Spigot Malware on my Mac?

DuganRun said:

Recently my computer has started behaving odd, when I open my home page I'm given page: http://uk.search.yahoo.com/?fr=spigot-yhp sfmac&ilc=12&type=748931.

I've searched 'yahoo,spigot' in google and it points towards malware though I can't find anything that relates to safari or mac, I thought my computer was quite secure but I've scanned it with ClamXav and no infected files are found.

I've noticed my home page has been changed to the above address so is it simply a case of changing it back to what it was and not worry about my computer being infected?

Click to expand...

You don't have malware on your Mac.

1. Clear your browser's cache and cookies.
2. Set your home page to whatever page you want.
3. If you haven't already done so, try changing your DNS servers on your Mac and your router to OpenDNS servers. This will show you how: Why am I being redirected to other sites?.

GGJstudios said:

You don't have malware on your Mac.

Click to expand...

There is no way for you to know that for a fact.

throAU said:

There is no way for you to know that for a fact.

Click to expand...

DuganRun said:

I've scanned it with ClamXav and no infected files are found.

Click to expand...

ClamXAV detects all Mac OS X malware that exists in the wild.

GGJstudios said:

ClamXAV detects all Mac OS X malware that exists in the wild.

Click to expand...

Ever heard of a 0 day?
Know for a fact that his definitions are constantly updated and there was not a window of vulnerability?
Know for a fact that ClamXav was installed BEFORE the infection was suspected?


Whilst it is UNLIKELY, sticking your head in the sand with "macs don't get malware lalalala" is going to end in tears for you eventually.

Apple can and do write insecure code from time to time. The fact that the i-Devices have been jailbroken so often should be a clear indicator of this.

throAU said:

Ever heard of a 0 day?
Know for a fact that his definitions are constantly updated and there was not a window of vulnerability?
Know for a fact that ClamXav was installed BEFORE the infection was suspected?

Click to expand...

You're grasping at straws. I feel quite safe with my statement and you're welcome to try to prove me wrong.

throAU said:

Whilst it is UNLIKELY, sticking your head in the sand with "macs don't get malware lalalala" is going to end in tears for you eventually.

Click to expand...

I have never said Macs don't get malware. You've been around the forum long enough, you should know that by now.

throAU said:

Apple can and do write insecure code from time to time. The fact that the i-Devices have been jailbroken so often should be a clear indicator of this.

Click to expand...

More straws. This isn't an iDevice thread.

So, how is it that fully patched OS X has been hacked every year at pwn2own? By exploits that had not yet been released, and thus will not be in any anti virus package's definitions.

Again, i'm not saying it is LIKELY.

However, instantly dismissing problems as "no, you haven't been hacked", and assuming that the virus scanner knows about the malware that may on the box is misguided at best.


I bring up the i-devices because in theory they have the additional requirement of code-signing, which the mac does not have unless you run Lion or Mountain Lion with gatekeeper turned on. And they still get jailbroken.


What is your theory as to how the homepage got changed?


edit:
I do network security for a living, unexplained stuff randomly happening on machines is not something to be dismissed lightly.

throAU said:

So, how is it that fully patched OS X has been hacked every year at pwn2own?

Click to expand...

Hacking is not the same as malware.

throAU said:

However, instantly dismissing problems as "no, you haven't been hacked",

Click to expand...

I didn't say anything about hacking. I said the OP doesn't have malware. There's a significant difference.

throAU said:

assuming that the virus scanner knows about the malware that may on the box is misguided at best.

Click to expand...

I'm not assuming anything and a box has nothing to do with it. I know for a fact that ClamXAV detects all Mac OS X malware that exists in the wild.

You're still grasping at straws. The OP's issue has nothing to do with malware or hacking. If you can prove otherwise, be my guest.

throAU said:

unexplained stuff randomly happening on machines is not something to be dismissed lightly.

Click to expand...

The chances that an average Mac user will encounter malware is extremely remote. "Unexplained stuff randomly happening" is far more likely attributed to a user's action or lack of understanding how something is working on their Mac.

Hacking is accomplished exploiting a machine by using malicious software.

I.e., mal-ware.


Anwyay, I guess we can agree to disagree on this. No point arguing any further.

I'm getting the same problem. It happened to both my Chrome browser and my Safari browser. I created an account just to chime in that it's not a one-off issue.

I'm not sure what I did/downloaded for this to happen. I suppose it was about time such things were going to appear on Mac OS X.

tnzk said:

I'm getting the same problem. It happened to both my Chrome browser and my Safari browser. I created an account just to chime in that it's not a one-off issue.

I'm not sure what I did/downloaded for this to happen. I suppose it was about time such things were going to appear on Mac OS X.

Click to expand...

Did you follow the instructions in the 2nd post of this thread?

It usually comes from Vuze, which is a great P2P software, but a real pain in the xxx concerning hidden installations. It always tries to fool you into installing useless junk and recent updates change all browsers preferences without asking... : Spigot stuff, yahoo search engine etc.

It is not (apparently) very serious malware, just foolish junk imposed on users that do not know how to reset search preferences, but it IS malware all the same in my opinion.

