Think I may have downloaded some bogus software

[snerkler]

My father in law put me onto this site (firstrow) where you can watch free football (soccer for the non-uk members). If you click to watch a match it asks if you want to download the desktop app, which I did. It's downloaded as a zip file, but when you open it and run installer it says it's installed, something very briefly flashes up in the dock, but then I can't find the software or desktop app anywhere.

Could I have downloaded some dodgy software or am I just being paranoid. How can I check my system to remove the program (i've searched in finder) and scan for malware?

Cheers.

[GGJstudios]

Quote:

Originally Posted by snerkler

My father in law put me onto this site (firstrow) where you can watch free football (soccer for the non-uk members). If you click to watch a match it asks if you want to download the desktop app, which I did. It's downloaded as a zip file, but when you open it and run installer it says it's installed, something very briefly flashes up in the dock, but then I can't find the software or desktop app anywhere.

It appears to be legit. Look in your /Applications folder for SportHunterTV.

Quote:

Originally Posted by snerkler

Could I have downloaded some dodgy software or am I just being paranoid.

Not paranoid. Just cautious, which is good. In this case, I don't think you have anything to worry about.

Quote:

Originally Posted by snerkler

How can I check my system to remove the program (i've searched in finder) and scan for malware?

The most effective method for complete app removal is manual deletion:

Best way to FULLY DELETE a program

If you still want to run antivirus for some reason, ClamXav (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges.

Mac Virus/Malware FAQ

[snerkler]

Quote:

Originally Posted by GGJstudios

It appears to be legit. Look in your /Applications folder for SportHunterTV.

Not paranoid. Just cautious, which is good. In this case, I don't think you have anything to worry about.

The most effective method for complete app removal is manual deletion:

Best way to FULLY DELETE a program

If you still want to run antivirus for some reason, ClamXav (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges.

Mac Virus/Malware FAQ

Many thanks for this, put my mind at rest and useful info. The sporthunter app is indeed there, wonder why it's a completely different name?

Thanks again

[snerkler]

I think my fears could have been realised. I've started getting dropdowndeals drop down ads when visiting certain forums that I've been using for years. When I googled dropdowndeals it says that it's malware. Does Clamxav scan for malware, spyware etc or is it just a virus scanner?

When I search in finder for dropdowndeals I get this, but cannot delete (send to trash) any of the files.




Any idea how to remove them?

[GGJstudios]

Quote:

Originally Posted by snerkler

I think my fears could have been realised. I've started getting dropdowndeals drop down ads when visiting certain forums that I've been using for years. When I googled dropdowndeals it says that it's malware. Does Clamxav scan for malware, spyware etc or is it just a virus scanner?

It scans for all forms of malware, but I seriously doubt you have any.

Annoying deals popping up on your browser?

[snerkler]

Quote:

Originally Posted by GGJstudios

It scans for all forms of malware, but I seriously doubt you have any.

Thanks. I've just edited my post above btw.

I'm actually wondering if it is malware, or if it's linked to the forum as I've noticed it's actually only on one that I use, M3cutters. Been using this site for a couple of years though.

[2012Tony2012]

Quote:

Originally Posted by GGJstudios

It appears to be legit. Look in your /Applications folder for SportHunterTV.

Not paranoid. Just cautious, which is good. In this case, I don't think you have anything to worry about.

The most effective method for complete app removal is manual deletion:

Best way to FULLY DELETE a program

If you still want to run antivirus for some reason, ClamXav (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges.

Mac Virus/Malware FAQ

What is the best place to scan using ClamXav? The whole hard drive or just home folders? Where would something nasty install itself to?

[GGJstudios]

Quote:

Originally Posted by 2012Tony2012

What is the best place to scan using ClamXav? The whole hard drive or just home folders? Where would something nasty install itself to?

If you want to scan, scan the whole hard drive.

[snerkler]

This dropdowndeals problem does not appear to be like the other dropdowndeals malware I googled. The boxes are different, and do not behave in the way that the others do. On my system the drop down ad appears as a strip underneath the pictures or videos I post on forums, like this:-






If I hover over 'x' to close it is says "close dropdowndeals shopping enhancer slideup"

You may notice on the second picture that I've also been getting google keychain pop ups, could these be related?

