my mac has a virus

Sossity

macrumors 65816
Original poster
May 12, 2010
1,057
12
I recently installed Citrix receiver, and filezilla on my mac, and I think one or both of them installed yahoo search as my default engine.

Every browser I open defaults to yahoo no matter what I do; I have gone into preferences, no suspicious extensions, cleared cookies, cache, restarted the same thing.

I uninstalled filezilla, and now when ever I open a browser, i get no internet connection, because it cannot find and default to yahoo search.

I wanted google to be my main search for my browsers.
 

960design

macrumors 68040
Apr 17, 2012
3,012
959
Destin, FL
Not reading and unchecking a box from internet app installation is certainly how to destroy your Mac. By definition it would not be a virus, as it cannot self replicate within the *nix architecture.

Read the small print when installing stuff, or instead of being annoying it could pass all of your keystrokes to a foreign party. Checking on your bank balance, logging into iTunes, ect could prove quite expensive in the worst case or just permanently destroy your computer in the best case.
 

Sossity

macrumors 65816
Original poster
May 12, 2010
1,057
12
So from the start, you tell us that you don't have a virus, you don't even suspect you have a virus. So could you please change the thread title?
I am not sure how to do that after the post has been up awhile.
[doublepost=1490757640][/doublepost]OK, to some, I know I goofed here, i don't need to be chastised, so if you can't offer actual helpful answers, don't respond. So according to one here, my computer is destroyed, so what do I do with it now? burn it?

I think I sorted it out anyways, I just went in created another administer account and deleted that account and made a fresh one, my browsers are normal now.
 
  • Like
Reactions: GGJstudios

Bruno09

macrumors 68020
Aug 24, 2013
2,202
151
Far from here
if you can't offer actual helpful answers, don't respond. So according to one here, my computer is destroyed, so what do I do with it now? burn it?

I think I sorted it out anyways, I just went in created another administer account and deleted that account and made a fresh one, my browsers are normal now.
Hi,

you did not need to do this.

The actual "helpful answer" was in post #3 : the "thing" that installed yahoo search as default engine is an adware/malware.

What you needed to do is exactly this :

1. install and run MalwareBytes to get rid of your malware(s)

2. go to the browser(s) Preferences to set back your default engine to what you want
[doublepost=1490775147][/doublepost]And remember this : your crapwares are installed at root level.

So, if you don't remove them now, they will continue their "work" in your new account...
 

960design

macrumors 68040
Apr 17, 2012
3,012
959
Destin, FL
...So according to one here, my computer is destroyed, so what do I do with it now? burn it?
My mistake for the poor wording. I should have added can be destroyed. Script kiddies will package load destructive code into 'freebie' apps. It is this reason we like *nix ( mac / ubuntu ) operating systems and the security of the Apple Store. Prevents us from making silly mistakes and having to worry about silly people, for the most part.

Still requires a little bit of a sanity check on our part as users, but far safer than the wild west.

Most of the 'bad' stuff that can be added to a mac can be cleaned off with Malwarebytes. Be sure to get it from a safe location as those same bad people repackage MalwareBytes with keyloggers inside.

For example
Do not download from a mirror site like this one:
http://ccm.net/download/download-105-malwarebytes-anti-malware

Download from the main site:
https://www.malwarebytes.com/

PS. Be careful the bad guys often buy up the top level domains and spam malware out. For example, malwarebytes.co or malwarebytes.us or malwarebytes.net could be purchased by you for as little as $6.88US. You could then create a very similar front page and catch quite a few people into downloading spamware software to their computers.
 
  • Like
Reactions: Goatllama

T'hain Esh Kelch

macrumors 603
Aug 5, 2001
5,169
4,720
Denmark
I am not sure how to do that after the post has been up awhile.
[doublepost=1490757640][/doublepost]OK, to some, I know I goofed here, i don't need to be chastised, so if you can't offer actual helpful answers, don't respond. So according to one here, my computer is destroyed, so what do I do with it now? burn it?

I think I sorted it out anyways, I just went in created another administer account and deleted that account and made a fresh one, my browsers are normal now.
And yet you continue. There are plenty of correct answers, yet you pick the one that requires you to wear a tin foil hat. Good job.
 

