Go Back   MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Reply
 
Thread Tools Search this Thread Display Modes
Old Jan 5, 2013, 12:33 PM   #1
snerkler
macrumors 6502a
 
Join Date: Feb 2012
Think I may have downloaded some bogus software

My father in law put me onto this site (firstrow) where you can watch free football (soccer for the non-uk members). If you click to watch a match it asks if you want to download the desktop app, which I did. It's downloaded as a zip file, but when you open it and run installer it says it's installed, something very briefly flashes up in the dock, but then I can't find the software or desktop app anywhere.

Could I have downloaded some dodgy software or am I just being paranoid. How can I check my system to remove the program (i've searched in finder) and scan for malware?

Cheers.
snerkler is offline   0 Reply With Quote
Old Jan 5, 2013, 12:47 PM   #2
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by snerkler View Post
My father in law put me onto this site (firstrow) where you can watch free football (soccer for the non-uk members). If you click to watch a match it asks if you want to download the desktop app, which I did. It's downloaded as a zip file, but when you open it and run installer it says it's installed, something very briefly flashes up in the dock, but then I can't find the software or desktop app anywhere.
It appears to be legit. Look in your /Applications folder for SportHunterTV.
Quote:
Originally Posted by snerkler View Post
Could I have downloaded some dodgy software or am I just being paranoid.
Not paranoid. Just cautious, which is good. In this case, I don't think you have anything to worry about.
Quote:
Originally Posted by snerkler View Post
How can I check my system to remove the program (i've searched in finder) and scan for malware?
The most effective method for complete app removal is manual deletion:
Best way to FULLY DELETE a program
If you still want to run antivirus for some reason, ClamXav (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges.
Mac Virus/Malware FAQ
GGJstudios is offline   1 Reply With Quote
Old Jan 5, 2013, 01:22 PM   #3
snerkler
Thread Starter
macrumors 6502a
 
Join Date: Feb 2012
Quote:
Originally Posted by GGJstudios View Post
It appears to be legit. Look in your /Applications folder for SportHunterTV.

Not paranoid. Just cautious, which is good. In this case, I don't think you have anything to worry about.

The most effective method for complete app removal is manual deletion:
Best way to FULLY DELETE a program
If you still want to run antivirus for some reason, ClamXav (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges.
Mac Virus/Malware FAQ
Many thanks for this, put my mind at rest and useful info. The sporthunter app is indeed there, wonder why it's a completely different name?

Thanks again
snerkler is offline   0 Reply With Quote
Old Jan 9, 2013, 02:35 PM   #4
snerkler
Thread Starter
macrumors 6502a
 
Join Date: Feb 2012
I think my fears could have been realised. I've started getting dropdowndeals drop down ads when visiting certain forums that I've been using for years. When I googled dropdowndeals it says that it's malware. Does Clamxav scan for malware, spyware etc or is it just a virus scanner?

When I search in finder for dropdowndeals I get this, but cannot delete (send to trash) any of the files.




Any idea how to remove them?
snerkler is offline   0 Reply With Quote
Old Jan 9, 2013, 02:36 PM   #5
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by snerkler View Post
I think my fears could have been realised. I've started getting dropdowndeals drop down ads when visiting certain forums that I've been using for years. When I googled dropdowndeals it says that it's malware. Does Clamxav scan for malware, spyware etc or is it just a virus scanner?
It scans for all forms of malware, but I seriously doubt you have any.

Annoying deals popping up on your browser?

Last edited by GGJstudios; Jan 9, 2013 at 02:48 PM.
GGJstudios is offline   0 Reply With Quote
Old Jan 9, 2013, 02:42 PM   #6
snerkler
Thread Starter
macrumors 6502a
 
Join Date: Feb 2012
Quote:
Originally Posted by GGJstudios View Post
It scans for all forms of malware, but I seriously doubt you have any.
Thanks. I've just edited my post above btw.

I'm actually wondering if it is malware, or if it's linked to the forum as I've noticed it's actually only on one that I use, M3cutters. Been using this site for a couple of years though.
snerkler is offline   0 Reply With Quote
Old Jan 9, 2013, 02:48 PM   #7
2012Tony2012
macrumors 6502a
 
2012Tony2012's Avatar
 
Join Date: Dec 2012
Quote:
Originally Posted by GGJstudios View Post
It appears to be legit. Look in your /Applications folder for SportHunterTV.

Not paranoid. Just cautious, which is good. In this case, I don't think you have anything to worry about.

The most effective method for complete app removal is manual deletion:
Best way to FULLY DELETE a program
If you still want to run antivirus for some reason, ClamXav (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges.
Mac Virus/Malware FAQ
What is the best place to scan using ClamXav? The whole hard drive or just home folders? Where would something nasty install itself to?
2012Tony2012 is offline   0 Reply With Quote
Old Jan 9, 2013, 04:03 PM   #8
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by 2012Tony2012 View Post
What is the best place to scan using ClamXav? The whole hard drive or just home folders? Where would something nasty install itself to?
If you want to scan, scan the whole hard drive.
GGJstudios is offline   0 Reply With Quote
Old Jan 9, 2013, 04:08 PM   #9
snerkler
Thread Starter
macrumors 6502a
 
Join Date: Feb 2012
This dropdowndeals problem does not appear to be like the other dropdowndeals malware I googled. The boxes are different, and do not behave in the way that the others do. On my system the drop down ad appears as a strip underneath the pictures or videos I post on forums, like this:-






If I hover over 'x' to close it is says "close dropdowndeals shopping enhancer slideup"

You may notice on the second picture that I've also been getting google keychain pop ups, could these be related?

I've been running ClamXav for about an hour now and it's about 80% done, so far these are the only things it's brought up. Are these things I should be concerned about and need to be deleted/quarantined?



