MBP with virus, or trojan, or something!!! Help!!

Discussion in 'MacBook Pro' started by helimx, Oct 29, 2010.

  1. helimx macrumors newbie

    Joined:
    Aug 16, 2008
    #1
    I will explain my problem that's happening as if I was navigating macrumors... but this has happened on FB,Ebay,and a few other forums I frequent... Including macrumors now... it's happening right now actually....

    I go to a "macrumors" and get to the home page. I click a subforum and see a quick flash on my screen.. I use "hotcorners" on my macbook pro, and see that a new full size page has opened UNDER the window I was viewing... 90% of the time it says "edoclick dot com" or something similar in the address bar, but the page is totally blank. 10% it's a small window that has opened, but it's porn...

    I called my local "mac store" called MacHaus.. they are a apple certified retailer and what not... I explained my problem to them... they told me about popups and popunders... well, popups are blocked, and from what I gather about popUNDERS is they happen when navigating away from a site... well, my problem has happened on Ebay while clicking to view an auction item... Facebook while clicking a friends "name", trying to go view their wall, and even on MacRumors when I clicked the macbook pro subforum... there's no rhyme or reason for it at all... it happens on all kinds of sites and forums...
    The machaus guys asked me to bring in my MBP... small problem, I'm 300 miles away working in the Alaskan bush and won't be home for another month or so... BFE is an understatement... lol

    I've downloaded clamvax, macscan, and cleanmymac... none have fixed my problem.

    I haven't used time machine since early this year... so using a previous backup isn't preferred.. and not sure if that would even fix it... I do have 1 program that I payed for that I don't want to lose... (it was downloaded today actually, well after the start of the problems that my laptop has been having)... as well as music, movies, etc....

    I've googled a little about this problem, and see that there's trojan horses on macs gossip... But I don't know enough about virus',trojans, worms, etc, to know what I may have on mine.... I am your average internet user, and don't know much about computers.... any help is appreciated!!!!!!
    when I am home I let my kids use my laptop every now and again... I can't let them use it until I'm certain no pornography will pop "under"... not to mention, I don't want it happening when I'M online... lo
     
  2. x0r-lord macrumors member

    Joined:
    Aug 31, 2010
    Location:
    Ottawa, Canada
    #2
    the problem with viruses and trojans on macs, is that OS-X does not execute windows binary code. so generally, viruses that affect macs, are written explicitly to do so.
    I have heard of them for a few years now (since 2006 i can remember personally). and ALL of the ones that I know of are Java exploits.

    your best bet is to skip the anti-virus software and clean install.
    you could scan your backups while you move them to ensure you don't reinfect your computer later (i would scan from a different operating system)
    be careful with anti-virus software, ALL of it will slow down your computer.
    (I would avoid Norton and McAffe for this reason).

    I know its not much help, but you haven't clarified much. you may be able to solve this by simply deleting all your safari preferences and reinstalling. it may be only your browser that was compromised.

    I would just clean install. way safer, way easier.
     
  3. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #3
    You may want to check your DNS server settings in System Preferences > Network. Popups and popunders are normal annoyances on many websites and rarely indicate the presence of malware. There are NO VIRUSES in the wild that run on current Mac OS X, and extremely few trojans, although a new one has been discovered, primarily on Facebook. See details at the bottom of this linked post: Mac Virus/Malware Info
     
  4. helimx thread starter macrumors newbie

    Joined:
    Aug 16, 2008
    #4
    ya I read that link b4 I posted... believe it or not, a newb searched first....lol

    do you know of how to fix it though???
     
  5. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #5
    Did you read my post? I offered a possible fix.
     
  6. helimx thread starter macrumors newbie

    Joined:
    Aug 16, 2008
    #6
    I'm assuming you mean did I turn of Java? Yes, did that before I posted this thread.... it didn't fix anything...
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    No, I mean the suggestion I just posted:
     
  8. Reelknead1 macrumors 6502

    Joined:
    Sep 21, 2009
    #8
    what browser are you using? Have you tried download chrome or firefox to see if they are affected? if they aren't then you can do what was previously stated and uninstall safari completely and do a new install. You might also want to clear application support files and plists for safari.

    Try this and then report back. We have all night ;)
     
  9. helimx thread starter macrumors newbie

    Joined:
    Aug 16, 2008
    #9
    so are you referring to the boonana thing??? with the manual removal "Manual Removal
    To manually remove the malware from infected machines, run the following terminal commands. Make sure to unload the launchd task in order to stop attempts to respawn the process:

    launchctl unload -w ~/Library/LaunchAgents/jnana.plist

    Make sure the java process is no longer running:
    killall java

    Remove the files:
    sudo rm -rf ~/.jnana/
    sudo rm -rf /Library/StartupItems/OSXDriverUpdates/
    sudo rm -rf /var/root/.jnana/
    sudo rm -rf ~/Library/LaunchAgents/jnana.plist

    Finally, either manually edit the /etc/sudoers file, or restore it from a known good copy, making sure to set appropriate ownership and permissions.


    if so, I don't know where, or how to enter those commands..... Like I said, I'm not very computer litterate.... so if you honestly want to help, please stop beating around the bush and let me know exactly what you mean... thanks...

    it happens on safari and firefox... firefox was downloaded after the problem started, to see if it was just happening in safari... it's happening in both...

    how do I clear application support files and plists???

    I went to and checked DNS... but don't really know what I'm looking for....

    there is one DNS server listed... and nothing in the DNS search domains column...

    Sorry, Don't really understand this stuff....
     
  10. spinnerlys Guest

    spinnerlys

    Joined:
    Sep 7, 2008
    Location:
    forlod bygningen
    #10
  11. helimx thread starter macrumors newbie

    Joined:
    Aug 16, 2008
    #11
    I'm using airport... my screenshot will look differently than I described earlier, as I'm at a different location...

    [​IMG]
     
  12. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #12
    If I was referring to the "boonana thing" I would have said so.
    I haven't been "beating around the bush" and I don't know how I could get any clearer. It doesn't require computer literacy to read a post:
    ScreenCap 3.PNG
    That was my very first sentence in this thread.

    You're on your own. :rolleyes:
     
  13. chrono1081 macrumors 604

    chrono1081

    Joined:
    Jan 26, 2008
    Location:
    Isla Nublar
    #13
    I think the OP doesn't understand what to do with the DNS settings.

    OP, first, make sure you save these numbers, then remove them by highlighting them and hitting the minus sign. Now hit the plus sign and change them to Googles DNS settings. You will be adding two separate numbers, first, add 8.8.8.8, then add 8.8.4.4. Apply the changes and to make things easy just restart your machine and then try and connect again.

    If you are unable to connect to the internet, call your internet service provider and ask for their DNS settings before you put the old ones that you currently have now back in.

    Also its not a virus on your machine, its more like a redirect. They attack browsers and can mess with any operating system since they go after the browser itself. (Theres actually a lot more to it but thats the simplest explanation I can give.)
     
  14. helimx thread starter macrumors newbie

    Joined:
    Aug 16, 2008
    #14
    thanks!! you're correct, I had no idea what to do.... thanks for the suggestion... I'll give it a try... :D
     

Share This Page