Firefox, Chrome infected

Discussion in 'Mac Apps and Mac App Store' started by Phil in ocala, Jul 23, 2017.

Tags:
  1. Phil in ocala, Jul 23, 2017
    Last edited by a moderator: Jul 24, 2017

    Phil in ocala macrumors 6502a

    Phil in ocala

    Joined:
    Jul 14, 2016
    #1
  2. TonyK macrumors 6502a

    TonyK

    Joined:
    May 24, 2009
    #2
    No way am I going to click that link.

    After the link loads, can you get to preferences for FF or Chrome and see what the default page is for a new browser/window? You likely need to do that, then delete all data in both browsers.

    Also, can you use Safari?
     
  3. AlexH macrumors 68000

    AlexH

    Joined:
    Mar 7, 2006
    #3
    I'm not a malware expert, so do your own research before taking my advice. But, if it were my machine, here's what I'd do.

    First, it'd probably be courteous to edit the link out of the post in case it actually does infect others. Second, Malwarebytes would be a good app to acquire and run. It's a malware removal tool. It's not bullet proof, and it might not solve your issue, but it's not a bad step to take. Third, I'd try going into the browsers' preferences and deleting all stored data like cookies and the like. Might flush out something mild from your system.
     
  4. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #4
    Moderator Note:

    OP > I neutered the link in your first post so others don't go to the page and have the same issue.
     
  5. PBMB, Jul 24, 2017
    Last edited: Jul 24, 2017

    PBMB macrumors regular

    Joined:
    Mar 19, 2015
    #5
    This is a great intervention but should not we know which character string you replaced? A sure way to avoid clicking on something like that, if we stumble upon it somewhere, is to know about it in the first place. I have not seen it, so perhaps it looks like a quite legitimate URL, which makes it extremely dangerous.

    You can just post the missing part independently and no one can accidentally click on it. Unless you fear that someone may exploit it in some way, or expose themselves to the same risk by manually restoring the initial link.
     
  6. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #6
    Since it appears to be malicious, I'd rather not have a way to access it from the the forums.
     
  7. hughm123 macrumors newbie

    Joined:
    Dec 3, 2014
    #7
    In addition to the other comments, the original reporter may want to go to a new profile for Firefox

    From the MacOS section of
    https://support.mozilla.org/en-US/k...refox-profiles#w_starting-the-profile-manager:

    1. Make sure firefox is not running
    2. Start Terminal from /Applications/Utilities
    3. In terminal, run: /Applications/Firefox.app/Contents/MacOS/firefox-bin -P
    4. When the window appears, click on "Create Profile" and then start Firefox with the new profile
    5. You will need to re-create preferences and plugins

    Either the first time or subsequently you should select "Use the selected profile at startup without asking" to make sure you use this new profile and don't need the profile manager when you start Firefox in future.

    Since a new profile will not have your old bookmarks, you will probably then want to open the bookmark manager via the "Bookmarks -> All bookmarks" menu, then "Restore" -> "Choose File" from the star menu 4th on the top left, and navigate to the most recent bookmarks backup in your old profile directory so you can restore the bookmarks.

    Assuming this works you can then abandon the old profile in case some other settings got changes as well as the home page
     
  8. Phil in ocala thread starter macrumors 6502a

    Phil in ocala

    Joined:
    Jul 14, 2016
    #8
    I took the best advice I got and downloaded MBAM-Mac.dmg...Malware bits...and used it.
    Their page has some great information about this issue...thanks to the guy who suggested it.
     
  9. Phil in ocala thread starter macrumors 6502a

    Phil in ocala

    Joined:
    Jul 14, 2016
    #9
    Update.....after running Maware bits...it came up again.
     
  10. hughm123 macrumors newbie

    Joined:
    Dec 3, 2014
    #10
    There are also some things you can check manually. With Firefox open, go to "about:preferences" in the URL bar.

    - Under general, the "Home Page" field will probably be this bad URL. Replace with "https://google.com/" or some other safe default, or click "Restore to Default". You may also want to set "When firefox starts" to something safe such as "show a blank page" -- if it's set to "open previous windows" then this may be causing the bad page to come back.

    - Then go to "about:addons" and then under "Plugins" and "Extensions", disable anything you don't explicitly recognize

    If this does not work and the bad values come back (which is possible since Malware Bytes failed) then the infection may be deeper. I would definitely recommend the new profile option I sent earlier since this is safer way to reset all preferences and plugins in case some other malicious settings have been changed.

    Finally if this does not work, you can try uninstalling Firefox/Chrome and re-installing. But the corrupted settings are probably in your username's preferences, not the app itself.

    Finally, when you get this fixed I would definitely recommend adding an extension like "NoScript" for Firefox or equivalent for Chrome for general browsing. These take a bit more work to enable scripts for sites where scripts are needed (including macrumors, only for comments). But the benefit is much less risk from Javascript security bugs during general browsing.
     

Share This Page