I fell victim to the dreaded MacKeeper

Discussion in 'macOS' started by CheMillan, Jul 27, 2016.

  1. CheMillan macrumors member

    CheMillan

    Joined:
    Jan 5, 2015
    Location:
    Los Angeles
    #1
    I was installing MplayerX when Safari opened and all kinds of weird windows were popping up and disappearing too fast including the MacKeeper application window. The MplayerX installer must have had MacKeeper bundled inside it so I immediately took action to contain the damage. I disconnected my Mac Pro from the internet, closed all the popup windows and quit Safari. I used EasyFind to search for any malware apps and sure enough EasyFind found the following files and folders: MacKeeper, MegaBackup, some Yahoo helper search tool, and several files inside the LaunchAgents folder dated today. I moved all files to the Trash, restarted the Mac Pro, empty the Trash, then opened Malwarebytes to scan for any leftover crapware. Malwarebytes reported no other threats found. All is well, I hope so.
     
  2. keysofanxiety macrumors 604

    keysofanxiety

    Joined:
    Nov 23, 2011
    #2
    If I may offer some reassurance; you did the right thing and you'll be all fine from here. There are very few points of infection on OS X. Malware is so frustrating and we can all get caught out by it at the best of times.

    Best wishes :)
     
  3. old-wiz macrumors G3

    Joined:
    Mar 26, 2008
    Location:
    West Suburban Boston Ma
    #3
    It is disgusting that MacKeeper keeps doing sneak installs that can wreck a user's system. How they manage to keep going I have no idea, but since they don't charge for it they must make their money from the ads that they force into the system. It is totally MALWARE. MplayerX is also at fault - they should not be installing malware.
     
  4. Richdmoore macrumors 68000

    Richdmoore

    Joined:
    Jul 24, 2007
    Location:
    Troutdale, OR
    #4
    I just checked since I have been using MPlayerX for years, and didn't remember anything other than a normal install.

    I then realized the situation. MPlayerX can be installed via their own web site (with the crapware & mackeeper scamware that is mentioned above) OR the Mac App Store. The mac app store version is old (last updated May 2012) but it works good and does not come with the spyware issues.

    In the Mac App store, the developers actually tell people to download a later version of MPlayerX from them instead of apple, how is this allowed in the App Store?
     
  5. CheMillan thread starter macrumors member

    CheMillan

    Joined:
    Jan 5, 2015
    Location:
    Los Angeles
    #5

    Thanks guys,

    This is the first time I’ve ever experienced something like this and it freaked me out pretty good then I got angry and realized that getting angry was not going to help. I had to stay focus long enough to do some damage control. My Mac Pro survived this kind of attack but what about next time?
     
  6. Fishrrman macrumors G4

    Joined:
    Feb 20, 2009
    #6
    Just this morning, I ran Malwarebytes anti-Malware for Mac (which up until today "finds nothing"), and it threw up MplayerX as "malware".

    I removed it.

    A search of "Mplayer" reveals this:
    https://malwaretips.com/blogs/ads-by-mplayerx-removal/

    Probably not worth keeping around!
     
  7. CheMillan thread starter macrumors member

    CheMillan

    Joined:
    Jan 5, 2015
    Location:
    Los Angeles
    #7
     
  8. thomasareed macrumors member

    thomasareed

    Joined:
    Aug 24, 2015
    #8
    Yup, due to the fact that MPlayerX has been repeatedly affiliated with adware installers, and the fact that the installer downloaded directly from the official MPlayerX site is loaded with adware, we've classified MPlayerX as a "PUP" (potentially unwanted program).

    Not only that, but the MPlayerX installer behaves differently depending on how you're running it. If you run it in a virtual machine - which means you're probably a security researcher trying to see how it behaves in an isolated system - it won't install any adware at all. Run the same installer on a normal system and it installs tons of crap. That's malware-like, analysis-avoiding behavior!

    We've been working on taking a much more aggressive stance towards programs like this lately.
     
  9. willmtaylor macrumors G3

    willmtaylor

    Joined:
    Oct 31, 2009
    Location:
    A Natural State
    #10

Share This Page