Backdoor Virus attack

Question

Backdoor Virus attack

I use the stock market feature on the MAC-OS Hi-Sierra menu bar and a few minutes ago I clicked to see how the market was doing, and I clicked on the symbol for JM Smucker (on my list of interested stocks) and when you do that, Yahoo! brings up the days quote and other info in safari. Looking at this, all of a sudden I get two warning messages on top of each other, one about a backdoor virus (don't ignore or something like that) and I don't remember, and then my screen starts to fill up with small icons appearing right to left, top to bottom and pushing my HD icon to the left but not other icons I leave on the desktop, and I immediately hit the computer switch to shut down. I did not know what was happening and I wasn't going to wait as this did not look ok. When I restarted the dialog box that came up asked if I wanted to reopen the program that was open (Safari) and I clicked no. The desktop had some 90 of these icons, 2 bytes and all were trashed and emptied. It appears that everything is OK, software works, nothing in my download folder.

I do not believe I clicked on anything while I moved my pointer about the Yahoo! page. But maybe this is some trick when passing over something. Things went so fast I have myself programed to abort at trouble and so don't have recall on all that I saw. Anyone in the community have any insight to this situation? A harmless elaborate ad that I did not let finish or something mean?

iMac, macOS High Sierra (10.13.5), 8GB on 27" 2GB on 17"

Posted on Jun 11, 2018 11:54 AM

Reply

Answer 1

Top-ranking reply

Radarhus

Level 4

3,048 points

Jun 11, 2018 9:45 PM in response to Charles Palenz

First of all, disable pop-ups in Safari: Preferences (for Safari) -> Security -> tick "Block pop-up windows". Secondly, these warnings are scams designed to trick you into installing malware (usually adware). Simply close those browser windows / tabs or force quit Safari if it happens again and check for adware (e.g. by using a free tool by Malwarebytes). There are more extensive user tips on such "warnings" and how to deal with them if you search support communities.

Reply

Answer 2

Old Toad

Level 10

215,334 points

Jun 11, 2018 9:53 PM in response to Charles Palenz

Also hold down the Shift key the next time you launch Safari.

To check to see if there were any malware/adware installed download and run Etrecheck. Copy and paste the results into your reply. Etrecheck is a diagnostic tool that was developed by one of the most respected users here in the ASC and recommended by Apple Support to provide a snapshot of the system and help identify the more obvious culprits that can adversely affect a Mac's performance.

Reply

Answer 3

Jun 12, 2018 6:35 AM in response to Old Toad

Ran Etrecheck and results below.

Looks like I'm clean of malware. Two crashing software, one is "SmartwareDriveService" a .exe file which I suppose should be deleted (I think its installed when I acquired one of my Western Digital HDs) and the other "SIMBL Agent.app" is from 2011, don't know what that is and maybe can be deleted too (its in the library, scripting). Stuffit version I have no longer runs under High Sierra (incompatible and I haven't deleted). The section labeled "user login items" in the report the only one I use is audio-hijack and the others are not. So I'm not sure what they are doing if anything.

Appreciate any suggestions.

Thank you OT

EtreCheck version: 4.3.2 (4D034)

Report generated: 2018-06-12 08:53:47

Download EtreCheck from https://etrecheck.com

Runtime: 3:50

Performance: Good

Problem: No problem - just checking

Major Issues: None

Minor Issues:

These issues do not need immediate attention but they may indicate future problem

Apps crashing - There have been numerous app crashes.

Clean up - There are orphan files that could be removed.

Small backup drive - Time Machine backup drive is too small.

Unsigned files - There is unsigned software installed. They appear to be legitimate

Vintage hardware - This machine may be considered vintage.

32-bit Apps - This machine has 32-bits apps that may have problems in the future.

Hardware Information:

iMac (27-inch, Mid 2010) - Vintage!

iMac Model: iMac11,3

1 2.93 GHz Intel Core i7 (i7) CPU: 4-core

8 GB RAM - Upgradeable

BANK 0/DIMM0 - 2 GB DDR3 1333 ok

BANK 1/DIMM0 - 2 GB DDR3 1333 ok

BANK 0/DIMM1 - 2 GB DDR3 1333 ok

BANK 1/DIMM1 - 2 GB DDR3 1333 ok

Video Information:

ATI Radeon HD 5750 - VRAM: 1024 MB

iMac 2560 x 1440

Drives:

disk0 - Hitachi HDS722020ALA330 2.00 TB (Mechanical)

Internal SATA 3 Gigabit Serial ATA

disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB

disk0s2 - Macintosh HD (Journaled HFS+) 2.00 TB

disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB

disk1 - Western Digital My Book 1.00 TB

External USB 480 Mbit/s

disk1s1 [Partition Map] 32 KB

disk1s3 - P*******0 (HFS+) 1.00 TB

disk2 - WD 2.00 TB

External FireWire

disk2s1 [Partition Map] 32 KB

disk2s3 - P********B (Journaled HFS+) 2.00 TB

Mounted Volumes:

disk0s2 - Macintosh HD 2.00 TB (931.91 GB free)

Journaled HFS+

Mount point: /

disk1s3 - P*******0 1.00 TB (458.72 GB free)

HFS+

Mount point: /Volumes/P*******0

disk2s3 - P********B 2.00 TB (2.25 GB free)

Journaled HFS+

Mount point: /Volumes/P********B

Network:

Interface en0: Ethernet

Interface en3: iPhone

Interface fw0: FireWire

Interface en1: AirPort

802.11 a/b/g/n

One IPv4 address

Interface en2: Bluetooth PAN

System Software:

macOS High Sierra 10.13.5 (17F77)

Time since boot: Less than an hour

System Load: 1.49 (1 min ago) 1.40 (5 min ago) 0.98 (15 min ago)

Security:

System Status

Gatekeeper Mac App Store and identified developers

System Integrity Protection Enabled

Unsigned Files:

Launchd: /Library/LaunchDaemons/com.westerndigital.WD-Drive-Manager-Installer

Executable: /Library/PrivilegedHelperTools/com.westerndigital.WD-Drive-Manager