Help concerning virus

[Pinkly Smooth]

I was surfing the internet with my iMac and was not looking at sites that seemed unsafe at all, and suddenly, a warning came up on my iMac saying it was infected with a virus, I pressed ok, it did a scan and then it disappeared. I don't know what happened. I phoned the shop I bought the iMac from and he told me not to worry and that it wasn't infected from a virus and was a pop-up of sorts and he said that if it was a normal windows computer it would have gotten infected but my iMac didn't get infected. I did a scan with Malwarebytes (the free version) after that and it said 'congratulations you are clean.'
please advise on what happened. I intend on taking my iMac to the store I bought it from, so the engineers and the people who work there can check my iMac for any such viruses and make sure it is ok.

 

[sjackson]

Download Avast and run a full scan.

 

[Pinkly Smooth]

Download Avast and run a full scan.

hi sjackson, I scanned just now with Malwarebytes and it says that I am clean, is that enough? do I need to download avast? Not too thrilled about downloading this third party software . The person I spoke with from the shop I bought the iMac from said that it is impossible for the iMac to get viruses.

 

[chrfr]

hi sjackson, I scanned just now with Malwarebytes and it says that I am clean, is that enough? do I need to download avast? Not too thrilled about downloading this third party software . The person I spoke with from the shop I bought the iMac from said that it is impossible for the iMac to get viruses.

You’re fine with Malwarebytes. What you saw was probably just a pop up on a particular website.

 

[chabig]

Don't click on those 'warnings' next time or ever again.

 

[casperes1996]

hi sjackson, I scanned just now with Malwarebytes and it says that I am clean, is that enough? do I need to download avast? Not too thrilled about downloading this third party software . The person I spoke with from the shop I bought the iMac from said that it is impossible for the iMac to get viruses.

"Impossible" is entirely false. "Improbable" is very true though. macOS is rather secure, and furthermore, most malicious software is written with Windows in mind, so won't run on Macs in the first place. It is possible to get a virus, but not likely.
Never trust pop-ups like that though. They usually just want to trick you into buying something. If Safari's (or your browser of choice) downloads tab doesn't show anything downloaded, you really shouldn't worry. If something has been downloaded, check the file type and remove it. If it's an exe you're again entirely safe. If it's a .dmg, as long as you didn't run whatever is inside it, you're again safe. It'd have to be really rather clever to autoexecute code. Plus, if you didn't enter your admin password, it'll have very limited access to your system, and won't be able to cause much harm at all even if it tries.

 

[Pinkly Smooth]

"Impossible" is entirely false. "Improbable" is very true though. macOS is rather secure, and furthermore, most malicious software is written with Windows in mind, so won't run on Macs in the first place. It is possible to get a virus, but not likely.
Never trust pop-ups like that though. They usually just want to trick you into buying something. If Safari's (or your browser of choice) downloads tab doesn't show anything downloaded, you really shouldn't worry. If something has been downloaded, check the file type and remove it. If it's an exe you're again entirely safe. If it's a .dmg, as long as you didn't run whatever is inside it, you're again safe. It'd have to be really rather clever to autoexecute code. Plus, if you didn't enter your admin password, it'll have very limited access to your system, and won't be able to cause much harm at all even if it tries.

Thank you for your help. I use safari, and I am not too skilled in apple as this iMac I own is the only apple computer I ever owned and I didn't get it too long ago. How do I check safari's download tab? How do I check if something has been downloaded? I am trying to say, if I did download something potentially bad for the computer, how do I check the file type and remove it? Thank you.

 

[casperes1996]

Thank you for your help. I use safari, and I am not too skilled in apple as this iMac I own is the only apple computer I ever owned and I didn't get it too long ago. How do I check safari's download tab? How do I check if something has been downloaded? I am trying to say, if I did download something potentially bad for the computer, how do I check the file type and remove it? Thank you.

