Spigot Malware on my Mac?

Discussion in 'Mac Basics and Help' started by DuganRun, Dec 23, 2012.

  1. macrumors newbie

    Joined:
    Jun 28, 2012
    Location:
    Nottingham, England.
    #1
    Hello Forum,

    Recently my computer has started behaving odd, when I open my home page I'm given page: http://uk.search.yahoo.com/?fr=spigot-yhp sfmac&ilc=12&type=748931.

    I've searched 'yahoo,spigot' in google and it points towards malware though I can't find anything that relates to safari or mac, I thought my computer was quite secure but I've scanned it with ClamXav and no infected files are found.

    I've noticed my home page has been changed to the above address so is it simply a case of changing it back to what it was and not worry about my computer being infected?

    Thanks.
     
  2. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    You don't have malware on your Mac.
    1. Clear your browser's cache and cookies.
    2. Set your home page to whatever page you want.
    3. If you haven't already done so, try changing your DNS servers on your Mac and your router to OpenDNS servers. This will show you how: Why am I being redirected to other sites?.
     
  3. macrumors 68030

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #3
    There is no way for you to know that for a fact.
     
  4. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #4
    :apple:
    ClamXAV detects all Mac OS X malware that exists in the wild.
     
  5. macrumors 68030

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #5
    Ever heard of a 0 day?
    Know for a fact that his definitions are constantly updated and there was not a window of vulnerability?
    Know for a fact that ClamXav was installed BEFORE the infection was suspected?


    Whilst it is UNLIKELY, sticking your head in the sand with "macs don't get malware lalalala" is going to end in tears for you eventually.

    Apple can and do write insecure code from time to time. The fact that the i-Devices have been jailbroken so often should be a clear indicator of this.
     
  6. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #6
    You're grasping at straws. I feel quite safe with my statement and you're welcome to try to prove me wrong.
    I have never said Macs don't get malware. You've been around the forum long enough, you should know that by now.
    More straws. This isn't an iDevice thread.
     
  7. macrumors 68030

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #7
    So, how is it that fully patched OS X has been hacked every year at pwn2own? By exploits that had not yet been released, and thus will not be in any anti virus package's definitions.

    Again, i'm not saying it is LIKELY.

    However, instantly dismissing problems as "no, you haven't been hacked", and assuming that the virus scanner knows about the malware that may on the box is misguided at best.


    I bring up the i-devices because in theory they have the additional requirement of code-signing, which the mac does not have unless you run Lion or Mountain Lion with gatekeeper turned on. And they still get jailbroken.


    What is your theory as to how the homepage got changed?


    edit:
    I do network security for a living, unexplained stuff randomly happening on machines is not something to be dismissed lightly.
     
  8. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #8
    Hacking is not the same as malware.
    I didn't say anything about hacking. I said the OP doesn't have malware. There's a significant difference.
    I'm not assuming anything and a box has nothing to do with it. I know for a fact that ClamXAV detects all Mac OS X malware that exists in the wild.

    You're still grasping at straws. The OP's issue has nothing to do with malware or hacking. If you can prove otherwise, be my guest.
    The chances that an average Mac user will encounter malware is extremely remote. "Unexplained stuff randomly happening" is far more likely attributed to a user's action or lack of understanding how something is working on their Mac.
     
  9. macrumors 68030

    Joined:
    Feb 13, 2012
    Location:
    Perth, Western Australia
    #9
    Hacking is accomplished exploiting a machine by using malicious software.

    I.e., mal-ware.


    Anwyay, I guess we can agree to disagree on this. No point arguing any further.
     
  10. tnzk, Dec 24, 2012
    Last edited: Dec 24, 2012

    macrumors newbie

    Joined:
    Dec 24, 2012
    #10
    I'm getting the same problem. It happened to both my Chrome browser and my Safari browser. I created an account just to chime in that it's not a one-off issue.

    I'm not sure what I did/downloaded for this to happen. I suppose it was about time such things were going to appear on Mac OS X.
     
  11. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #11
    Did you follow the instructions in the 2nd post of this thread?
     
  12. pou
    macrumors newbie

    Joined:
    Dec 24, 2012
    #12
    It usually comes from Vuze, which is a great P2P software, but a real pain in the xxx concerning hidden installations. It always tries to fool you into installing useless junk and recent updates change all browsers preferences without asking... : Spigot stuff, yahoo search engine etc.

    It is not (apparently) very serious malware, just foolish junk imposed on users that do not know how to reset search preferences, but it IS malware all the same in my opinion.

    This will force you to open and modify all the search options and welcome pages in all your browsers
    ----------
     
  13. thread starter macrumors newbie

    Joined:
    Jun 28, 2012
    Location:
    Nottingham, England.
    #13
    That's exactly what it was, a vuze update or at least I thought it was.

    ----------

    Thanks GGJ.
     
  14. macrumors newbie

    Joined:
    Jun 3, 2013
    #14
  15. unowen, Nov 21, 2013
    Last edited: Nov 21, 2013

    macrumors newbie

    unowen

    Joined:
    Oct 2, 2011
    Location:
    NYC, Eliz. Bay, NSW, and 'Hell-A'
    #15
    Uhhhhhh.....

    Yeah - ok.

    I've now put my tinfoil hat on, and I'm wondering - can you answer this person's question about Spigot, or not?

