Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Think I may have downloaded some bogus software

S

snerkler

macrumors 65816
Original poster
Feb 14, 2012
1,153
166
My father in law put me onto this site (firstrow) where you can watch free football (soccer for the non-uk members). If you click to watch a match it asks if you want to download the desktop app, which I did. It's downloaded as a zip file, but when you open it and run installer it says it's installed, something very briefly flashes up in the dock, but then I can't find the software or desktop app anywhere.

Could I have downloaded some dodgy software or am I just being paranoid. How can I check my system to remove the program (i've searched in finder) and scan for malware?

Cheers.
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,545
943
snerkler said:
My father in law put me onto this site (firstrow) where you can watch free football (soccer for the non-uk members). If you click to watch a match it asks if you want to download the desktop app, which I did. It's downloaded as a zip file, but when you open it and run installer it says it's installed, something very briefly flashes up in the dock, but then I can't find the software or desktop app anywhere.
Click to expand...
It appears to be legit. Look in your /Applications folder for SportHunterTV.
snerkler said:
Could I have downloaded some dodgy software or am I just being paranoid.
Click to expand...
Not paranoid. Just cautious, which is good. In this case, I don't think you have anything to worry about.
snerkler said:
How can I check my system to remove the program (i've searched in finder) and scan for malware?
Click to expand...
The most effective method for complete app removal is manual deletion:

If you still want to run antivirus for some reason, ClamXav (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges.

 
S

snerkler

macrumors 65816
Original poster
Feb 14, 2012
1,153
166
GGJstudios said:
It appears to be legit. Look in your /Applications folder for SportHunterTV.

Not paranoid. Just cautious, which is good. In this case, I don't think you have anything to worry about.

The most effective method for complete app removal is manual deletion:

If you still want to run antivirus for some reason, ClamXav (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges.

Click to expand...
Many thanks for this, put my mind at rest and useful info. The sporthunter app is indeed there, wonder why it's a completely different name?

Thanks again :)
 
S

snerkler

macrumors 65816
Original poster
Feb 14, 2012
1,153
166
I think my fears could have been realised. I've started getting dropdowndeals drop down ads when visiting certain forums that I've been using for years. When I googled dropdowndeals it says that it's malware. Does Clamxav scan for malware, spyware etc or is it just a virus scanner?

When I search in finder for dropdowndeals I get this, but cannot delete (send to trash) any of the files.

ScreenShot2013-01-09at203842.png



Any idea how to remove them?
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,545
943
snerkler said:
I think my fears could have been realised. I've started getting dropdowndeals drop down ads when visiting certain forums that I've been using for years. When I googled dropdowndeals it says that it's malware. Does Clamxav scan for malware, spyware etc or is it just a virus scanner?
Click to expand...
It scans for all forms of malware, but I seriously doubt you have any.

Annoying deals popping up on your browser?
 
Last edited:
S

snerkler

macrumors 65816
Original poster
Feb 14, 2012
1,153
166
GGJstudios said:
It scans for all forms of malware, but I seriously doubt you have any.
Click to expand...

Thanks. I've just edited my post above btw.

I'm actually wondering if it is malware, or if it's linked to the forum as I've noticed it's actually only on one that I use, M3cutters. Been using this site for a couple of years though.
 
2012Tony2012

2012Tony2012

macrumors 6502a
Dec 2, 2012
741
3
GGJstudios said:
It appears to be legit. Look in your /Applications folder for SportHunterTV.

Not paranoid. Just cautious, which is good. In this case, I don't think you have anything to worry about.

The most effective method for complete app removal is manual deletion:

If you still want to run antivirus for some reason, ClamXav (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges.

Click to expand...

What is the best place to scan using ClamXav? The whole hard drive or just home folders? Where would something nasty install itself to?
 
S

snerkler

macrumors 65816
Original poster
Feb 14, 2012
1,153
166
This dropdowndeals problem does not appear to be like the other dropdowndeals malware I googled. The boxes are different, and do not behave in the way that the others do. On my system the drop down ad appears as a strip underneath the pictures or videos I post on forums, like this:-

ScreenShot2013-01-09at214922.png


ScreenShot2013-01-09at215349.png



If I hover over 'x' to close it is says "close dropdowndeals shopping enhancer slideup"

You may notice on the second picture that I've also been getting google keychain pop ups, could these be related?

I've been running ClamXav for about an hour now and it's about 80% done, so far these are the only things it's brought up. Are these things I should be concerned about and need to be deleted/quarantined?