In the View Menu in the Menu bar, there's a button called "Show Downloads". You can also add this button to the title bar of Safari for easy access . The file type will be a regular extension. Like "poker.txt" for a text file.
All downloaded items will also appear in the Downloads folder, but just in case whatever may or may not have been downloaded automatically deleted itself from the downloads folder, checking Safari's download log is the best way of checking

 

[Pinkly Smooth]

In the View Menu in the Menu bar, there's a button called "Show Downloads". You can also add this button to the title bar of Safari for easy access . The file type will be a regular extension. Like "poker.txt" for a text file.
All downloaded items will also appear in the Downloads folder, but just in case whatever may or may not have been downloaded automatically deleted itself from the downloads folder, checking Safari's download log is the best way of checking

I don't know if I picked anything up from that pop-up as I looked at the list of downloads, but only found three on the list that had dmg at the end of the title . One of them is 'Malwarebytes-3.0.3.433.dmg' and the other, 'SmartSwitch4Mac_setup.dmg' and the other, 'intsall_flash_player_osx.dmg' Am I at risk here? Do I get rid of them by pressing the button, 'move to trash'?

 

[GGJstudios]

I was surfing the internet with my iMac and was not looking at sites that seemed unsafe at all, and suddenly, a warning came up on my iMac saying it was infected with a virus, I pressed ok, it did a scan and then it disappeared. I don't know what happened. I phoned the shop I bought the iMac from and he told me not to worry and that it wasn't infected from a virus and was a pop-up of sorts and he said that if it was a normal windows computer it would have gotten infected but my iMac didn't get infected. I did a scan with Malwarebytes (the free version) after that and it said 'congratulations you are clean.'
please advise on what happened. I intend on taking my iMac to the store I bought it from, so the engineers and the people who work there can check my iMac for any such viruses and make sure it is ok.

First, there has never been a virus in the wild that can infect macOS. What you saw was a pop-up advertising. No website can determine if there is malware on any computer. You would have to download and install software to perform such a scan. When you see these things in the future, just close your browser window and clear your cache and cookies. Your Mac is fine.

Download Avast and run a full scan.

Not necessary.

"Impossible" is entirely false. "Improbable" is very true though. macOS is rather secure, and furthermore, most malicious software is written with Windows in mind, so won't run on Macs in the first place. It is possible to get a virus, but not likely.

macOS isn't immune to virus infection, but since no macOS virus has ever existed in the wild, it's impossible at this point in time for a Mac to be infected with a virus. Of course, that says nothing about what could happen in the future.

 

[Pinkly Smooth]

First, there has never been a virus in the wild that can infect macOS. What you saw was a pop-up advertising. No website can determine if there is malware on any computer. You would have to download and install software to perform such a scan. When you see these things in the future, just close your browser window and clear your cache and cookies. Your Mac is fine.

Not necessary.

macOS isn't immune to virus infection, but since no macOS virus has ever existed in the wild, it's impossible at this point in time for a Mac to be infected with a virus. Of course, that says nothing about what could happen in the future.

Thanks for the reply. How do I clear the cache and cookies?

 

[GGJstudios]

Thanks for the reply. How do I clear the cache and cookies?

If you're using Safari:

If you're using Chrome:

 

[Ulenspiegel]

Thanks for the reply. How do I clear the cache and cookies?

1). "Preferences" → "Privacy" → "Remove All Website Data".
2). "Preferences" → "Advanced" → "Show Develop menu in menu bar" → "Develop" → "Empty Caches".

P.S.: You are safe, if you run Malwarebytes from time to time and use an adblocker, like Adguard, uBlock Origin etc. (If you installed the chosen adblocker, I will help you to set the necessary filters).
To cite GGJstudios: "100% of that malware can be avoided by practicing safe computing".

 

[casperes1996]

macOS isn't immune to virus infection, but since no macOS virus has ever existed in the wild, it's impossible at this point in time for a Mac to be infected with a virus. Of course, that says nothing about what could happen in the future.

This is false.
First of all, we need to just separate a few different terms.
Malicious software, or malware, isn't the same as a virus (I expect you know this but clarifying for others). A virus is a subcategory of malware, but there are other types of bad software. Even if we accept your claim that no virus has been found in the wild for macOS, there's still malicious software.

Now let's tackle the claim that no virus has been found.
What about OSX/Shlayer? Or OSX/Pirrit? - I recognise Apple has upgraded XProtect to handle these, but they were still out there.
https://www.macworld.co.uk/feature/mac-software/mac-viruses-malware-security-3668354/
https://macpaw.com/how-to/known-mac-viruses-malware-security-flaws

 

[19SK91]

I don't know if I picked anything up from that pop-up as I looked at the list of downloads, but only found three on the list that had dmg at the end of the title . One of them is 'Malwarebytes-3.0.3.433.dmg' and the other, 'SmartSwitch4Mac_setup.dmg' and the other, 'intsall_flash_player_osx.dmg' Am I at risk here? Do I get rid of them by pressing the button, 'move to trash'?

Well have you downloaded all three of those or not? My guess would be that the flash installer was downloaded as I‘ve seen that before. Just don‘t run it and don‘t click random pop-ups anymore in the future.

 

[GGJstudios]

This is false.
First of all, we need to just separate a few different terms.
Malicious software, or malware, isn't the same as a virus (I expect you know this but clarifying for others). A virus is a subcategory of malware, but there are other types of bad software. Even if we accept your claim that no virus has been found in the wild for macOS, there's still malicious software.

My post is not false at all. I know that a virus and a trojan are different types of malware that require different defenses, and I never claimed there is no macOS malware. I said there is no macOS virus in the wild, so it is currently impossible for a Mac to be infected by a virus. Antivirus software will not prevent a user from knowingly or unwittingly installing a trojan.

Now let's tackle the claim that no virus has been found.
What about OSX/Shlayer? Or OSX/Pirrit? - I recognise Apple has upgraded XProtect to handle these, but they were still out there.
https://www.macworld.co.uk/feature/mac-software/mac-viruses-malware-security-3668354/
https://macpaw.com/how-to/known-mac-viruses-malware-security-flaws

Not a single macOS virus is mentioned in those links, despite the false labeling. I factually repeat: There has never been a macOS virus in the wild. There are other types of macOS malware in the wild, all of which can be avoided by prudent user action.

 

[casperes1996]

My post is not false at all. I know that a virus and a trojan are different types of malware that require different defenses, and I never claimed there is no macOS malware. I said there is no macOS virus in the wild, so it is currently impossible for a Mac to be infected by a virus. Antivirus software will not prevent a user from knowingly or unwittingly installing a trojan.

Not a single macOS virus is mentioned in those links, despite the false labeling. I factually repeat: There has never been a macOS virus in the wild. There are other types of macOS malware in the wild, all of which can be avoided by prudent user action.

Let's just agree on something here. - A virus is a piece of software (or in other ways code injection) that can self-replicate and cause harm, yes?
Pirrit gets root, yes? With root, it can modify executables, and thus self-replicate. This may be pedantic and a bit anal, but as far as I can tell, the definition of a virus does not claim that the software does self-replicate, only that it is capable. If asked by a controlling C&C server, Pirrit could self-replicate.
Now granted, the articles do mislabel malware as virus, like the Macros from office or the Safari-get one.

Regardless of all this though, when the average joe says virus, it's an all-encompassing term meaning malware, and to that end a Mac has indeed seen attacks, although far from the numbers on Windows.

PS. If you disagree with classifying Pirrit as a virus, is it because you disagree with my assesment of the definition of virus, or you disagree with my assesment of Pirrit's behaviour?

 

[Pinkly Smooth]

Thanks guys. The thing is, I had downloaded before some time adblocker and ghostly, but cannot locate them on my iMac. Can someone point me in the right direction where I can locate them on my iMac? I understand adblocker helps with the situation I found myself in that started this thread.

 

[Ulenspiegel]

If you use Safari, you can check the download folder in "Preferences" → "General".

 

[nambuccaheadsau]

And any extensions you need are in Safari > Safari Extensions. Give AVAST a big miss and what you need are an ad block and Ghostery. When installed, they appear is Safari > Preferences > Extensions, the second last listing in Safari Preferences.

AV companies are making a lot of money naming malware as 'viruses' to convince Mac users into buying their junk.

 

[Pinkly Smooth]

If you use Safari, you can check the download folder in "Preferences" → "General".

