Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MBP with virus, or trojan, or something!!! Help!!

H

helimx

macrumors newbie
Original poster
Aug 16, 2008
18
0
I will explain my problem that's happening as if I was navigating macrumors... but this has happened on FB,Ebay,and a few other forums I frequent... Including macrumors now... it's happening right now actually....

I go to a "macrumors" and get to the home page. I click a subforum and see a quick flash on my screen.. I use "hotcorners" on my macbook pro, and see that a new full size page has opened UNDER the window I was viewing... 90% of the time it says "edoclick dot com" or something similar in the address bar, but the page is totally blank. 10% it's a small window that has opened, but it's porn...

I called my local "mac store" called MacHaus.. they are a apple certified retailer and what not... I explained my problem to them... they told me about popups and popunders... well, popups are blocked, and from what I gather about popUNDERS is they happen when navigating away from a site... well, my problem has happened on Ebay while clicking to view an auction item... Facebook while clicking a friends "name", trying to go view their wall, and even on MacRumors when I clicked the macbook pro subforum... there's no rhyme or reason for it at all... it happens on all kinds of sites and forums...
The machaus guys asked me to bring in my MBP... small problem, I'm 300 miles away working in the Alaskan bush and won't be home for another month or so... BFE is an understatement... lol

I've downloaded clamvax, macscan, and cleanmymac... none have fixed my problem.

I haven't used time machine since early this year... so using a previous backup isn't preferred.. and not sure if that would even fix it... I do have 1 program that I payed for that I don't want to lose... (it was downloaded today actually, well after the start of the problems that my laptop has been having)... as well as music, movies, etc....

I've googled a little about this problem, and see that there's trojan horses on macs gossip... But I don't know enough about virus',trojans, worms, etc, to know what I may have on mine.... I am your average internet user, and don't know much about computers.... any help is appreciated!!!!!!
when I am home I let my kids use my laptop every now and again... I can't let them use it until I'm certain no pornography will pop "under"... not to mention, I don't want it happening when I'M online... lo
 
helimx said:
I will explain my problem that's happening as if I was navigating macrumors... but this has happened on FB,Ebay,and a few other forums I frequent... Including macrumors now... it's happening right now actually....

I go to a "macrumors" and get to the home page. I click a subforum and see a quick flash on my screen.. I use "hotcorners" on my macbook pro, and see that a new full size page has opened UNDER the window I was viewing... 90% of the time it says "edoclick dot com" or something similar in the address bar, but the page is totally blank. 10% it's a small window that has opened, but it's porn...

I called my local "mac store" called MacHaus.. they are a apple certified retailer and what not... I explained my problem to them... they told me about popups and popunders... well, popups are blocked, and from what I gather about popUNDERS is they happen when navigating away from a site... well, my problem has happened on Ebay while clicking to view an auction item... Facebook while clicking a friends "name", trying to go view their wall, and even on MacRumors when I clicked the macbook pro subforum... there's no rhyme or reason for it at all... it happens on all kinds of sites and forums...
The machaus guys asked me to bring in my MBP... small problem, I'm 300 miles away working in the Alaskan bush and won't be home for another month or so... BFE is an understatement... lol

I've downloaded clamvax, macscan, and cleanmymac... none have fixed my problem.

I haven't used time machine since early this year... so using a previous backup isn't preferred.. and not sure if that would even fix it... I do have 1 program that I payed for that I don't want to lose... (it was downloaded today actually, well after the start of the problems that my laptop has been having)... as well as music, movies, etc....

I've googled a little about this problem, and see that there's trojan horses on macs gossip... But I don't know enough about virus',trojans, worms, etc, to know what I may have on mine.... I am your average internet user, and don't know much about computers.... any help is appreciated!!!!!!
when I am home I let my kids use my laptop every now and again... I can't let them use it until I'm certain no pornography will pop "under"... not to mention, I don't want it happening when I'M online... lo
Click to expand...

the problem with viruses and trojans on macs, is that OS-X does not execute windows binary code. so generally, viruses that affect macs, are written explicitly to do so.
I have heard of them for a few years now (since 2006 i can remember personally). and ALL of the ones that I know of are Java exploits.

your best bet is to skip the anti-virus software and clean install.
you could scan your backups while you move them to ensure you don't reinfect your computer later (i would scan from a different operating system)
be careful with anti-virus software, ALL of it will slow down your computer.
(I would avoid Norton and McAffe for this reason).

I know its not much help, but you haven't clarified much. you may be able to solve this by simply deleting all your safari preferences and reinstalling. it may be only your browser that was compromised.

I would just clean install. way safer, way easier.
 
