Safari Virus

Discussion in 'Mac Apps and Mac App Store' started by lampliter, Nov 10, 2014.

  1. lampliter macrumors member

    Joined:
    Feb 28, 2008
    #1
    I think I have a virus in Safari. I can not change my default search engine and I constantly get the Mackeeper and some other mac virus scan software popping up all the time. I know how to reset the default search but i have tried everything and nothing will keep yahoo from being my default engine. Driving me crazy. I updated from mavericks to yosemity last night but problem existed in both OS.
     
  2. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #2
    It sounds like you got some adware installed on there. Go to the Safari menu then "clear history and website data" and from there clear everything.

    Then run this adware scanning tool to see what it finds.
     
  3. lampliter thread starter macrumors member

    Joined:
    Feb 28, 2008
    #3
    I did what you said but my mac won't let me install the program you directed me to. I downloaded it but a pop up says i Cant install because it doesn't know where it is from or something. I used clamex and it found nothing.
     
  4. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #4
    Go to System Preferences > Security & Privacy > General and select to allow the app to be installed.

    You don't have a virus, as there has never been an OS X virus in the wild. You either have adware (most likely) or you're simply encountering pop-up ads on websites. A good ad-blocker will take care of the latter.
     
  5. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #5
    Just right click on the app and select open then follow the prompts.
     
  6. T'hain Esh Kelch macrumors 601

    T'hain Esh Kelch

    Joined:
    Aug 5, 2001
    Location:
    Denmark
    #6
    And get rid of MacKeeper, it does way more harm than good.
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    If I understand correctly, the OP doesn't have MacKeeper installed. They're simply getting pop-up ads for it.
     
  8. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #8
    I don't believe OP has installed MacKeeper... it sounds like just MacKeeper ad popups.
     
  9. lampliter thread starter macrumors member

    Joined:
    Feb 28, 2008
    #9
    Ya I don't have mackeeper. I tried the program, its only the free version and it didn't fix anything. All the popups are for mac scanning software. My friend said it was the hidden preferences in divx i downloaded last night. I might down load it again and set the preferences back.
     
  10. T'hain Esh Kelch macrumors 601

    T'hain Esh Kelch

    Joined:
    Aug 5, 2001
    Location:
    Denmark
    #10
    Are you sure you got rid of Mackeeper? I believe it is notoriously hard to get rid of.
     
  11. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #11
    Make sure it's completely uninstalled. The most effective method for complete app removal is manual deletion:
     
  12. lampliter thread starter macrumors member

    Joined:
    Feb 28, 2008
    #12
    I have never ever had mackeeper. I tried the program that weaselboy said to try. Thats not the point though. The mackeeper is just one of the popups I'm getting. The point is that I can in no way change the search engine from yahoo.
     
  13. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #13

    Did the adware scanner program find anything? Many of the adware programs lock you to a homepage like that. Also check for any new extensions you may have installed as that can also cause this.
     
  14. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #14
    The confusion came from this statement:
    It could be interpreted that you tried MacKeeper.

    Remove all Safari extensions, then reset Safari, clearing your cache and cookies. Reset your home page to www.bing.com.

    Check the following locations for apps that automatically launch on startup and delete any you don't need/want:
    • System Preferences > Users & Groups > yourusername > Login Items (SL and older: System Preferences > Accounts > yourusername > Login Items)
    • In Finder, click Go > Go to Folder > /Library/LaunchAgents
    • In Finder, click Go > Go to Folder > ~/Library/LaunchAgents
    • In Finder, click Go > Go to Folder > /Library/StartupItems

    Now restart your Mac.

    Launch Safari and see if you can change the search engine. Check to see if you have the same symptoms. If not, re-install your extensions, one at a time. Test after each one to make sure the symptoms are gone.
     
  15. lampliter thread starter macrumors member

    Joined:
    Feb 28, 2008
    #15
    Sorry about the confusion GGJ, my bad. I tried what you said and still it will not stop using yahoo. I don't use extensions so none to remove and there are only 3 start up items in start up programs. Can you guys suggest a program to get rid of this. I feel like I'm on an old PC thats riddled with viruses.
     