I've been running ClamXav for about an hour now and it's about 80% done, so far these are the only things it's brought up. Are these things I should be concerned about and need to be deleted/quarantined?



This has only just started tonight after I posted a picture on the M3cutters forum, so I don't know if it is the site I originally posted, something from photobucket, something else, or not even malware? The only other thing I've downloaded recently is blueharvest, which I downloaded yesterday.

----------

Quote:

Originally Posted by GGJstudios

If you want to scan, scan the whole hard drive.

The ClamXav site recommends you don't scan the whole drive, see here (#7)
http://www.clamxav.com/faq.php#Q7

[GGJstudios]

Quote:

Originally Posted by snerkler

I've been running ClamXav for about an hour now and it's about 80% done, so far these are the only things it's brought up. Are these things I should be concerned about and need to be deleted/quarantined?

No, you don't need to be concerned. The first item is a Windows app that cannot run on or affect your Mac. The second is an email, which you can delete.

Check your browser extensions and plug-ins to make sure nothing is there that you don't want.

[snerkler]

Quote:

Originally Posted by GGJstudios

No, you don't need to be concerned. The first item is a Windows app that cannot run on or affect your Mac. The second is an email, which you can delete.

Check your browser extensions and plug-ins to make sure nothing is there that you don't want.

Thanks for your response. The scan has finished and revealed no further problems:




Checking my extensions in chrome I found this:-



Googling it reveals that yontoo could be the culprit, and is linked with dropdowndeals. Is it enough just to remove this extension, or will it have found itself into other places? With the scan I did not do the entire drive due to the recommendations on the ClamXav site (see above), but did scan the whole user directory. Is there anywhere else I need to scan?

I don't know what the Gophoto extension is either so will delete this too. I think I'll delete the Allmytube and freehdsport.tv extensions too.

[GGJstudios]

Quote:

Originally Posted by snerkler

Googling it reveals that yontoo could be the culprit, and is linked with dropdowndeals. Is it enough just to remove this extension, or will it have found itself into other places? .

Deleting the extension should be enough. Try it and see.

[snerkler]

Quote:

Originally Posted by GGJstudios

Deleting the extension should be enough. Try it and see.

Deleted and it's solved the problem. Is it unlikely to be elsewhere hidden in my system somewhere? Also, where could I have got this from and how do I prevent it in the future? I am generally very careful with what I download. The software I was worried about that I initially posted was a site recommended to me, and it was only when the desktop downloader didn't work that I started to be concerned.

Is the google chrome keychain permission pop up unlikely to be linked?

[GGJstudios]

Quote:

Originally Posted by snerkler

Deleted and it's solved the problem. Is it unlikely to be elsewhere hidden in my system somewhere?

Very unlikely.

Quote:

Originally Posted by snerkler

Also, where could I have got this from and how do I prevent it in the future?

It could have been bundled with another extension you installed. You could have inadvertently clicked a pop-up, giving it permission to install. There are a number of possibilities.

Make sure you're practicing safe computing, as described in the What security steps should I take? section of the Mac Virus/Malware FAQ.

[snerkler]

Quote:

Originally Posted by GGJstudios

Very unlikely.

It could have been bundled with another extension you installed. You could have inadvertently clicked a pop-up, giving it permission to install. There are a number of possibilities.

Make sure you're practicing safe computing, as described in the What security steps should I take? section of the Mac Virus/Malware FAQ.

Thanks very much for your help, very much appreciated. I've read that link before and do generally adhere to it

----------

Oh, you mentioned that the .emlx file was an email, is there any way of finding ou which one before I delete it in case it's an email I want, or are all .emlx emails spam?

[GGJstudios]

Quote:

Originally Posted by snerkler

Oh, you mentioned that the .emlx file was an email, is there any way of finding ou which one before I delete it in case it's an email I want, or are all .emlx emails spam?

No, all .emlx files are not spam. It's just an email message. You should be able to double-click it to open it. As indicated, it's flagged as a phishing attempt, so it doesn't have any malware attached to it. Just don't click on embedded links and enter any personal information.

[snerkler]

Quote:

Originally Posted by GGJstudios

No, all .emlx files are not spam. It's just an email message. You should be able to double-click it to open it. As indicated, it's flagged as a phishing attempt, so it doesn't have any malware attached to it. Just don't click on embedded links and enter any personal information.

Thanks again