This will force you to open and modify all the search options and welcome pages in all your browsers
----------

I have encountered the same issue but I guess I wasn't paying attention during the installation.
Anyway I was able to fix it by following the instructions i've found here: http://www.spigot.com/uninstall-mac-extensions.html and http://www.spigot.com/change-default-search.html
Hope this helps

throAU said:

Ever heard of a 0 day?
Know for a fact that his definitions are constantly updated and there was not a window of vulnerability?
Know for a fact that ClamXav was installed BEFORE the infection was suspected?


Whilst it is UNLIKELY, sticking your head in the sand with "macs don't get malware lalalala" is going to end in tears for you eventually.

Apple can and do write insecure code from time to time. The fact that the i-Devices have been jailbroken so often should be a clear indicator of this.

Click to expand...

Uhhhhhh.....

Yeah - ok.

I've now put my tinfoil hat on, and I'm wondering - can you answer this person's question about Spigot, or not?

Yes - I am being slightly glib, but - other than the 'scary' stuff, you don't offer anything helpful.

Why am I even here?

I have a Mac (I've had 'em since late 80's), and I've had this Spigot 'bupkes' now on my new MBP for the past couple of days. I'd remove it (ALL), but, then - I must be doing something, 'cos I'm getting it again.

So, my question is - to you - and anyone else who's out there:

• What are the possible ways Spigot's getting in, i.e., a particular site, or a piece of software/extension

• What's the best way to remove it (or, more accurately, lessen the chances of picking it up again?)


UPDATE: I just read - right after typing this - that the latest rash of 'Spigotitis infection' is coming from (drumroll, please) CNET.

If you're downloading software from them (as I did), and use their 'CNET Installer' (as I did), it's 'wrapped' up in a Spigot-spreading container.

I'm getting my crayon out - and, more if necessary - and letting CNET know.

library

Check ~/Library/Application Support/Spigot/ I removed this after I fixed the browsers and changed the DNS servers.
I used to love CNET.

Also had Spigot installed by the CNET installer while downloading/installing FontDoc app.
I only noticed it because it changed my homepage to the URL noted previously.
In addition to removing the directory ~/Library/Application Support/Spigot , I also removed 3 Safari extensions it installed. (see Safari/Preferences/Extensions)

Almost forget, when installing, I was asked about the installer wanting to access "my Contacts".

Hello,

My name is Robert, I'm a Spigot representative and I can help with some instructions on how to remove the Spigot Mac extensions.

Please check out this tutorial page:
http://www.spigot.com/uninstall-mac-extensions.html

If you have further issues please contact us.

Yahoo Homepage Chrome Issues

I recently downloaded a program of of cnet via the cnet downloader, and accidentally forgot to check off the box where it said "Change Default Search Engine to Yahoo". Like you guys my new chrome home page is now Yahoo, even though i have changed it back to Google. Any Suggestions. (Note* I also deleted Spigot extensions and spigot from my Library)

Hi,

use AdwareMedic.

Steer clear of CNet and etonic downloads. As many have found out, they come loaded with programs and changes that many did not want or know of.

Always download directly from Apple or the developer's website. And when it doubt, it would be a good idea to ask here before installing.

Re: Chrome Yahoo Hompage Issue

Unfortunately i used adware medic with no luck. I'm getting pretty frustrated. I hate yahoo and cnet now too. is there any way at all to remove yahoo as my home page? I know Im sounding frantic, but there has to be a way to fix Chrome. I had absolutely no issues rebounding with Safari.

µTorrent v1.8.7 has Spigot (Yahoo) built in!! They tell you!

Call me Stu,-Pid, found out the hard way on, ah lets call it March 1st old-fool's day. I was updating a few programs that where piling up and made a fast boo-boo what a mess.

When updating a Torrent program some how it fooled me into the lite version of µTorrent instead (do not use MacUpdates version) , the application even warns you it will be including Spigot dammit. I hurdled right through the install...
What it does...
It drills into the cracks of Safari, Firefox, Chrome and Opera(not sure Yet), but not iCab. Yes I have all the precautions, human error was number 1 here that day.

The integration that is now connecting all of the browsers together at the core of all the helpers of "Syncing" of having all of the machines that I run with the same Bookmarks search Engines now all changed to Yahoo and spigot. This is on the many machines I run and use in the Home Office..

What I found out is you cannot get rid of it (not so far), this Bitcoining mining machine uses the Torrents to mine at you computer's processing cycles and everything you call your own to bring revenues to who ever behind this foul scheme .

Luckily "Little Snitch" to the rescue.. Head them off at the pass.. Today I saw the Blacklisted China's IPs knocking at my door. Using the "Deny" button all the way.

So I am working thru the Clean Install, in the 20th day haul.

Yes, I use a VPN DNS support

I use a product called PrivateIntenetAssess (PIA) an OpenVPN type, I use to use OpenDNS a time ago, not sure what my falling out was. But it should do the trick..The PIA did help me discover the fact that I did have a Malware issue, but it was the way that it did it, they scared me, they stepped in on a search to tell me to call this 1-800 number to fix things..

Really not sure if it was fraud or what to do, so I did not call, I started learning more about the way to repair my on ownership of all things I own that day.

The PIA product does work on my iPhone and iPad as well as a VPN tunnel, there are other products out there but this works on all platforms and computers I use, including Linux (Ubuntu) and Windows 7, 8.x and 10 so far.