ScreenShot2013-01-09at220035.png


This has only just started tonight after I posted a picture on the M3cutters forum, so I don't know if it is the site I originally posted, something from photobucket, something else, or not even malware? The only other thing I've downloaded recently is blueharvest, which I downloaded yesterday.

----------
GGJstudios said:
If you want to scan, scan the whole hard drive.
Click to expand...

The ClamXav site recommends you don't scan the whole drive, see here (#7)
http://www.clamxav.com/faq.php#Q7
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,545
943
snerkler said:
I've been running ClamXav for about an hour now and it's about 80% done, so far these are the only things it's brought up. Are these things I should be concerned about and need to be deleted/quarantined?
Click to expand...
No, you don't need to be concerned. The first item is a Windows app that cannot run on or affect your Mac. The second is an email, which you can delete.

Check your browser extensions and plug-ins to make sure nothing is there that you don't want.
 
S

snerkler

macrumors 65816
Original poster
Feb 14, 2012
1,153
166
GGJstudios said:
No, you don't need to be concerned. The first item is a Windows app that cannot run on or affect your Mac. The second is an email, which you can delete.

Check your browser extensions and plug-ins to make sure nothing is there that you don't want.
Click to expand...

Thanks for your response. The scan has finished and revealed no further problems:

ScreenShot2013-01-09at221130.png



Checking my extensions in chrome I found this:-

ScreenShot2013-01-09at221456.png


Googling it reveals that yontoo could be the culprit, and is linked with dropdowndeals. Is it enough just to remove this extension, or will it have found itself into other places? With the scan I did not do the entire drive due to the recommendations on the ClamXav site (see above), but did scan the whole user directory. Is there anywhere else I need to scan?

I don't know what the Gophoto extension is either so will delete this too. I think I'll delete the Allmytube and freehdsport.tv extensions too.
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,545
943
snerkler said:
Googling it reveals that yontoo could be the culprit, and is linked with dropdowndeals. Is it enough just to remove this extension, or will it have found itself into other places? .
Click to expand...
Deleting the extension should be enough. Try it and see.
 
S

snerkler

macrumors 65816
Original poster
Feb 14, 2012
1,153
166
GGJstudios said:
Deleting the extension should be enough. Try it and see.
Click to expand...

Deleted and it's solved the problem. Is it unlikely to be elsewhere hidden in my system somewhere? Also, where could I have got this from and how do I prevent it in the future? I am generally very careful with what I download. The software I was worried about that I initially posted was a site recommended to me, and it was only when the desktop downloader didn't work that I started to be concerned.

Is the google chrome keychain permission pop up unlikely to be linked?
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,545
943
snerkler said:
Deleted and it's solved the problem. Is it unlikely to be elsewhere hidden in my system somewhere?
Click to expand...
Very unlikely.
snerkler said:
Also, where could I have got this from and how do I prevent it in the future?
Click to expand...
It could have been bundled with another extension you installed. You could have inadvertently clicked a pop-up, giving it permission to install. There are a number of possibilities.

Make sure you're practicing safe computing, as described in the What security steps should I take? section of the Mac Virus/Malware FAQ.
 
S

snerkler

macrumors 65816
Original poster
Feb 14, 2012
1,153
166
GGJstudios said:
Very unlikely.

It could have been bundled with another extension you installed. You could have inadvertently clicked a pop-up, giving it permission to install. There are a number of possibilities.

Make sure you're practicing safe computing, as described in the What security steps should I take? section of the Mac Virus/Malware FAQ.
Click to expand...

Thanks very much for your help, very much appreciated. I've read that link before and do generally adhere to it :eek:

----------

Oh, you mentioned that the .emlx file was an email, is there any way of finding ou which one before I delete it in case it's an email I want, or are all .emlx emails spam?
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,545
943
snerkler said:
Oh, you mentioned that the .emlx file was an email, is there any way of finding ou which one before I delete it in case it's an email I want, or are all .emlx emails spam?
Click to expand...
No, all .emlx files are not spam. It's just an email message. You should be able to double-click it to open it. As indicated, it's flagged as a phishing attempt, so it doesn't have any malware attached to it. Just don't click on embedded links and enter any personal information.
 
S

snerkler

macrumors 65816
Original poster
Feb 14, 2012
1,153
166
GGJstudios said:
No, all .emlx files are not spam. It's just an email message. You should be able to double-click it to open it. As indicated, it's flagged as a phishing attempt, so it doesn't have any malware attached to it. Just don't click on embedded links and enter any personal information.
Click to expand...

Thanks again :)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom