Think I may have downloaded some bogus software

Discussion in 'Mac Applications and Mac App Store' started by snerkler, Jan 5, 2013.

  1. macrumors 6502a

    Joined:
    Feb 14, 2012
    #1
    My father in law put me onto this site (firstrow) where you can watch free football (soccer for the non-uk members). If you click to watch a match it asks if you want to download the desktop app, which I did. It's downloaded as a zip file, but when you open it and run installer it says it's installed, something very briefly flashes up in the dock, but then I can't find the software or desktop app anywhere.

    Could I have downloaded some dodgy software or am I just being paranoid. How can I check my system to remove the program (i've searched in finder) and scan for malware?

    Cheers.
     
  2. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    It appears to be legit. Look in your /Applications folder for SportHunterTV.
    Not paranoid. Just cautious, which is good. In this case, I don't think you have anything to worry about.
    The most effective method for complete app removal is manual deletion:

    If you still want to run antivirus for some reason, ClamXav (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges.

     
  3. thread starter macrumors 6502a

    Joined:
    Feb 14, 2012
    #3
    Many thanks for this, put my mind at rest and useful info. The sporthunter app is indeed there, wonder why it's a completely different name?

    Thanks again :)
     
  4. thread starter macrumors 6502a

    Joined:
    Feb 14, 2012
    #4
    I think my fears could have been realised. I've started getting dropdowndeals drop down ads when visiting certain forums that I've been using for years. When I googled dropdowndeals it says that it's malware. Does Clamxav scan for malware, spyware etc or is it just a virus scanner?

    When I search in finder for dropdowndeals I get this, but cannot delete (send to trash) any of the files.

    [​IMG]


    Any idea how to remove them?
     
  5. GGJstudios, Jan 9, 2013
    Last edited: Jan 9, 2013

    macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #5
    It scans for all forms of malware, but I seriously doubt you have any.

    Annoying deals popping up on your browser?
     
  6. thread starter macrumors 6502a

    Joined:
    Feb 14, 2012
    #6
    Thanks. I've just edited my post above btw.

    I'm actually wondering if it is malware, or if it's linked to the forum as I've noticed it's actually only on one that I use, M3cutters. Been using this site for a couple of years though.
     
  7. macrumors 6502a

    2012Tony2012

    Joined:
    Dec 2, 2012
    #7
    What is the best place to scan using ClamXav? The whole hard drive or just home folders? Where would something nasty install itself to?
     
  8. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #8
    If you want to scan, scan the whole hard drive.
     
  9. thread starter macrumors 6502a

    Joined:
    Feb 14, 2012
    #9
    This dropdowndeals problem does not appear to be like the other dropdowndeals malware I googled. The boxes are different, and do not behave in the way that the others do. On my system the drop down ad appears as a strip underneath the pictures or videos I post on forums, like this:-

    [​IMG]

    [​IMG]


    If I hover over 'x' to close it is says "close dropdowndeals shopping enhancer slideup"

    You may notice on the second picture that I've also been getting google keychain pop ups, could these be related?

    I've been running ClamXav for about an hour now and it's about 80% done, so far these are the only things it's brought up. Are these things I should be concerned about and need to be deleted/quarantined?

    [​IMG]

    This has only just started tonight after I posted a picture on the M3cutters forum, so I don't know if it is the site I originally posted, something from photobucket, something else, or not even malware? The only other thing I've downloaded recently is blueharvest, which I downloaded yesterday.

    ----------

    The ClamXav site recommends you don't scan the whole drive, see here (#7)
    http://www.clamxav.com/faq.php#Q7
     
  10. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #10
    No, you don't need to be concerned. The first item is a Windows app that cannot run on or affect your Mac. The second is an email, which you can delete.

    Check your browser extensions and plug-ins to make sure nothing is there that you don't want.
     
  11. thread starter macrumors 6502a

    Joined:
    Feb 14, 2012
    #11
    Thanks for your response. The scan has finished and revealed no further problems:

    [​IMG]


    Checking my extensions in chrome I found this:-

    [​IMG]

    Googling it reveals that yontoo could be the culprit, and is linked with dropdowndeals. Is it enough just to remove this extension, or will it have found itself into other places? With the scan I did not do the entire drive due to the recommendations on the ClamXav site (see above), but did scan the whole user directory. Is there anywhere else I need to scan?

    I don't know what the Gophoto extension is either so will delete this too. I think I'll delete the Allmytube and freehdsport.tv extensions too.
     
  12. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #12
    Deleting the extension should be enough. Try it and see.
     
  13. thread starter macrumors 6502a

    Joined:
    Feb 14, 2012
    #13
    Deleted and it's solved the problem. Is it unlikely to be elsewhere hidden in my system somewhere? Also, where could I have got this from and how do I prevent it in the future? I am generally very careful with what I download. The software I was worried about that I initially posted was a site recommended to me, and it was only when the desktop downloader didn't work that I started to be concerned.

    Is the google chrome keychain permission pop up unlikely to be linked?
     
  14. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #14
    Very unlikely.
    It could have been bundled with another extension you installed. You could have inadvertently clicked a pop-up, giving it permission to install. There are a number of possibilities.

    Make sure you're practicing safe computing, as described in the What security steps should I take? section of the Mac Virus/Malware FAQ.
     
  15. thread starter macrumors 6502a

    Joined:
    Feb 14, 2012
    #15
    Thanks very much for your help, very much appreciated. I've read that link before and do generally adhere to it :eek:

    ----------

    Oh, you mentioned that the .emlx file was an email, is there any way of finding ou which one before I delete it in case it's an email I want, or are all .emlx emails spam?
     
  16. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #16
    No, all .emlx files are not spam. It's just an email message. You should be able to double-click it to open it. As indicated, it's flagged as a phishing attempt, so it doesn't have any malware attached to it. Just don't click on embedded links and enter any personal information.
     
  17. thread starter macrumors 6502a

    Joined:
    Feb 14, 2012
    #17
    Thanks again :)
     

Share This Page