Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

my mac has a virus

S

Sossity

macrumors 65816
Original poster
May 12, 2010
1,360
32
I recently installed Citrix receiver, and filezilla on my mac, and I think one or both of them installed yahoo search as my default engine.

Every browser I open defaults to yahoo no matter what I do; I have gone into preferences, no suspicious extensions, cleared cookies, cache, restarted the same thing.

I uninstalled filezilla, and now when ever I open a browser, i get no internet connection, because it cannot find and default to yahoo search.

I wanted google to be my main search for my browsers.
 
Not reading and unchecking a box from internet app installation is certainly how to destroy your Mac. By definition it would not be a virus, as it cannot self replicate within the *nix architecture.

Read the small print when installing stuff, or instead of being annoying it could pass all of your keystrokes to a foreign party. Checking on your bank balance, logging into iTunes, ect could prove quite expensive in the worst case or just permanently destroy your computer in the best case.
 
gnasher729 said:
So from the start, you tell us that you don't have a virus, you don't even suspect you have a virus. So could you please change the thread title?
Click to expand...
I am not sure how to do that after the post has been up awhile.
[doublepost=1490757640][/doublepost]OK, to some, I know I goofed here, i don't need to be chastised, so if you can't offer actual helpful answers, don't respond. So according to one here, my computer is destroyed, so what do I do with it now? burn it?

I think I sorted it out anyways, I just went in created another administer account and deleted that account and made a fresh one, my browsers are normal now.
 
  • Like
Reactions: GGJstudios
Sossity said:
if you can't offer actual helpful answers, don't respond. So according to one here, my computer is destroyed, so what do I do with it now? burn it?

I think I sorted it out anyways, I just went in created another administer account and deleted that account and made a fresh one, my browsers are normal now.
Click to expand...
Hi,

you did not need to do this.

The actual "helpful answer" was in post #3 : the "thing" that installed yahoo search as default engine is an adware/malware.

What you needed to do is exactly this :

1. install and run MalwareBytes to get rid of your malware(s)

2. go to the browser(s) Preferences to set back your default engine to what you want
[doublepost=1490775147][/doublepost]And remember this : your crapwares are installed at root level.

So, if you don't remove them now, they will continue their "work" in your new account...
 
  • Like
Reactions: Ryndom and Goatllama
Sossity said:
...So according to one here, my computer is destroyed, so what do I do with it now? burn it?
Click to expand...
My mistake for the poor wording. I should have added can be destroyed. Script kiddies will package load destructive code into 'freebie' apps. It is this reason we like *nix ( mac / ubuntu ) operating systems and the security of the Apple Store. Prevents us from making silly mistakes and having to worry about silly people, for the most part.

Still requires a little bit of a sanity check on our part as users, but far safer than the wild west.

Most of the 'bad' stuff that can be added to a mac can be cleaned off with Malwarebytes. Be sure to get it from a safe location as those same bad people repackage MalwareBytes with keyloggers inside.

For example
Do not download from a mirror site like this one:
http://ccm.net/download/download-105-malwarebytes-anti-malware

Download from the main site:
https://www.malwarebytes.com/

PS. Be careful the bad guys often buy up the top level domains and spam malware out. For example, malwarebytes.co or malwarebytes.us or malwarebytes.net could be purchased by you for as little as $6.88US. You could then create a very similar front page and catch quite a few people into downloading spamware software to their computers.
 
  • Like
Reactions: Goatllama
Sossity said:
I am not sure how to do that after the post has been up awhile.
[doublepost=1490757640][/doublepost]OK, to some, I know I goofed here, i don't need to be chastised, so if you can't offer actual helpful answers, don't respond. So according to one here, my computer is destroyed, so what do I do with it now? burn it?

I think I sorted it out anyways, I just went in created another administer account and deleted that account and made a fresh one, my browsers are normal now.
Click to expand...
And yet you continue. There are plenty of correct answers, yet you pick the one that requires you to wear a tin foil hat. Good job.
 
Sossity said:
I am not sure how to do that after the post has been up awhile.
Click to expand...
To edit the thread title, click the gear icon at the top of this thread. It's above the first post, to the right, beside "Most Liked Posts". On the dropdown list you will see "Edit Title".
 