I did that and nothing concerning ghostly and Adblock came up. strange. I remember having both on my iMac, and they were both visible on the screen, but I think I minimised them from being visible on the screen, so they should still be on my iMac

 

[Ulenspiegel]

Ok, then please follow nambuccaheadsau's advise, i.e. in Safari: "Safari" → "Safari extensions" and there search for Adguard and install it.

 

[GGJstudios]

Let's just agree on something here. - A virus is a piece of software (or in other ways code injection) that can self-replicate and cause harm, yes?
Pirrit gets root, yes? With root, it can modify executables, and thus self-replicate.

Pirrit does not replicate itself to spread to other computers. It is adware that uses Apple scripting to flood the user with ads and can install other software. As the site you linked states, "OSX/Pirrit was apparently hidden in cracked versions of Microsoft Office or Adobe Photoshop found online.", which means it's a Trojan that could easily be avoided by not installing pirated software. It is not a virus.

Regardless of all this though, when the average joe says virus, it's an all-encompassing term meaning malware, and to that end a Mac has indeed seen attacks, although far from the numbers on Windows.

"Virus" and "Trojan" and "malware" are specific terms with specific definitions. Just because someone misuses those words doesn't change their meaning. A virus is a form of malware, but not all malware can be accurately called a virus. As I've stated before, there is macOS malware in the wild. There has never been a macOS virus in the wild.

PS. If you disagree with classifying Pirrit as a virus, is it because you disagree with my assesment of the definition of virus, or you disagree with my assesment of Pirrit's behaviour?

Pirrit, by any accurate definition, is not a virus.

https://threatpost.com/mac-adware-osx-pirrit-unleashes-ad-overload-for-now/117273/

“OSX.Pirrit didn’t use any exploits to compromise a Mac. It infiltrated machines by using a simple social engineering trick to deceive people into providing their log-in credentials for a fake update, possibly for Flash,” he wrote.

That's not how a virus spreads.

 

[casperes1996]

I did that and nothing concerning ghostly and Adblock came up. strange. I remember having both on my iMac, and they were both visible on the screen, but I think I minimised them from being visible on the screen, so they should still be on my iMac

Minimised them? Well, a window minimised goes to the right hand side of the Dock, but unless you minimised the installer dmg's from Finder, I don't quite think you can minimise extensions, since they're part of the Safari view, and not their own thing.
[doublepost=1536439694][/doublepost]

Pirrit does not replicate itself to spread to other computers. It is adware that uses Apple scripting to flood the user with ads and can install other software. As the site you linked states, "OSX/Pirrit was apparently hidden in cracked versions of Microsoft Office or Adobe Photoshop found online.", which means it's a Trojan that could easily be avoided by not installing pirated software. It is not a virus.

"Virus" and "Trojan" and "malware" are specific terms with specific definitions. Just because someone misuses those words doesn't change their meaning. A virus is a form of malware, but not all malware can be accurately called a virus. As I've stated before, there is macOS malware in the wild. There has never been a macOS virus in the wild.

Pirrit, by any accurate definition, is not a virus.

With all this taken into consideration, I shall retract my original statement - You are correct then . Thanks for the correction. - Even though I couldn't find it by searching around, I was sure I had heard about an actual virus a long time back, but I guess I'm mistaken. When I brought Pirrit and Shlayer into the conversation, it was because it was what I found Googling, and I figured that since they had been repeatedly called vira, they probably had a self replicating aspect, and the description was vague enough that it could be possible - I ignored the other threats from the articles since they clearly weren't vira.

Now that that's out of the way - to anybody reading this - No virus being publicly distributed for macOS (to our knowledge) doesn't mean you shouldn't practice safe computing, since, as it seems we can all agree on, malware still does exist. You do not need 50 anti-malware programs, just don't download anything that flashes, and be wary of what you give your admin password to.

 

[GGJstudios]

No virus being publicly distributed for macOS (to our knowledge) doesn't mean you shouldn't practice safe computing, since, as it seems we can all agree on, malware still does exist. You do not need 50 anti-malware programs, just don't download anything that flashes, and be wary of what you give your admin password to.

Very sound advice.