I got malware/spyware on my Mac?

Discussion in 'Mac Apps and Mac App Store' started by mark28, Nov 14, 2010.

  1. mark28 macrumors 68000

    Joined:
    Jan 29, 2010
    #1
    I installed Little Snitch and I could see info was trying to be send to

    ad.br.doubleclick.net
    a1399.b.akamai.net
    adv.netshelter.net
    ping.crowdsciene.com
    d27qx2clk5noba.cloudfront.net

    Does this mean I got spyware and if so, how do I remove it?
     
  2. Jolly Giant macrumors 6502a

    Jolly Giant

    Joined:
    Sep 15, 2010
    Location:
    Hamburg, Germany
    #2
    you might find this article helpful.
     
  3. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #3
    Those simply look to be ad servers. If you look up the server names this will become clear.
     
  4. dknightd macrumors 6502

    Joined:
    Mar 7, 2004
    #4
    It depends on how you define spyware. Most (if not all) the sites you list are ad servers, and information collectors. They track where you visit, try to determine what your interests are, and provide you with targeted ads. Macrumors seems to use these "services". So do many other web sites.

    I would consider this "spyware" of sorts. But they are pretty benign - I don't think they are collecting bank accounts information and stuff like that. Just personal information about your web browsing and buying habits. They do this by storing cookies on your computer, then retrieving them to see what you've been up to.

    You could tell your browser not to accept cookies, but then you'd find a good portion of the web to be unusable. It is a curse of living in a "modern" society.
     
  5. GGJstudios, Nov 14, 2010
    Last edited: Nov 14, 2010

    GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #5
    Those are neither malware or spyware. It's merely adware, which is not harmful, but only a nuisance. You can reset Safari, clearing cookies and cache to remove them. You can avoid most of that with a good ad-blocker such as Safari AdBlock (not the extension, but the older version 0.4.0) or SafariBlock.
    That article was written several years ago, and "Applies to Mac OS X 10.2 Jaguar through Mac OS X 10.5 Leopard". While some of the information is true, there are far more current sources of up-to-date information on malware as it relates to Mac OS X.

    Mac Virus/Malware Info
     
  6. Jolly Giant macrumors 6502a

    Jolly Giant

    Joined:
    Sep 15, 2010
    Location:
    Hamburg, Germany
    #6
    cheers for that !

    will find it's way into my forum database ...
     
  7. nostresshere macrumors 68030

    Joined:
    Dec 30, 2010
    #7
    Okay, so no stuff on my mac.

    Anybody tell me what is happening here. This is just a little from the console around the time that my typing slowed to a crawl.

    12/29/10 3:14:24 PM Firewall[79] Stealth Mode connection attempt to UDP 192.168.0.106:55008 from 68.87.68.162:53
    12/29/10 3:14:30 PM Firewall[79] Deny cupsd data in from 10.211.55.2:631 to port 631 proto=17
    112/29/10 3:16:03 PM Firewall[79] Deny nmbd data in from 192.168.0.120:137 to port 137 proto=17
    12/29/10 3:16:06 PM Firewall[79] Stealth Mode connection attempt to UDP 192.168.0.106:53190 from 68.87.68.162:53
    12/29/10 3:16:34 PM Firewall[79] Deny cupsd data in from 10.37.129.2:631 to port 631 proto=17
    12/29/10 3:17:03 PM Firewall[79] Deny nmbd data in from 192.168.0.107:138 to port 138 proto=17
    12/29/10 3:17:46 PM Firewall[79] Stealth Mode connection attempt to UDP 192.168.0.106:64120 from 68.87.68.162:53
    12/29/10 3:17:49 PM Firewall[79] Stealth Mode connection attempt to UDP 192.168.0.106:55874 from 68.87.68.162:53
    112/29/10 3:18:07 PM Firewall[79] Deny cupsd data in from 192.168.0.106:631 to port 631 proto=17
    12/29/10 3:18:07 PM Firewall[79] Deny cupsd data in from 10.211.55.2:631 to port 631 proto=17
    12/29/10 3:18:07 PM Firewall[79] Deny cupsd data in from 10.37.129.2:631 to port 631 proto=17
    12/29/10 3:18:14 PM Firewall[79] Stealth Mode connection attempt to UDP 192.168.0.106:63344 from 68.87.68.162:53
     
  8. jzuena macrumors 6502a

    jzuena

    Joined:
    Feb 21, 2007
    Location:
    Lexington, MA, USA
    #8
    This is just DNS. It shows up multiple times since you have multiple processes (55008, 53190, 64120, 55874, 63344) all trying to convert an Internet name to an IP address, and the DNS server at 68.87.68.162 (Comcast in Woodstock/Atlanta, GA) is replying.
    This is a machine somewhere within your ISP (I'm guessing Comcast, from the DNS query above) trying to connect to your print daemon. It has to be within your ISP, since addresses starting with "10.xxxx" are not Internet routable. There really isn't any reason your ISP should be trying to connect to your machine's print daemon.
    This is a machine on your local network trying to make a NETBIOS network connection. Do you have a Windows machine as well as a Mac?
     
  9. nostresshere macrumors 68030

    Joined:
    Dec 30, 2010
    #9
    MBP on small network. Other machines are Windows 7
     

Share This Page