    Yes - I am being slightly glib, but - other than the 'scary' stuff, you don't offer anything helpful.

    Why am I even here?

    I have a Mac (I've had 'em since late 80's), and I've had this Spigot 'bupkes' now on my new MBP for the past couple of days. I'd remove it (ALL), but, then - I must be doing something, 'cos I'm getting it again.

    So, my question is - to you - and anyone else who's out there:

    • What are the possible ways Spigot's getting in, i.e., a particular site, or a piece of software/extension

    • What's the best way to remove it (or, more accurately, lessen the chances of picking it up again?)


    UPDATE: I just read - right after typing this - that the latest rash of 'Spigotitis infection' is coming from (drumroll, please) CNET.

    If you're downloading software from them (as I did), and use their 'CNET Installer' (as I did), it's 'wrapped' up in a Spigot-spreading container.

    I'm getting my crayon out - and, more if necessary - and letting CNET know.
     
  16. macrumors newbie

    Joined:
    Apr 26, 2010
    #16
    library

    Check ~/Library/Application Support/Spigot/ I removed this after I fixed the browsers and changed the DNS servers.
    I used to love CNET.
     
  17. louie0817, Nov 28, 2013
    Last edited: Nov 28, 2013

    macrumors newbie

    Joined:
    Mar 20, 2013
    #17
    Also had Spigot installed by the CNET installer while downloading/installing FontDoc app.
    I only noticed it because it changed my homepage to the URL noted previously.
    In addition to removing the directory ~/Library/Application Support/Spigot , I also removed 3 Safari extensions it installed. (see Safari/Preferences/Extensions)

    Almost forget, when installing, I was asked about the installer wanting to access "my Contacts".
     
  18. macrumors newbie

    Joined:
    Jun 3, 2013
    #18
    Hello,

    My name is Robert, I'm a Spigot representative and I can help with some instructions on how to remove the Spigot Mac extensions.

    Please check out this tutorial page:
    http://www.spigot.com/uninstall-mac-extensions.html

    If you have further issues please contact us.
     
  19. macrumors newbie

    Joined:
    Mar 12, 2015
    #19
    Yahoo Homepage Chrome Issues

    I recently downloaded a program of of cnet via the cnet downloader, and accidentally forgot to check off the box where it said "Change Default Search Engine to Yahoo". Like you guys my new chrome home page is now Yahoo, even though i have changed it back to Google. Any Suggestions. (Note* I also deleted Spigot extensions and spigot from my Library)
     
  20. macrumors 68000

    Joined:
    Aug 24, 2013
    Location:
    Far from here
    #20
  21. macrumors 68030

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #21
    Steer clear of CNet and etonic downloads. As many have found out, they come loaded with programs and changes that many did not want or know of.

    Always download directly from Apple or the developer's website. And when it doubt, it would be a good idea to ask here before installing.
     
  22. macrumors newbie

    Joined:
    Mar 12, 2015
    #22
    Re: Chrome Yahoo Hompage Issue

    Unfortunately i used adware medic with no luck. I'm getting pretty frustrated. I hate yahoo and cnet now too. is there any way at all to remove yahoo as my home page? I know Im sounding frantic, but there has to be a way to fix Chrome. I had absolutely no issues rebounding with Safari.
     
  23. macrumors newbie

    Joined:
    Dec 11, 2011
    #23
    µTorrent v1.8.7 has Spigot (Yahoo) built in!! They tell you!

    Call me Stu,-Pid, found out the hard way on, ah lets call it March 1st old-fool's day. I was updating a few programs that where piling up and made a fast boo-boo what a mess.

    When updating a Torrent program some how it fooled me into the lite version of µTorrent instead (do not use MacUpdates version) , the application even warns you it will be including Spigot dammit. I hurdled right through the install...
    What it does...
    It drills into the cracks of Safari, Firefox, Chrome and Opera(not sure Yet), but not iCab. Yes I have all the precautions, human error was number 1 here that day.

    The integration that is now connecting all of the browsers together at the core of all the helpers of "Syncing" of having all of the machines that I run with the same Bookmarks search Engines now all changed to Yahoo and spigot. This is on the many machines I run and use in the Home Office..

    What I found out is you cannot get rid of it (not so far), this Bitcoining mining machine uses the Torrents to mine at you computer's processing cycles and everything you call your own to bring revenues to who ever behind this foul scheme .

    Luckily "Little Snitch" to the rescue.. Head them off at the pass.. Today I saw the Blacklisted China's IPs knocking at my door. Using the "Deny" button all the way.

    So I am working thru the Clean Install, in the 20th day haul.
     
  24. macrumors newbie

    Joined:
    Dec 11, 2011
    #24
    Yes, I use a VPN DNS support

    I use a product called PrivateIntenetAssess (PIA) an OpenVPN type, I use to use OpenDNS a time ago, not sure what my falling out was. But it should do the trick..The PIA did help me discover the fact that I did have a Malware issue, but it was the way that it did it, they scared me, they stepped in on a search to tell me to call this 1-800 number to fix things..

    Really not sure if it was fraud or what to do, so I did not call, I started learning more about the way to repair my on ownership of all things I own that day.

    The PIA product does work on my iPhone and iPad as well as a VPN tunnel, there are other products out there but this works on all platforms and computers I use, including Linux (Ubuntu) and Windows 7, 8.x and 10 so far.
     

Share This Page