, so test all of them.

I can think of legitimate uses for popups, but I can't think of a single legitimate use for popunders.

There isn't one. Legitimate sites don't use them. It makes the consumer feel you're hiding something. Which is exactly what the adware makers want. The more ads they can get fed to your computer, the more they get paid by the advertiser paying for the ad.

Hiding them under a browser window allows them to get more ads through before you notice it. If you notice them at all, such as by quitting the browser, which takes the ads off the screen with it. They were there, but you didn't even see them.

Since you're using Safari, open its preferences and click on the Extensions tab. Undo all checkmarks in the left column. Turn them back on one at a time and test to see which, if any, are producing the ads.

Oh! Wait. I keep forgetting this possibility. Your router may have been hacked. There's been a lot of this lately, too. If remote access is on, and you have an easy to guess user name and password, hackers can get into your router and set it up to do redirects and other annoying to dangerous changes. Such as every time you go to (example) usbank.com, it redirects you to a fake site set up to look like the real usbank.com site so they can capture your login ID and password.

Reset your router to factory conditions. This is usually done by either pressing a small recessed button in for 5 to 10 seconds, or clicking a reset button on one of its internal web pages. Check the router's manual to see what options it has for a reset.

If this turns out to be correct, you need to do two things with the router after resetting it. One, change the admin password to something much more difficult to guess. Two, go through its web pages and turn off all remote access "features".

brsm1990 wrote:

Now they are dormant again the last couple of days.

It is quite possible your ISP's systems were affected, and the cause was found and corrected. The way to isolate that potential cause is to temporarily use another ISP, such as a wireless "hotspot" created by an iPhone, or another wireless network.

If it should occur again, try the suggested troubleshooting methods I suggested. They would also help isolate the cause.

Apple doesn't block spam sites. This has no connection to security whatsoever. These are just ads. Whomever is running the ad network has just misconfigured their servers. Maybe it works on Windows and they've never noticed or cared that it downloads the spy pixel on Macs.

I know this has been done a couple of different ways, but please post an entire EtreCheck report. Don't selectively pull out text. You may not be showing what's causing the problem.

When EtreCheck finishes and shows the results, there's a button at the upper left to copy everything to the clipboard. Please paste that unedited output here.

I have the same problem as you, some websites download a strange file called hbpix.dms, every time i delete it but again it downloads automatically. I have macOS High Sierra 11.2 and i am using Safari. In fact i have a similar problem when i logout from my Office365 account, it downloads similar file called logout.dms, I think is a related issue. I thought it was a problem with High Sierra 11.1 but even after the update the problem still persists.

The file does nothing on Mac OSX, It does not communicate with any external website or something...

And it also does not run when double-clicked.

Looks like a ****** "Ad" done horribly wrong...

I also noticed that suddenly, MacKeeper Ads have vanished from websites that used to show it's ads non-stop before...

For me, it really looks like a file that advertisers like MacKeeper makes you download instead of opening and AD, so when you look for a solution for this "widespread" virus, the most common that shows up is to download MacKeeper for instance.