Please Help - My MacBook Pro has Malware

It's not malware. It sounds more like JavaScript on a site. First, check the URL that you're visiting to make sure it's the one you really intended to visit. Then, make sure you have ad block and popup block protection. Then clear your cache and cookies. If you haven't already done so, try changing your DNS servers on your Mac and your router to OpenDNS servers. This will show you how: Why am I being redirected to other sites?

 

Did you change your DNS settings? It's also possible that the site you're trying to reach has been compromised. What site are you trying to reach?

 

Click the "+" button in the lower left and add the two OpenDNS servers shown in the link I posted. Just follow the instructions in that link.

 

Yes.

 

Did you clear your cache and cookies? If so, try it again. Also, do you have any ad-blockers installed? A good one for managing JavaScript on Safari is JavaScript Blocker.

 

Download and install JavaScript Blocker. Use the link I posted. That will block all JavaScript on sites, until you permit it. I tested the site (of course, I couldn't log in) but found no malicious scripts there.

I run several ad-blockers. ClickToFlash, Safari AdBlock, GlimmerBlocker and JavaScript Blocker are just a few.

1. Reset Safari, clearing cache and cookies.
2. Quit Safari.
3. Delete any suspicious or unknown entries from the following locations:
   • System Preferences > Accounts > yourusername > Login Items
     (Lion and ML users: System Preferences > Users & Groups > yourusername > Login Items)
     
     
   • /Library/LaunchAgents/
     (Lion and ML users: In Finder, click Go > Go to Folder > then enter the path above)
     
     
   • ~/Library/LaunchAgents/
     (Lion and ML users: In Finder, click Go > Go to Folder > then enter the path above)
     
     
   • /Library/StartupItems/
     (Lion and ML users: In Finder, click Go > Go to Folder > then enter the path above)
4. Now log out and log back in.
5. Now try revisiting the site.

 

It's a script on that malicious site that's launching Mail, not malware.

1. Launch Activity Monitor
2. Change "My Processes" at the top to "All Processes"
3. Click on the CPU column heading once or twice, so the arrow points downward (highest values on top).
4. Click on the System Memory tab at the bottom.
5. Take a screen shot of the entire Activity Monitor window, then scroll down to see the rest of the list, take another screen shot
6. Post your screenshots.

It won't hurt to change your admin password. You can do so in System Preferences > Accounts > youraccount > Change Password

 

Post them here. Be sure you have followed all the steps in the instructions.

 

It's very nice of you to be helping out this user.

 

I see nothing there that would create the symptoms you describe or would be cause for concern. Recheck your DNS settings to make sure they still are as you last modified them. Also reset your router and use the same DNS settings there.

 

It's a case of redirection, not malware. Did you reset your router and check the DNS settings there?

 

Yikes, this thread is a bit scary. If no one knows the answer that is.
I hope it's not something we are going to start seeing.

Who knows

Let us know if you discover the culprit.