You may want to check your DNS server settings in System Preferences > Network. Popups and popunders are normal annoyances on many websites and rarely indicate the presence of malware. There are NO VIRUSES in the wild that run on current Mac OS X, and extremely few trojans, although a new one has been discovered, primarily on Facebook. See details at the bottom of this linked post: Mac Virus/Malware Info
 
GGJstudios said:
You may want to check your DNS server settings in System Preferences > Network. Popups and popunders are normal annoyances on many websites and rarely indicate the presence of malware. There are NO VIRUSES in the wild that run on current Mac OS X, and extremely few trojans, although a new one has been discovered, primarily on Facebook. See details at the bottom of this linked post: Mac Virus/Malware Info
Click to expand...

ya I read that link b4 I posted... believe it or not, a newb searched first....lol

do you know of how to fix it though???
 
what browser are you using? Have you tried download chrome or firefox to see if they are affected? if they aren't then you can do what was previously stated and uninstall safari completely and do a new install. You might also want to clear application support files and plists for safari.

Try this and then report back. We have all night ;)
 
GGJstudios said:
No, I mean the suggestion I just posted:
Click to expand...

so are you referring to the boonana thing??? with the manual removal "Manual Removal
To manually remove the malware from infected machines, run the following terminal commands. Make sure to unload the launchd task in order to stop attempts to respawn the process:

launchctl unload -w ~/Library/LaunchAgents/jnana.plist

Make sure the java process is no longer running:
killall java

Remove the files:
sudo rm -rf ~/.jnana/
sudo rm -rf /Library/StartupItems/OSXDriverUpdates/
sudo rm -rf /var/root/.jnana/
sudo rm -rf ~/Library/LaunchAgents/jnana.plist

Finally, either manually edit the /etc/sudoers file, or restore it from a known good copy, making sure to set appropriate ownership and permissions.


if so, I don't know where, or how to enter those commands..... Like I said, I'm not very computer litterate.... so if you honestly want to help, please stop beating around the bush and let me know exactly what you mean... thanks...

Reelknead1 said:
what browser are you using? Have you tried download chrome or firefox to see if they are affected? if they aren't then you can do what was previously stated and uninstall safari completely and do a new install. You might also want to clear application support files and plists for safari.

Try this and then report back. We have all night ;)
Click to expand...

it happens on safari and firefox... firefox was downloaded after the problem started, to see if it was just happening in safari... it's happening in both...

how do I clear application support files and plists???

GGJstudios said:
Did you read my post? I offered a possible fix.
Click to expand...

I went to and checked DNS... but don't really know what I'm looking for....

there is one DNS server listed... and nothing in the DNS search domains column...

Sorry, Don't really understand this stuff....
 
helimx said:
I went to and checked DNS... but don't really know what I'm looking for....
Click to expand...

What are the DNS entries for your preferred network connection (AirPort or Ethernet)? You can make a screenshot of it via Command + Shift + 4 > Spacebar > Mouse.

System Preferences > Network > AirPort (my preferred network connection) > Advanced (button bottom right) > DNS.
qog36p.png
 
spinnerlys said:
What are the DNS entries for your preferred network connection (AirPort or Ethernet)? You can make a screenshot of it via Command + Shift + 4 > Spacebar > Mouse.
Taking screenshots in Mac OS X.
How to Use Preview for Basic Image Editing: Crop, Rotate and Resize

System Preferences > Network > AirPort (my preferred network connection) > Advanced (button bottom right) > DNS.
Click to expand...

I'm using airport... my screenshot will look differently than I described earlier, as I'm at a different location...

 
helimx said:
so are you referring to the boonana thing???
Click to expand...
If I was referring to the "boonana thing" I would have said so.
helimx said:
... so if you honestly want to help, please stop beating around the bush and let me know exactly what you mean... thanks...
Click to expand...
I haven't been "beating around the bush" and I don't know how I could get any clearer. It doesn't require computer literacy to read a post:
ScreenCap 3.PNG
That was my very first sentence in this thread.

You're on your own. :rolleyes:
 
I think the OP doesn't understand what to do with the DNS settings.

OP, first, make sure you save these numbers, then remove them by highlighting them and hitting the minus sign. Now hit the plus sign and change them to Googles DNS settings. You will be adding two separate numbers, first, add 8.8.8.8, then add 8.8.4.4. Apply the changes and to make things easy just restart your machine and then try and connect again.

If you are unable to connect to the internet, call your internet service provider and ask for their DNS settings before you put the old ones that you currently have now back in.

Also its not a virus on your machine, its more like a redirect. They attack browsers and can mess with any operating system since they go after the browser itself. (Theres actually a lot more to it but thats the simplest explanation I can give.)
 
chrono1081 said:
I think the OP doesn't understand what to do with the DNS settings.

OP, first, make sure you save these numbers, then remove them by highlighting them and hitting the minus sign. Now hit the plus sign and change them to Googles DNS settings. You will be adding two separate numbers, first, add 8.8.8.8, then add 8.8.4.4. Apply the changes and to make things easy just restart your machine and then try and connect again.

If you are unable to connect to the internet, call your internet service provider and ask for their DNS settings before you put the old ones that you currently have now back in.

Also its not a virus on your machine, its more like a redirect. They attack browsers and can mess with any operating system since they go after the browser itself. (Theres actually a lot more to it but thats the simplest explanation I can give.)
Click to expand...

thanks!! you're correct, I had no idea what to do.... thanks for the suggestion... I'll give it a try... :D
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back