Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Adware infecting ChromeSeems to be related to this: http://www.freezingcomputer.com/mth-soundsboozed

B

badlarry

macrumors newbie
Original poster
Apr 12, 2015
10
2
Seems to be related to this:

Code: 
http://www.freezingcomputer.com/mth-soundsboozed-com-virus-removal-help/#more-3590

Using El Capitan and latest version of Chrome.

Keeps trying to load that domain as a pop up. As well as that, when I click some links it will open that link a new tab and then open something like

Code: 
http://greenwoodformula.com/vip/index7.php?affClickID=w4FKHAN404R0BJGUGE37U26I

in the original tab.

I’ve done some Googling and there aren’t any suspicious extensions for Chrome at all. Beyond that, I can’t seem to find any Mac specific advice.
 
Last edited by a moderator:
It looks to me like those sites are trying to get you to download and buy suspicious software. They are probably pop-ups originating at specific sites you are visiting.

You could block them using your hosts file.

To do that, download and install the freeware TextWrangler:

http://www.barebones.com/products/textwrangler/download.html

Once you have downloaded it and installed it in your applications folder, click on the desktop to make sure you are Finder, then pull down the Go menu to Go To Folder.

In the Go To Folder window, enter

/etc

and then hit return. This should open the hidden /etc folder.

In that folder you will find a file called "hosts". Right-click on hosts and choose Open With, then Other, then TextWrangler.

It should open a file that looks like this:

##
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
You need to add two lines to the hosts file so that it looks like this:

##
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcast host
0.0.0.0 www.freezingcomputer.com
0.0.0.0 greenwoodformula.com
::1 localhost
fe80::1%lo0 localhost
Save the file and reboot your computer. Your computer should now no longer be able to access those two sites. You can add similar sites you want to block in a similar manner.
 
JohnDS said:
It looks to me like those sites are trying to get you to download and buy suspicious software. They are probably pop-ups originating at specific sites you are visiting.
Click to expand...

Nope. As Soon as I open Chrome and load any site Chrome automatically starts to load these and a variety of other ad sites.
 
Cleared cookies and cache, nothing.

Doesn't happen with Safari, only Chrome.

Bit hesitant to redownload Chrome as I'm on a prepaid mobile broadband service.
 
badlarry said:
Cleared cookies and cache, nothing.

Doesn't happen with Safari, only Chrome.

Bit hesitant to redownload Chrome as I'm on a prepaid mobile broadband service.
Click to expand...
The 'greenwood' instance gets a lot of search hits as malware. Did you try MalwareBytes as @JohnDS suggested?

Other things to try-
Reset chrome:
https://support.google.com/chrome/answer/2765944#mac
What a reset affects: https://support.google.com/chrome/answer/3296214?hl=en
-------------------------
Create a new profile: https://support.google.com/chrome/answer/142059
 
I've tried MalwareBytes - it removed one threat but the problem remains.

Weirdly enough it only affects one website theage.com.au (probably my most visited site)
[doublepost=1470228849][/doublepost]I just went through the 'reset chrome' option and it seems to have fixed the problem!

Will report back if there are further issues.
[doublepost=1470229046][/doublepost]Executed the 'reset Chrome' option and it seems to have fixed the problem!
[doublepost=1470229105][/doublepost]Executed the 'reset Chrome' option and it seems to have fixed the problem!
[doublepost=1470229593][/doublepost]Executed the 'reset Chrome' option and it seems to have fixed the problem!
 

Attachments

  • Screen Shot 2016-08-03 at 10.40.44 PM.png
    Screen Shot 2016-08-03 at 10.40.44 PM.png
    467.3 KB · Views: 112
If it only affects the one site, then in all likelihood the popup is originating from that site and has nothing to do with software on your Mac.
 
  • Like
Reactions: Beachguy
It's back! After Chrome automatically updated I'm getting the problem again.

Again, it's only theage.com.au
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back