T'hain Esh Kelch said:
And yet you continue. There are plenty of correct answers, yet you pick the one that requires you to wear a tin foil hat. Good job.
Click to expand...

what the heck are you talking about? go away with smart remarks if you cant be helpful. I was not asking you, unlike the others you are of no help but being trollish.

And yes that hat looks quite good thank you.

I continue yes, I have been a member here for a while, so I think I am allowed to get some feedback, and I am working on the suggestions. So don't tell me off.
[doublepost=1490899922][/doublepost]
960design said:
My mistake for the poor wording. I should have added can be destroyed. Script kiddies will package load destructive code into 'freebie' apps. It is this reason we like *nix ( mac / ubuntu ) operating systems and the security of the Apple Store. Prevents us from making silly mistakes and having to worry about silly people, for the most part.

Still requires a little bit of a sanity check on our part as users, but far safer than the wild west.

Most of the 'bad' stuff that can be added to a mac can be cleaned off with Malwarebytes. Be sure to get it from a safe location as those same bad people repackage MalwareBytes with keyloggers inside.

For example
Do not download from a mirror site like this one:
http://ccm.net/download/download-105-malwarebytes-anti-malware

Download from the main site:
https://www.malwarebytes.com/

PS. Be careful the bad guys often buy up the top level domains and spam malware out. For example, malwarebytes.co or malwarebytes.us or malwarebytes.net could be purchased by you for as little as $6.88US. You could then create a very similar front page and catch quite a few people into downloading spamware software to their computers.
Click to expand...

Thanks for the links and info, I downloaded the app. Little disappointing, I though macs were immune to this sort of thing, it just like a windows machine then.
 
Last edited:
It's a Search.yahoo.com browser hijacker. Some sites distribute these browser hijackers using a deceptive software marketing method called 'bundling' - a method that allows installation of third-party apps together with other software.

What you have to do:
1. Uninstall all the recently installed, suspicious, unknown to you extensions/add-ons in your browsers. (Like: "Amazon Shopping Assistant by Spigot", "Domain Error Assistant", "Ebay Shopping Assistant by Spigot" and "Slick Savings").
2. Reset the search engine in your browsers to Google and your homepage back to your preferred one.
3. Download and install EasyFind to look for leftovers (optional).

Good luck.
 
  • Like
Reactions: Goatllama and hobowankenobi
Ulenspiegel said:
It's a Search.yahoo.com browser hijacker. Some sites distribute these browser hijackers using a deceptive software marketing method called 'bundling' - a method that allows installation of third-party apps together with other software.

What you have to do:
1. Uninstall all the recently installed, suspicious, unknown to you extensions/add-ons in your browsers. (Like: "Amazon Shopping Assistant by Spigot", "Domain Error Assistant", "Ebay Shopping Assistant by Spigot" and "Slick Savings").
2. Reset the search engine in your browsers to Google and your homepage back to your preferred one.
3. Download and install EasyFind to look for leftovers (optional).

Good luck.
Click to expand...

Thank you, I think I already have easy find, what would I type in for it to look for?
 
Ulenspiegel said:
Sossity, have you done all the steps in my post? It is important to uninstall all the suspicious extensions from all your browsers.
Please try with the name of the browser extensions that you have uninstalled.
Click to expand...

Yes, I did, there were no suspicious extensions, all looked normal.
 
Rok73 said:
macOS as well as Windows aren't immune to the user not reading stuff carefully while installing software. It's not the OS's fault.
Click to expand...

OK, now that you have finished shaking and pointing your finger at me, yes I goofed, now you can leave my thread now, your comment is of no help, just to gloat and hear yourself, feel better now? trying to make me feel dumb? I have since fixed the problem thank you very much.

good bye!
[doublepost=1491361812][/doublepost]
Ulenspiegel said:
Ok, then.
Nevertheless run Malwarebytes one more time (update before doing it).
Click to expand...
Ran it again, found nothing so far fingers crossed it seems OK now. Thank you for your help.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back