Firefox, Chrome infected

TonyK

macrumors 65816
May 24, 2009
1,027
144
No way am I going to click that link.

After the link loads, can you get to preferences for FF or Chrome and see what the default page is for a new browser/window? You likely need to do that, then delete all data in both browsers.

Also, can you use Safari?
 

AlexH

macrumors 68020
Mar 7, 2006
2,035
3,151
I'm not a malware expert, so do your own research before taking my advice. But, if it were my machine, here's what I'd do.

First, it'd probably be courteous to edit the link out of the post in case it actually does infect others. Second, Malwarebytes would be a good app to acquire and run. It's a malware removal tool. It's not bullet proof, and it might not solve your issue, but it's not a bad step to take. Third, I'd try going into the browsers' preferences and deleting all stored data like cookies and the like. Might flush out something mild from your system.
 
  • Like
Reactions: arkitect

PBMB

macrumors regular
Mar 19, 2015
241
53
Moderator Note:

OP > I neutered the link in your first post so others don't go to the page and have the same issue.
This is a great intervention but should not we know which character string you replaced? A sure way to avoid clicking on something like that, if we stumble upon it somewhere, is to know about it in the first place. I have not seen it, so perhaps it looks like a quite legitimate URL, which makes it extremely dangerous.

You can just post the missing part independently and no one can accidentally click on it. Unless you fear that someone may exploit it in some way, or expose themselves to the same risk by manually restoring the initial link.
 
Last edited:

hughm123

macrumors newbie
Dec 3, 2014
28
11
In addition to the other comments, the original reporter may want to go to a new profile for Firefox

From the MacOS section of
https://support.mozilla.org/en-US/k...refox-profiles#w_starting-the-profile-manager:

1. Make sure firefox is not running
2. Start Terminal from /Applications/Utilities
3. In terminal, run: /Applications/Firefox.app/Contents/MacOS/firefox-bin -P
4. When the window appears, click on "Create Profile" and then start Firefox with the new profile
5. You will need to re-create preferences and plugins

Either the first time or subsequently you should select "Use the selected profile at startup without asking" to make sure you use this new profile and don't need the profile manager when you start Firefox in future.

Since a new profile will not have your old bookmarks, you will probably then want to open the bookmark manager via the "Bookmarks -> All bookmarks" menu, then "Restore" -> "Choose File" from the star menu 4th on the top left, and navigate to the most recent bookmarks backup in your old profile directory so you can restore the bookmarks.

Assuming this works you can then abandon the old profile in case some other settings got changes as well as the home page
 

Phil in ocala

Suspended
Original poster
Jul 14, 2016
728
325
I took the best advice I got and downloaded MBAM-Mac.dmg...Malware bits...and used it.
Their page has some great information about this issue...thanks to the guy who suggested it.
 

hughm123

macrumors newbie
Dec 3, 2014
28
11
There are also some things you can check manually. With Firefox open, go to "about:preferences" in the URL bar.

- Under general, the "Home Page" field will probably be this bad URL. Replace with "https://google.com/" or some other safe default, or click "Restore to Default". You may also want to set "When firefox starts" to something safe such as "show a blank page" -- if it's set to "open previous windows" then this may be causing the bad page to come back.

- Then go to "about:addons" and then under "Plugins" and "Extensions", disable anything you don't explicitly recognize

If this does not work and the bad values come back (which is possible since Malware Bytes failed) then the infection may be deeper. I would definitely recommend the new profile option I sent earlier since this is safer way to reset all preferences and plugins in case some other malicious settings have been changed.

Finally if this does not work, you can try uninstalling Firefox/Chrome and re-installing. But the corrupted settings are probably in your username's preferences, not the app itself.

Finally, when you get this fixed I would definitely recommend adding an extension like "NoScript" for Firefox or equivalent for Chrome for general browsing. These take a bit more work to enable scripts for sites where scripts are needed (including macrumors, only for comments). But the benefit is much less risk from Javascript security bugs during general browsing.
 
  • Like
Reactions: TonyK and AlexH
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.