Flash Malware on Mavericks Mac

Discussion in 'OS X Mavericks (10.9)' started by wilsongt, Mar 5, 2014.

  1. wilsongt macrumors newbie

    Joined:
    Mar 5, 2014
    Location:
    England
    #1
    Hello

    I am being driven mad by the following:

    Macbook Pro
    Mavericks OSX 10.9.2
    Adobe FlashPlayer - up to date

    Symptoms
    1. On Safari or Chrome, cannot access google, facebook or youtube
    2. Constant Popup boxes 'WARNING, your flash player may be out of date. Please update to continue
    3. On getting to 'google.co.uk', presented with obvious fake screen to update flash player

    Tried so far
    1. Installed antivirus and avast. Fulls scans, nothing
    2. All my searches lead me to things like flash fake etc, which are only meant to affect old OS. Nothing about it affecting Maverick

    Any advice gratefully received!

    Regards
    Glenn
     
  2. Macman45 macrumors demi-god

    Macman45

    Joined:
    Jul 29, 2011
    Location:
    Somewhere Back In The Long Ago
    #2

    If you really think this is a malware issue ( which I doubt) install and run clamav from the App Store. It's not a real time scanner, so won't hog memory and is free.
     
  3. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #3
    That popup is likely a phishing scam trying to get you to click to redirect to a spam web site. It s odd it has blocked your browser access though.

    Try making a new temp admin account and login to that account and see if Safari works okay there. If it does, that tells us it is something about the browser settings/config in your current account.

    Try opening Safari then in the Safari menu go to Reset Safari... and check all the boxes then click reset. Also check in Safari preferences in the extensions tab to make sure you have not accidentally installed some odd extensions causing this.

    Maybe also try resetting your DNS settings to OpenDNS settings below.

    208.67.222.222
    208.67.220.220
     
  4. wilsongt thread starter macrumors newbie

    Joined:
    Mar 5, 2014
    Location:
    England
    #4
    Update

    Thank you very much for your responses. I'd reset Safari earlier, no difference I'm afraid. No has putting in the DNS addresses suggested changed things.

    The only thing that has helped to at least allow browsing (but no Facebook or youtube) is to change the default search engine to something than google e.g. Bing.

    Clamxav has gone right through without finding anything.

    I find it interesting(!) that this is on Mavericks OSX, I had thought it prevented things like this happening

    Regards
    Glenn

    PS. Same thing happening on family iPad.
     
  5. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #5
    Now that is odd. :confused:

    Try putting the OpenDNS settings in your router so that way all your devices use them.
     
  6. cal6n macrumors 68000

    cal6n

    Joined:
    Jul 25, 2004
    Location:
    Gloucester, UK
    #6
    Agreed, Weaselboy. Check the DNS settings in your router.

    Look here.
     
  7. alexino11 macrumors newbie

    alexino11

    Joined:
    Jan 31, 2014
    #7
    alternative browser?

    did you try same function using facebook app ?
    when that warning pops up try command + option + esc and see if there's a weird process in your active applications. this most likely is effect of a toolbar you have installed recently.
     
  8. LostSoul80 macrumors 68020

    LostSoul80

    Joined:
    Jan 25, 2009
    #8
    Have you tried Firefox?
    What's the exact error you get when trying to load Google, Youtube and Facebook?
    Are you sure you are connected to your router, and not to someone else's?
    Do other computers connected to that same router load successfully said websites?

    I'd be curious to see what happens if you click yes on the popups. Most certainly it won't require any password, but it'd let you trace from where the files are being downloaded from. It may be legit. Please answer the above questions.
     
  9. wilsongt thread starter macrumors newbie

    Joined:
    Mar 5, 2014
    Location:
    England
    #9
    Flash Malware - resolved

    Hello

    Sorry to take so long to respond. Part of the problem was that it is not our house, so limited access to router. Yes it does look like a DNS issue. As soon as I changed the DNS on the router to google's, the issue went away across all devices.

    The ISP is talk talk in the UK. Apparently their DNS are notoriously awful. How these linked into a fake flash update phishing site I have no idea.

    Thank you again to all, really appreciated

    Regards
    Glenn
     
  10. wilson7 macrumors newbie

    Joined:
    Oct 24, 2013
    #10
    The OP is correct it is a malware issue, though the attack is not on the computer for now, if you have not installed the FAKE update, the attack is a global on and it is your internet router that has the problem, you will need to reset your router read here for the fix

    How to Remove WARNING! Your Flash Player may be out of date. Please update to Continue

    Mind you all the sites saying you should uninstall or scan are fake as they dont really know what is going on.
     

Share This Page