Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

I got malware/spyware on my Mac?

M

mark28

macrumors 68000
Original poster
Jan 29, 2010
1,632
2
I installed Little Snitch and I could see info was trying to be send to

ad.br.doubleclick.net
a1399.b.akamai.net
adv.netshelter.net
ping.crowdsciene.com
d27qx2clk5noba.cloudfront.net

Does this mean I got spyware and if so, how do I remove it?
 
Those simply look to be ad servers. If you look up the server names this will become clear.
 
mark28 said:
Does this mean I got spyware and if so, how do I remove it?
Click to expand...

It depends on how you define spyware. Most (if not all) the sites you list are ad servers, and information collectors. They track where you visit, try to determine what your interests are, and provide you with targeted ads. Macrumors seems to use these "services". So do many other web sites.

I would consider this "spyware" of sorts. But they are pretty benign - I don't think they are collecting bank accounts information and stuff like that. Just personal information about your web browsing and buying habits. They do this by storing cookies on your computer, then retrieving them to see what you've been up to.

You could tell your browser not to accept cookies, but then you'd find a good portion of the web to be unusable. It is a curse of living in a "modern" society.
 
mark28 said:
ad.br.doubleclick.net
a1399.b.akamai.net
adv.netshelter.net
ping.crowdsciene.com
d27qx2clk5noba.cloudfront.net

Does this mean I got spyware and if so, how do I remove it?
Click to expand...
Those are neither malware or spyware. It's merely adware, which is not harmful, but only a nuisance. You can reset Safari, clearing cookies and cache to remove them. You can avoid most of that with a good ad-blocker such as Safari AdBlock (not the extension, but the older version 0.4.0) or SafariBlock.
Jolly Giant said:
you might find this article helpful.
Click to expand...
That article was written several years ago, and "Applies to Mac OS X 10.2 Jaguar through Mac OS X 10.5 Leopard". While some of the information is true, there are far more current sources of up-to-date information on malware as it relates to Mac OS X.

Mac Virus/Malware Info
 
Last edited:
Okay, so no stuff on my mac.

Anybody tell me what is happening here. This is just a little from the console around the time that my typing slowed to a crawl.

12/29/10 3:14:24 PM Firewall[79] Stealth Mode connection attempt to UDP 192.168.0.106:55008 from 68.87.68.162:53
12/29/10 3:14:30 PM Firewall[79] Deny cupsd data in from 10.211.55.2:631 to port 631 proto=17
112/29/10 3:16:03 PM Firewall[79] Deny nmbd data in from 192.168.0.120:137 to port 137 proto=17
12/29/10 3:16:06 PM Firewall[79] Stealth Mode connection attempt to UDP 192.168.0.106:53190 from 68.87.68.162:53
12/29/10 3:16:34 PM Firewall[79] Deny cupsd data in from 10.37.129.2:631 to port 631 proto=17
12/29/10 3:17:03 PM Firewall[79] Deny nmbd data in from 192.168.0.107:138 to port 138 proto=17
12/29/10 3:17:46 PM Firewall[79] Stealth Mode connection attempt to UDP 192.168.0.106:64120 from 68.87.68.162:53
12/29/10 3:17:49 PM Firewall[79] Stealth Mode connection attempt to UDP 192.168.0.106:55874 from 68.87.68.162:53
112/29/10 3:18:07 PM Firewall[79] Deny cupsd data in from 192.168.0.106:631 to port 631 proto=17
12/29/10 3:18:07 PM Firewall[79] Deny cupsd data in from 10.211.55.2:631 to port 631 proto=17
12/29/10 3:18:07 PM Firewall[79] Deny cupsd data in from 10.37.129.2:631 to port 631 proto=17
12/29/10 3:18:14 PM Firewall[79] Stealth Mode connection attempt to UDP 192.168.0.106:63344 from 68.87.68.162:53
 
nostresshere said:
12/29/10 3:14:24 PM Firewall[79] Stealth Mode connection attempt to UDP 192.168.0.106:55008 from 68.87.68.162:53
Click to expand...
This is just DNS. It shows up multiple times since you have multiple processes (55008, 53190, 64120, 55874, 63344) all trying to convert an Internet name to an IP address, and the DNS server at 68.87.68.162 (Comcast in Woodstock/Atlanta, GA) is replying.
12/29/10 3:14:30 PM Firewall[79] Deny cupsd data in from 10.211.55.2:631 to port 631 proto=17
Click to expand...
This is a machine somewhere within your ISP (I'm guessing Comcast, from the DNS query above) trying to connect to your print daemon. It has to be within your ISP, since addresses starting with "10.xxxx" are not Internet routable. There really isn't any reason your ISP should be trying to connect to your machine's print daemon.
112/29/10 3:16:03 PM Firewall[79] Deny nmbd data in from 192.168.0.120:137 to port 137 proto=17
Click to expand...
This is a machine on your local network trying to make a NETBIOS network connection. Do you have a Windows machine as well as a Mac?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back