This has only just started tonight after I posted a picture on the M3cutters forum, so I don't know if it is the site I originally posted, something from photobucket, something else, or not even malware? The only other thing I've downloaded recently is blueharvest, which I downloaded yesterday.

----------

Quote:
Originally Posted by GGJstudios View Post
If you want to scan, scan the whole hard drive.
The ClamXav site recommends you don't scan the whole drive, see here (#7)
http://www.clamxav.com/faq.php#Q7
snerkler is offline   0 Reply With Quote
Old Jan 9, 2013, 04:10 PM   #10
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by snerkler View Post
I've been running ClamXav for about an hour now and it's about 80% done, so far these are the only things it's brought up. Are these things I should be concerned about and need to be deleted/quarantined?
No, you don't need to be concerned. The first item is a Windows app that cannot run on or affect your Mac. The second is an email, which you can delete.

Check your browser extensions and plug-ins to make sure nothing is there that you don't want.
GGJstudios is offline   0 Reply With Quote
Old Jan 9, 2013, 04:25 PM   #11
snerkler
Thread Starter
macrumors 6502a
 
Join Date: Feb 2012
Quote:
Originally Posted by GGJstudios View Post
No, you don't need to be concerned. The first item is a Windows app that cannot run on or affect your Mac. The second is an email, which you can delete.

Check your browser extensions and plug-ins to make sure nothing is there that you don't want.
Thanks for your response. The scan has finished and revealed no further problems:




Checking my extensions in chrome I found this:-



Googling it reveals that yontoo could be the culprit, and is linked with dropdowndeals. Is it enough just to remove this extension, or will it have found itself into other places? With the scan I did not do the entire drive due to the recommendations on the ClamXav site (see above), but did scan the whole user directory. Is there anywhere else I need to scan?

I don't know what the Gophoto extension is either so will delete this too. I think I'll delete the Allmytube and freehdsport.tv extensions too.
snerkler is offline   0 Reply With Quote
Old Jan 9, 2013, 04:26 PM   #12
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by snerkler View Post
Googling it reveals that yontoo could be the culprit, and is linked with dropdowndeals. Is it enough just to remove this extension, or will it have found itself into other places? .
Deleting the extension should be enough. Try it and see.
GGJstudios is offline   0 Reply With Quote
Old Jan 9, 2013, 04:30 PM   #13
snerkler
Thread Starter
macrumors 6502a
 
Join Date: Feb 2012
Quote:
Originally Posted by GGJstudios View Post
Deleting the extension should be enough. Try it and see.
Deleted and it's solved the problem. Is it unlikely to be elsewhere hidden in my system somewhere? Also, where could I have got this from and how do I prevent it in the future? I am generally very careful with what I download. The software I was worried about that I initially posted was a site recommended to me, and it was only when the desktop downloader didn't work that I started to be concerned.

Is the google chrome keychain permission pop up unlikely to be linked?
snerkler is offline   0 Reply With Quote
Old Jan 9, 2013, 04:33 PM   #14
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by snerkler View Post
Deleted and it's solved the problem. Is it unlikely to be elsewhere hidden in my system somewhere?
Very unlikely.
Quote:
Originally Posted by snerkler View Post
Also, where could I have got this from and how do I prevent it in the future?
It could have been bundled with another extension you installed. You could have inadvertently clicked a pop-up, giving it permission to install. There are a number of possibilities.

Make sure you're practicing safe computing, as described in the What security steps should I take? section of the Mac Virus/Malware FAQ.
GGJstudios is offline   0 Reply With Quote
Old Jan 9, 2013, 04:44 PM   #15
snerkler
Thread Starter
macrumors 6502a
 
Join Date: Feb 2012
Quote:
Originally Posted by GGJstudios View Post
Very unlikely.

It could have been bundled with another extension you installed. You could have inadvertently clicked a pop-up, giving it permission to install. There are a number of possibilities.

Make sure you're practicing safe computing, as described in the What security steps should I take? section of the Mac Virus/Malware FAQ.
Thanks very much for your help, very much appreciated. I've read that link before and do generally adhere to it

----------

Oh, you mentioned that the .emlx file was an email, is there any way of finding ou which one before I delete it in case it's an email I want, or are all .emlx emails spam?
snerkler is offline   0 Reply With Quote
Old Jan 9, 2013, 04:48 PM   #16
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by snerkler View Post
Oh, you mentioned that the .emlx file was an email, is there any way of finding ou which one before I delete it in case it's an email I want, or are all .emlx emails spam?
No, all .emlx files are not spam. It's just an email message. You should be able to double-click it to open it. As indicated, it's flagged as a phishing attempt, so it doesn't have any malware attached to it. Just don't click on embedded links and enter any personal information.
GGJstudios is offline   0 Reply With Quote
Old Jan 9, 2013, 04:51 PM   #17
snerkler
Thread Starter
macrumors 6502a
 
Join Date: Feb 2012
Quote:
Originally Posted by GGJstudios View Post
No, all .emlx files are not spam. It's just an email message. You should be able to double-click it to open it. As indicated, it's flagged as a phishing attempt, so it doesn't have any malware attached to it. Just don't click on embedded links and enter any personal information.
Thanks again
snerkler is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Where are Downloaded Software Updates Stored? leerkeller OS X 2 Aug 31, 2013 10:13 AM
Some Benchmarks Seem Totally Bogus! Tesselator Mac Pro 60 May 30, 2013 07:07 PM
It's pretty bogus - I can't cancel the data plan. puma1552 iPhone 53 Mar 24, 2013 05:36 PM
why the 9to5 mac part list is bogus... aPple nErd iMac 3 Jun 11, 2012 10:56 AM

Forum Jump

All times are GMT -5. The time now is 05:02 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC