Please Help - My MacBook Pro has Malware

[DodgeV83]

Yes sir, just that one site. I took the computer into the Fresno Apple store. The Genius said there's nothing they can do about it, but he did say my hard drive is OK and that it's not infected. He thinks the site is hacked, but when I explained to him that it only happens to me and nobody else on that site, he had no answer for that.

I tried disabling java script in Safari; no affect. I've also changed my Yahoo mail password and the computer's admin password; no affect.

Changing passwords won't affect it, as the browser does not need these credentials to send your OS the command to start an email in the default mail app.

This is definitely not malware, do not worry.

If you provide a link to the forum I can investigate further, I don't see it posted here.

 

[Merkava_4]

If you provide a link to the forum I can investigate further, I don't see it posted here.

I will send you the link in a PM because it's against forum rules to post links to other forums. Thanks for trying to help.

 

[throAU]

If it looks like malware, and it acts like malware, guess what: it's malware.

DNS settings don't change themselves.

 

[alphaod]

I will send you the link in a PM because it's against forum rules to post links to other forums. Thanks for trying to help.

How is it against forum rules to post a link to another forum?

 

[GGJstudios]

If it looks like malware, and it acts like malware, guess what: it's malware.

DNS settings don't change themselves.

The OP's DNS servers were not changed. It is definitely not malware. That was confirmed at the Apple store.

 

[Weaselboy]

Yes sir, just that one site. I took the computer into the Fresno Apple store. The Genius said there's nothing they can do about it, but he did say my hard drive is OK and that it's not infected. He thinks the site is hacked, but when I explained to him that it only happens to me and nobody else on that site, he had no answer for that.

I tried disabling java script in Safari; no affect. I've also changed my Yahoo mail password and the computer's admin password; no affect.

Looking at all the info here, particularly the fact this happens on a second computer you have, I would have to conclude it is the fault of the forum/site you are trying to access and nothing is wrong with your computer. Sounds like the forum admin at that site is in denial.

 

[metier]

Have you tried a different browser, like chrome

 

[Merkava_4]

Have you tried a different browser, like chrome

Yes sir, the same thing happens on all browsers. The only way around that malware is to abandon the forum account and start a new one.

 

[Irock619]

Yes sir, the same thing happens on all browsers. The only way around that malware is to abandon the forum account and start a new one.

Can you please send me the website link? I want to check it out. Also I just read the forum rules and no where does it state that you can't post links.

 

[Merkava_4]

I think I may have found the problem. Apparently, the malware is an add-on software available to forum site owners who use vBulletin. I was given the link below from a forum administrator on one of the forums I visit. Not the same forum I'm having the trouble with. If you click on the link, it should be fairly apparent what's going on.

http://www.vbulletin.org/forum/showthread.php?t=254328

Irock619, I will send you a link to the site in a PM right now.

 

[Irock619]

I think I may have found the problem. Apparently, the malware is an add-on software available to forum site owners who use vBulletin. I was given the link below from a forum administrator on one of the forums I visit. Not the same forum I'm having the trouble with. If you click on the link, it should be fairly apparent what's going on.

http://www.vbulletin.org/forum/showthread.php?t=254328

Irock619, I will send you a link to the site in a PM right now.

Thanks. I didn't have any problem visiting the site you gave me. Looks like somebody might be jerking your chain

 

[Merkava_4]

Thanks. I didn't have any problem visiting the site you gave me. Looks like somebody might be jerking your chain

That would be the forum administrator of that site. I'm thinking Apple needs a software update to address this vBulletin malware issue.

 

[Irock619]

That would be the forum administrator of that site. I'm thinking Apple needs a software update to address this vBulletin malware issue.

Maybe there is a way to address this on the Apple website.

 

[munkery]

This seems like a man-in-the-middle attack that uses DNS spoofing to redirect you to a spoofed version of that forum with malicious scripts embedded in the spoofed page or injects malicious scripts into the actual page because the page includes an XSS vulnerability.

A mitm attack would explain why only you're affected. It would also explain why no other solution has been effective.

What kind of network are you using? Wireless?

If wireless, is it WEP or WPA?

----------

That would be the forum administrator of that site. I'm thinking Apple needs a software update to address this vBulletin malware issue.

If this is being done on the server side, no update from Apple will fix the issue.

 

[racer1441]

Not malware, not Apple's issue.

 

[derbothaus]

^^^This. Server problem or intentional. You can't do anything if they want you gone or annoyed. Apple can't, you can't. Unless of course you attack and hack their servers.