Malware on macOS Sierra

Discussion in 'macOS Sierra (10.12)' started by JGRE, Sep 5, 2016.

  1. JGRE macrumors 6502a

    JGRE

    Joined:
    Oct 10, 2011
    Location:
    Dutch Mountains
    #1
    Hi all,

    Since like a week or two, I get these annoying pop-up suggesting to download and install protection against malware / adware. Clearly, this is malware /adware. I have ran several scan with programs from the app store in order to get this out of my system, but these programs mention that my system is "clean".

    Do any of you have an idea what this is and how to get it deleted? Please see right hand top corner of attached screen print.

    Thx.
     

    Attached Files:

  2. flowrider macrumors 601

    flowrider

    Joined:
    Nov 23, 2012
    #2
    Happened to me a few years ago. It displayed a phone number on the screen to call. I called the number and yelled a few obscenities at the guy who answered. I than erased the disk reformatted and copied a backup to it. Nothing has happened, thankfully, since. Those guys are real ba$tards.

    Lou
     
  3. m4v3r1ck macrumors 68020

    m4v3r1ck

    Joined:
    Nov 2, 2011
    Location:
    The Netherlands
    #3
    Please repost the screen-cap.

    Cheers
     
  4. dianeoforegon macrumors 6502a

    dianeoforegon

    Joined:
    Apr 26, 2011
    Location:
    Oregon
    #4
    See this post on Apple Discussions:
    https://discussions.apple.com/message/27708131#27708131

    It's a JavaScript scam that only affects your web browser, and only temporarily. There are several ways to recover.

    1. Some of those scam pages can be dismissed very easily. Press the key combination command-W to close the tab or window. A huge box will pop up. Press the return key and both the box and the page will close. If that doesn't happen, continue.

    2. Press and hold command-W. You may hear repeating alert sounds. While holding the keys, click the OK button in the popup. A different popup may appear, which you can cancel out of as usual.

    3. From the Safari menu bar, select

    Safari ▹ Preferences... ▹ Security

    and uncheck the box marked Enable JavaScript. Leave the preferences dialog open.

    Close the malicious window or tab.

    Re-enable JavaScript and close the preferences dialog.

    4. If the Preferences menu item is grayed out, quit Safari. Force quit if necessary. Relaunch it by holding down the shift key and clicking its icon in the Dock. None of the windows and tabs will reopen.

    After closing the malicious page, from the menu bar, select

    Safari Preferences... ▹ Privacy Remove All Website Data

    to get rid of any cookies or other data left by the server. Open your Downloads folder and delete anything you don't recognize.
     
  5. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #5
    I am pretty sure that this is not a JavaScript scan. JavaScript in Safari is not capable of producing non-native windows outside of the browser window.

    @JGRE: You can forget about Mac App Store applications for this purpose, they are not effective due to sandboxing restrictions. The go-to program for Mac users is MalwareBytes Anti-Malware, which is an on-demand scanner.

    Alternatively, create a report with EtreCheck and paste it here. It will help us see where the adware is and help you remove it. EtreCheck also happens to have a blacklist for known adware, so it might even highlight it for you.
     
  6. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #6
    This is not a javascript/browser issue. As suggested in the post before mine, the best way to resolve this is to use the Malwarebytes Anti-Malware tool.
     
  7. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #7
    Can you type the text, and can someone translate it?
     
  8. KALLT, Sep 5, 2016
    Last edited: Sep 5, 2016

    KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #8
    It’s very poor Dutch, likely automated translation.

    Edit: It’s probably this one, based on the icon: http://www.macadwarecleaner.com.
     
  9. Takuro macrumors 6502

    Takuro

    Joined:
    Jun 15, 2009
    #9
    Lol. I looked at those "customer testimonials". It's all stock art.

    Aaron Smith, a.k.a "Portrait of confident farmer standing arms crossed against barn door" from Gettyimages.
    http://www.gettyimages.com/detail/470648425

    Actually, both customer testimonial pictures were cropped to remove the watermark. So these jokers are so cheap they won't even pay for ripped stock art.
     
  10. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #10
    Ha, confident farmer. :D

    I also love how the privacy policy leads to an empty page. Elsewhere: “Don’t worry... We would never pass on your email address to third parties.Our Privacy Policy”.

    Seems to be a sham business based in India.
     
  11. JGRE thread starter macrumors 6502a

    JGRE

    Joined:
    Oct 10, 2011
    Location:
    Dutch Mountains
    #11
    It says: "Recommend download, protect your mac against malware / adware, always".
    Than there is this strange check-box which says: "show more, never". (which is not even good Dutch)
    --- Post Merged, Sep 5, 2016 ---
    Yes, this is the one. Now I know who is trying to trick me. Thx.
     
  12. thomasareed macrumors member

    thomasareed

    Joined:
    Aug 24, 2015
    #12
    As you've found, that's Mac Adware Cleaner, from the junk software company PCVARK, aka Techyutils. Malwarebytes Anti-Malware for Mac will remove that, and all other PCVARK/Techyutils programs.

    More importantly, though, these PCVARK apps rarely show up to the party alone, so you probably have some other junk software or adware installed as well.
     
  13. JGRE thread starter macrumors 6502a

    JGRE

    Joined:
    Oct 10, 2011
    Location:
    Dutch Mountains
    #13
    I ran the Malwarebytes program suggested, it removed some suspicious lines / files and I haven't seen the pop-up window any more.
    Thanks everybody.
     

Share This Page