  16. DeltaMac macrumors 604

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #16
    Did you try the AdwareMedic app?
    http://www.adwaremedic.com/index.php

    You said that your OS X was preventing that, but you can change the security to allow the download. Or, just download it, run it by right-clicking on the app, and choosing Open from the right-click menu.
    It will detect and clear out adware, if it exists on your Mac. Antivirus software, such as the ClamXav that you tried, does nothing with adware.
     
  17. lampliter thread starter macrumors member

    Joined:
    Feb 28, 2008
    #17
    This is getting crazy. Deltaic when I go to the page for the app you said to try it disappears right after the site loads. I see the home page for the app and then it vanishes right away and safari says it can't find the server. I have to fight my way through the popups just to get here.
     
  18. poiihy macrumors 68020

    poiihy

    Joined:
    Aug 22, 2014
    #18
    http://www.adwaremedic.com/AdwareMedic.dmg <- is the direct link to the download
     
  19. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #19
    I'm confused. I provided the link to the site earlier and you said you could not launch the app, then we explained how you could open it. What was the outcome of all that??

    You for sure have adware on there. Recent adware has specifically been trying to block access to the adware scanner app page to prevent you from using the app to kill their adware.

    Reboot and hold the shift key at boot. That will stop any login or startup items (like the adware) from launching. Then use the direct link to the app poiihy provided to DL the app. After you open the DMG, right click on the app then select open and follow the prompts to allow that app to run.

    Let us know what you find.

    Good call by poiihy.
     
  20. lampliter thread starter macrumors member

    Joined:
    Feb 28, 2008
    #20
    Long story short. The adwaremedic did the job. Sorry for all the confusion guys, but just getting to the macrumor forums was a real chore with all the popups and click bait. Weaselboy I did get the app you first mentioned to open up. Being the free version it only gave 2 choices of the many things it could do. Didn't work for me but if I paid for it maybe it would have. Thanks guys, now I can get some work done. First time I ever had anything on my mac like that. I need to educate myself on that crap.
     
  21. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #21
    Glad you are all fixed up. :)

    Adwaremedic is the app I originally linked. You don't need to pay to use it.

    What very likely happened is you downloaded an app from a third party site like CNet's download.com or Softonic and they embedded the adware along with the app.
     
  22. lampliter thread starter macrumors member

    Joined:
    Feb 28, 2008
    #22
    One question weasel boy. What is the point of infecting a computer with such a thing. Is it just to drive people crazy or did they expect me to buy something?
     
  23. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #23
    The latter. I guess they hope if you see enough ads you will buy the product.

    In this case, I think the hope is you will see the ads for MacKeeper and think..."Ahah... this is just what I need to get rid of this virus I seem to have" and buy MacKeeper. Here is pretty good article about it.

    It is all very confusing for computer users because it makes people afraid to download and try new apps.
     
  24. Dameatball macrumors member

    Dameatball

    Joined:
    Feb 7, 2014
    Location:
    San Francisco
    #24

    Probably unrelated to safari, you installed something. It's on your hardware
     
  25. northernmunky macrumors 6502a

    northernmunky

    Joined:
    Jan 19, 2007
    Location:
    London, Taipei
    #25
    Was it open-search.com by any chance?

    In 8 years of using Macs exclusively I've never had a virus or adware on my own Macs... but recently after finally convincing my significant other to purchase a Macbook Air, she loves it of course but after owning it for 3 weeks, I took one look and oh dear lord! The popups!!! :eek:

    Basically she went to a dodgy movie website that one of her friends told her about, download a movie which was actually a .dmg file with an 'so called' movie player inside it, which she unfortunately ran!

    Unfortunately something which to me is plainly obvious fakery, she wasn't to know... being a new user as far as she was concerned that was perfectly legit... and me thinking I was doing her a favour had turned off the 'Allow only apps from Mac App store and identified developers' in Security and Privacy...

    Anyway, long story short all her browsers were re-directed to open-search.com and was generating fake ads all over the place. After an hour of trying to work out where this code was being executed from I ended up downloading Avast! which detected all of it and cleaned up 7 infections.

    Scary situation though, been a Mac user a very long time, my GF has a Macbook for 3 weeks and :eek::eek::eek: ..so I've installed Avast! on my own MacBook now just incase these guys manage to get a bit more sophisticated... and lets be fair I torrent like a mofo!:cool:
     

Share This Page