GGJstudios

macrumors Westmere
May 16, 2008
44,428
796
I am not sure how to do that after the post has been up awhile.
To edit the thread title, click the gear icon at the top of this thread. It's above the first post, to the right, beside "Most Liked Posts". On the dropdown list you will see "Edit Title".
 

Sossity

macrumors 65816
Original poster
May 12, 2010
1,057
12
And yet you continue. There are plenty of correct answers, yet you pick the one that requires you to wear a tin foil hat. Good job.
what the heck are you talking about? go away with smart remarks if you cant be helpful. I was not asking you, unlike the others you are of no help but being trollish.

And yes that hat looks quite good thank you.

I continue yes, I have been a member here for a while, so I think I am allowed to get some feedback, and I am working on the suggestions. So don't tell me off.
[doublepost=1490899922][/doublepost]
My mistake for the poor wording. I should have added can be destroyed. Script kiddies will package load destructive code into 'freebie' apps. It is this reason we like *nix ( mac / ubuntu ) operating systems and the security of the Apple Store. Prevents us from making silly mistakes and having to worry about silly people, for the most part.

Still requires a little bit of a sanity check on our part as users, but far safer than the wild west.

Most of the 'bad' stuff that can be added to a mac can be cleaned off with Malwarebytes. Be sure to get it from a safe location as those same bad people repackage MalwareBytes with keyloggers inside.

For example
Do not download from a mirror site like this one:
http://ccm.net/download/download-105-malwarebytes-anti-malware

Download from the main site:
https://www.malwarebytes.com/

PS. Be careful the bad guys often buy up the top level domains and spam malware out. For example, malwarebytes.co or malwarebytes.us or malwarebytes.net could be purchased by you for as little as $6.88US. You could then create a very similar front page and catch quite a few people into downloading spamware software to their computers.
Thanks for the links and info, I downloaded the app. Little disappointing, I though macs were immune to this sort of thing, it just like a windows machine then.
 
Last edited:

Ulenspiegel

macrumors 68040
Nov 8, 2014
3,151
2,426
Land of Flanders and Elsewhere
It's a Search.yahoo.com browser hijacker. Some sites distribute these browser hijackers using a deceptive software marketing method called 'bundling' - a method that allows installation of third-party apps together with other software.

What you have to do:
1. Uninstall all the recently installed, suspicious, unknown to you extensions/add-ons in your browsers. (Like: "Amazon Shopping Assistant by Spigot", "Domain Error Assistant", "Ebay Shopping Assistant by Spigot" and "Slick Savings").
2. Reset the search engine in your browsers to Google and your homepage back to your preferred one.
3. Download and install EasyFind to look for leftovers (optional).

Good luck.
 

Sossity

macrumors 65816
Original poster
May 12, 2010
1,057
12
It's a Search.yahoo.com browser hijacker. Some sites distribute these browser hijackers using a deceptive software marketing method called 'bundling' - a method that allows installation of third-party apps together with other software.

What you have to do:
1. Uninstall all the recently installed, suspicious, unknown to you extensions/add-ons in your browsers. (Like: "Amazon Shopping Assistant by Spigot", "Domain Error Assistant", "Ebay Shopping Assistant by Spigot" and "Slick Savings").
2. Reset the search engine in your browsers to Google and your homepage back to your preferred one.
3. Download and install EasyFind to look for leftovers (optional).

Good luck.
Thank you, I think I already have easy find, what would I type in for it to look for?
 

Sossity

macrumors 65816
Original poster
May 12, 2010
1,057
12
Sossity, have you done all the steps in my post? It is important to uninstall all the suspicious extensions from all your browsers.
Please try with the name of the browser extensions that you have uninstalled.
Yes, I did, there were no suspicious extensions, all looked normal.
 

Sossity

macrumors 65816
Original poster
May 12, 2010
1,057
12
macOS as well as Windows aren't immune to the user not reading stuff carefully while installing software. It's not the OS's fault.
OK, now that you have finished shaking and pointing your finger at me, yes I goofed, now you can leave my thread now, your comment is of no help, just to gloat and hear yourself, feel better now? trying to make me feel dumb? I have since fixed the problem thank you very much.

good bye!
[doublepost=1491361812][/doublepost]
Ok, then.
Nevertheless run Malwarebytes one more time (update before doing it).
Ran it again, found nothing so far fingers crossed it seems OK now. Thank you for your help.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.