Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Please Help - My MacBook Pro has Malware

D

DodgeV83

macrumors 6502a
Feb 8, 2012
879
6
Merkava_4 said:
Yes sir, just that one site. I took the computer into the Fresno Apple store. The Genius said there's nothing they can do about it, but he did say my hard drive is OK and that it's not infected. He thinks the site is hacked, but when I explained to him that it only happens to me and nobody else on that site, he had no answer for that.

I tried disabling java script in Safari; no affect. I've also changed my Yahoo mail password and the computer's admin password; no affect. :cool:
Click to expand...

Changing passwords won't affect it, as the browser does not need these credentials to send your OS the command to start an email in the default mail app.

This is definitely not malware, do not worry.

If you provide a link to the forum I can investigate further, I don't see it posted here.
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,545
943
throAU said:
If it looks like malware, and it acts like malware, guess what: it's malware.

DNS settings don't change themselves.
Click to expand...
The OP's DNS servers were not changed. It is definitely not malware. That was confirmed at the Apple store.
 
Weaselboy

Weaselboy

Moderator
Staff member
Jan 23, 2005
34,126
15,586
California
Merkava_4 said:
Yes sir, just that one site. I took the computer into the Fresno Apple store. The Genius said there's nothing they can do about it, but he did say my hard drive is OK and that it's not infected. He thinks the site is hacked, but when I explained to him that it only happens to me and nobody else on that site, he had no answer for that.

I tried disabling java script in Safari; no affect. I've also changed my Yahoo mail password and the computer's admin password; no affect. :cool:
Click to expand...

Looking at all the info here, particularly the fact this happens on a second computer you have, I would have to conclude it is the fault of the forum/site you are trying to access and nothing is wrong with your computer. Sounds like the forum admin at that site is in denial. :)
 
Irock619

Irock619

macrumors 68000
Sep 16, 2011
1,788
293
San Francisco, CA
Merkava_4 said:
Yes sir, the same thing happens on all browsers. The only way around that malware is to abandon the forum account and start a new one.
Click to expand...

Can you please send me the website link? I want to check it out. Also I just read the forum rules and no where does it state that you can't post links.
 
M

Merkava_4

macrumors 6502a
Original poster
Sep 4, 2010
698
89
California
I think I may have found the problem. Apparently, the malware is an add-on software available to forum site owners who use vBulletin. I was given the link below from a forum administrator on one of the forums I visit. Not the same forum I'm having the trouble with. If you click on the link, it should be fairly apparent what's going on.

http://www.vbulletin.org/forum/showthread.php?t=254328

Irock619, I will send you a link to the site in a PM right now.
 
Irock619

Irock619

macrumors 68000
Sep 16, 2011
1,788
293
San Francisco, CA
Merkava_4 said:
I think I may have found the problem. Apparently, the malware is an add-on software available to forum site owners who use vBulletin. I was given the link below from a forum administrator on one of the forums I visit. Not the same forum I'm having the trouble with. If you click on the link, it should be fairly apparent what's going on.

http://www.vbulletin.org/forum/showthread.php?t=254328

Irock619, I will send you a link to the site in a PM right now.
Click to expand...

Thanks. I didn't have any problem visiting the site you gave me. Looks like somebody might be jerking your chain :)
 
M

Merkava_4

macrumors 6502a
Original poster
Sep 4, 2010
698
89
California
Irock619 said:
Thanks. I didn't have any problem visiting the site you gave me. Looks like somebody might be jerking your chain :)
Click to expand...

That would be the forum administrator of that site. I'm thinking Apple needs a software update to address this vBulletin malware issue.
 
munkery

munkery

macrumors 68020
Dec 18, 2006
2,217
1
This seems like a man-in-the-middle attack that uses DNS spoofing to redirect you to a spoofed version of that forum with malicious scripts embedded in the spoofed page or injects malicious scripts into the actual page because the page includes an XSS vulnerability.

A mitm attack would explain why only you're affected. It would also explain why no other solution has been effective.

What kind of network are you using? Wireless?

If wireless, is it WEP or WPA?

----------
Merkava_4 said:
That would be the forum administrator of that site. I'm thinking Apple needs a software update to address this vBulletin malware issue.
Click to expand...

If this is being done on the server side, no update from Apple will fix the issue.
 
Last edited:
derbothaus

derbothaus

macrumors 601
Jul 17, 2010
4,093
30
^^^This. Server problem or intentional. You can't do anything if they want you gone or annoyed. Apple can't, you can't. Unless of course you attack and hack their servers.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom