Installed Yosemite and now have obscene ads popping up every where

Discussion in 'OS X Yosemite (10.10)' started by amanda2261, Oct 30, 2014.

  1. amanda2261, Oct 30, 2014
    Last edited by a moderator: Oct 30, 2014

    amanda2261 macrumors newbie

    Joined:
    Oct 30, 2014
    #1
    I installed Yosemite and now have numerous obscene advertisements (and I mean 8-10 windows opening on their own) each time I click on a new page. They are also forcing their way onto the websites I view above an of their content.

    Adware Medic is not picking up on anything. ClamXav finds the following but will not quarantine so I don't know how to get rid of it:

    Filename Infection Name Status
    /Users/amandabotfield/Library/Mail/V2/POP-amanda@shine-elc.com.au@pop.asia.secureserver.net/INBOX.mbox/835617ED-0865-46BB-85C6-C218F83C85B9/Data/1/3/Messages/31815.emlx Heuristics.Phishing.Email.SSL-Spoof
    /Users/amandabotfield/Library/Mail/V2/POP-amanda@shine-elc.com.au@pop.asia.secureserver.net/INBOX.mbox/835617ED-0865-46BB-85C6-C218F83C85B9/Data/2/3/Messages/32509.emlx Heuristics.Phishing.Email.SpoofedDomain

    My computer was fine prior to installing Yosemite and I have never previously had any trouble with any of my Mac's.

    I cannot log into the Apple Forum, I enter my Apple ID and password and it does not log me in so I cannot ask for help there.

    Our computer is a business computer for an early childhood service so these ads are highly inappropriate. I am not sure what else to do.

    PLEASE HELP! And I apologise for the offensiveness of the picture below but that is a mild shot of what we are being exposed to.
     
  2. SlCKB0Y macrumors 68040

    SlCKB0Y

    Joined:
    Feb 25, 2012
    Location:
    Sydney, Australia
    #2
    Welcome to the internet! :)
     
  3. amanda2261 thread starter macrumors newbie

    Joined:
    Oct 30, 2014
    #3
    It is exactly why we moved away from PC's and had never had a problem in the last 7 years with Mac's now we install a supposedly 'better' OS and it is the worst we have ever experienced!! Do you have any suggestions SICKBOY?
     
  4. Bruno09 macrumors 68020

    Joined:
    Aug 24, 2013
    Location:
    Far from here
    #4
    Do you have AdBlock for Safari installed ?

    The 2 files ClamXav found are in your emails, and could be manually deleted.
     
  5. Watabou macrumors 68040

    Watabou

    Joined:
    Feb 10, 2008
    Location:
    United States
    #5
    You're right, Yosemite (obviously) doesn't come with ads.

    You've definitely have some form of malware/adware installed. It's pretty surprising that Adware Medic didn't find anything. I would first check Safari's extensions and make sure that you haven't installed anything suspicious. It's interesting that ClamXAv is pointing towards some of your mail messages, so maybe you could have opened an attachment that contained malware.

    The next thing I would try it open up Activity Monitor, and check out the processeses that are running and see if any of them looks suspicious.

    If all else fails, I would actually suggest a clean install, and be very careful of what you install/download/open in the future.
     
  6. PhiLLoW macrumors 6502

    Joined:
    May 31, 2014
    #6
    Sounds like a program changed your default website and the homepage itself loads a lot of new tabs/pages/pop ups.

    Go to Safari => Settings => Homepage and check for a suspicious website.
     
  7. fisherking macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #7
    check your login items too (in system preferences, Users & Groups). definitely not from the yosemite install.

    FIND those 2 emails and DELETE them.
     
  8. AllergyDoc macrumors 65816

    AllergyDoc

    Joined:
    Mar 17, 2013
    Location:
    Utah, USA
    #8
    This thread brings back awful memories from my Windows days. :(
     
  9. zeeklancer macrumors regular

    Joined:
    Jan 1, 2008
    #9
    And while you are poking around you should look at the web history and figure out who was viewing porn on your site :p

    I highly doubt it was the e-mails.
     
  10. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #10
    The OP's problem definitely did not come from a fresh install of Yosemite. That problem arose afterward, from someone who has been using the computer.
     
  11. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #11
    In addition to the above you need to control access to the machine, in particular once you have resolved the issue you should seperate admin access and use a daily usage account for routine access if the machine is shared, then you can use parental controls to limit the sites and material the daily use account can access.

    Finally you then need to review everyone that has had any access to the machine, viewing such content is pretty incompatible with working in such an environment, you should consider a full review of your formal internet usage policy in that workplace and make all staff fully aware of what has been found and how it will be treated in the future.

    You dont have a problem Yosemite install, you do have a problem staff member (or whomever could have accessed it).

    Sorry but I have run child-related businesses in the past, you need zero tolerance here.
     
  12. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #12
    Excellent advice.

    OP: If possible, I would remove the computer from employee access. If clients were to see the mess on your computer, it could be very bad for you. I would restrict access to the owners of the business, if at all possible, unless you have a sure fire way of locking it down tight for employees. You do not want to put your livelihood at risk, because some employee wants to treat your business computer as his or her own personal computer to troll the internet.
     
  13. amanda2261 thread starter macrumors newbie

    Joined:
    Oct 30, 2014
    #13
    Employees do not have access. It is my computer in the office. I think it may have something to do with the router can they get malware?

    ----------

    It was a fresh install of Yosemite. No one else has access to the computer (password protected)

    ----------

    I am the owner of the business and Boone has access to the computer and I certainly have not looked at porn. History does not reveal any porn sites visited and the office is separately alarmed, security camera over the past few months have not shown anyone using my computer other than myself.
     
  14. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #14
    Is your Mac networked with other computers in the business? Have you opened any forwarded email or attachments? Have you installed any programs recently? If so, were they Apple developer approved?

    A clean browser history (re: Boone usage or otherwise) doesn't really mean a lot, as it (history) can be cleared from view from the average user.

    By fresh install, do you mean you wiped the HD and then installed Yosemite followed by a clean install of all programs, without using a TM backup for anything?
     
  15. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #15
    Sorry I'm not understanding those statements here but either way....there are only a few methods by which what you are experiencing can be achieved:

    Loading adware or malware onto your computer (often as part of an innocent-sounding installer - but normally obtained from a dubious source, perhaps along with a hacked/illegal copy of a mainstream App or program)

    A phishing website redirecting you - often linked to or contained in innocent-but-unlikely sounding emails...

    Redirecting all web traffic in your router by changing its DNS settings (this would have to have been done manually by someone with access changing those setting after logging into the router).

    Lets look at these in reverse order:

    Your router, I'd suggest you change its admin and WiFi passwords to make sure the WiFi network is secure, if your router has an option to be administered from the WAN/public side (i.e. out on the internet), turn that option OFF to make sure settings can only be changed from within your network. Ensure the WiFi network is using some form of security. Also ensure if the router has a firewall it is UP. Then check with your ISP what its settings for DNS should be and make sure they are set so. Then reboot it to make sure those settings are active.

    If you are unsure how to do this then normally your ISP can advise, especially if you rent the modem/router from them.

    Phishing emails, well ClamxAV found two I see so find them and delete them, understand whose account they came in on and were they spam or were links being actively passed around (whether or not the recipient knowingly understood what they were. Spam is normally easy for a human to spot. Investigate whether your email provider has anti-spam services running and again, talk to them to decide if the settings are correct for you. Practice safe computing for yourself (basically use software only from trusted sources etc), and secure your machine so that only you can install software on it (see my comments about running two accounts above).

    Now your machine. Passwords are great but they can be discovered/cracked or simply guessed at, you should consider who has physical access to the machine and any opportunity, both potentially malicious and unintentional (this is why running a limited-permission daily account is a good idea). Change your password to a strong one and avoid easily/obvious ones that might be guessed at.

    Once you have considered all this and the router is secured and using the ISPs settings I would recommend you do a further clean install, given that some known good tools are not finding this for you it is the best way to guarantee you a clean start. Once reinstalled, reload your apps only from known good sources (such as the Mac App Store), then reload any documents your may have - do not do a full restore from a Time Machine backup though as you may then re-install any malware or adware you have just removed....

    I think this would give you a good clean position and shouldn't take more than a few hours and possibly a couple of phone calls to achieve - well worth the investment for peace of mind.

    If anyone sees I've missed anything please chime in....
     
  16. amanda2261 thread starter macrumors newbie

    Joined:
    Oct 30, 2014
    #16
    Employees do not have access....and Boone has access


    Ahh that would be no one not Boone!

    ----------

    Many thanks I will try all of this tomorrow when I can do it in peace and quiet and no accidental eyes seeing the porn!
     
  17. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #17
    Yep take it steady and just work it through :)
     
  18. Abba1 macrumors regular

    Joined:
    Aug 6, 2014
    #18
    From Extensions, get Ghostery and AdBlock Plus. You may also want to get Web of Trust, which will help you to decide if you want to open a website or not. All three are free. Also, you need to be very careful of the email you open. It would help if you disabled "Load Remote Images" in iPhone and iPad (Mail), as this should help, but not totally, to keep the bad guys out. You may also want to get some sort of Spam filter as that would also help. And, you can use rules on iCloud to send any email from a particular address to the trash, which will certainly help you on the Mac. Just be sure to set up delete trash (on Mail) every day or even every time you close Mail.
     
  19. dsemf macrumors regular

    Joined:
    Jul 26, 2014
    #19
    Also, for Safari, go to Preferences >> General Tab. Uncheck Open Safe Files. There is no such thing.

    DS
     

Share This Page