Adware infecting ChromeSeems to be related to this: http://www.freezingcomputer.com/mth-soundsboozed

Discussion in 'Mac Basics and Help' started by badlarry, Jul 26, 2016.

  1. badlarry, Jul 26, 2016
    Last edited by a moderator: Jul 27, 2016

    badlarry macrumors newbie

    Joined:
    Apr 12, 2015
    #1
    Seems to be related to this:

    Code:
    http://www.freezingcomputer.com/mth-soundsboozed-com-virus-removal-help/#more-3590
    Using El Capitan and latest version of Chrome.

    Keeps trying to load that domain as a pop up. As well as that, when I click some links it will open that link a new tab and then open something like

    Code:
    http://greenwoodformula.com/vip/index7.php?affClickID=w4FKHAN404R0BJGUGE37U26I
    in the original tab.

    I’ve done some Googling and there aren’t any suspicious extensions for Chrome at all. Beyond that, I can’t seem to find any Mac specific advice.
     
  2. JohnDS macrumors 65816

    Joined:
    Oct 25, 2015
    #2
    It looks to me like those sites are trying to get you to download and buy suspicious software. They are probably pop-ups originating at specific sites you are visiting.

    You could block them using your hosts file.

    To do that, download and install the freeware TextWrangler:

    http://www.barebones.com/products/textwrangler/download.html

    Once you have downloaded it and installed it in your applications folder, click on the desktop to make sure you are Finder, then pull down the Go menu to Go To Folder.

    In the Go To Folder window, enter

    /etc

    and then hit return. This should open the hidden /etc folder.

    In that folder you will find a file called "hosts". Right-click on hosts and choose Open With, then Other, then TextWrangler.

    It should open a file that looks like this:

    ##
    ##
    # Host Database
    #
    # localhost is used to configure the loopback interface
    # when the system is booting. Do not change this entry.
    ##
    127.0.0.1 localhost
    255.255.255.255 broadcasthost
    ::1 localhost
    fe80::1%lo0 localhost
    You need to add two lines to the hosts file so that it looks like this:

    ##
    ##
    # Host Database
    #
    # localhost is used to configure the loopback interface
    # when the system is booting. Do not change this entry.
    ##
    127.0.0.1 localhost
    255.255.255.255 broadcast host
    0.0.0.0 www.freezingcomputer.com
    0.0.0.0 greenwoodformula.com
    ::1 localhost
    fe80::1%lo0 localhost
    Save the file and reboot your computer. Your computer should now no longer be able to access those two sites. You can add similar sites you want to block in a similar manner.
     
  3. badlarry thread starter macrumors newbie

    Joined:
    Apr 12, 2015
    #3
    Nope. As Soon as I open Chrome and load any site Chrome automatically starts to load these and a variety of other ad sites.
     
  4. JohnDS macrumors 65816

    Joined:
    Oct 25, 2015
    #4
  5. badlarry thread starter macrumors newbie

    Joined:
    Apr 12, 2015
    #6
    Cleared cookies and cache, nothing.

    Doesn't happen with Safari, only Chrome.

    Bit hesitant to redownload Chrome as I'm on a prepaid mobile broadband service.
     
  6. rshrugged macrumors 6502a

    Joined:
    Oct 11, 2015
    #7
    The 'greenwood' instance gets a lot of search hits as malware. Did you try MalwareBytes as @JohnDS suggested?

    Other things to try-
    Reset chrome:
    https://support.google.com/chrome/answer/2765944#mac
    What a reset affects: https://support.google.com/chrome/answer/3296214?hl=en
    -------------------------
    Create a new profile: https://support.google.com/chrome/answer/142059
     
  7. JohnDS macrumors 65816

    Joined:
    Oct 25, 2015
  8. badlarry thread starter macrumors newbie

    Joined:
    Apr 12, 2015
    #9
    I've tried MalwareBytes - it removed one threat but the problem remains.

    Weirdly enough it only affects one website theage.com.au (probably my most visited site)
    --- Post Merged, Aug 3, 2016 ---
    I just went through the 'reset chrome' option and it seems to have fixed the problem!

    Will report back if there are further issues.
    --- Post Merged, Aug 3, 2016 ---
    Executed the 'reset Chrome' option and it seems to have fixed the problem!
    --- Post Merged, Aug 3, 2016 ---
    Executed the 'reset Chrome' option and it seems to have fixed the problem!
    --- Post Merged, Aug 3, 2016 ---
    Executed the 'reset Chrome' option and it seems to have fixed the problem!
     

    Attached Files:

  9. JohnDS macrumors 65816

    Joined:
    Oct 25, 2015
    #10
    If it only affects the one site, then in all likelihood the popup is originating from that site and has nothing to do with software on your Mac.
     
  10. Beachguy macrumors 6502a

    Beachguy

    Joined:
    Nov 23, 2011
    #11
    You may also try starting your browser offline, and close the page once it times out trying to connect.
     
  11. badlarry thread starter macrumors newbie

    Joined:
    Apr 12, 2015
    #12
    Not sure if anyone saw the edit of my post but - I reset Chrome settings and that fixed the problem!
     
  12. badlarry thread starter macrumors newbie

    Joined:
    Apr 12, 2015
    #13
    It's back! After Chrome automatically updated I'm getting the problem again.

    Again, it's only theage.com.au
     

Share This Page