Troubleshooting a friend's malware-infected MacBook

Discussion in 'OS X Yosemite (10.10)' started by killmoms, Mar 13, 2015.

  1. killmoms, Mar 13, 2015
    Last edited: Mar 13, 2015

    killmoms macrumors 68040


    Jun 23, 2003
    Washington, DC
    Hi all, long-time Mac user here, but I've never had to deal with someone who inadvertently installed malware disguised as legit software before.

    I have a friend who's… not super technically-inclined, let's just say. She wanted WhatsApp on her computer for messaging people, not realizing that there is no WhatsApp desktop client for OS X. She downloaded something purporting to be WhatsApp (it's just "WhatsApp.dmg" according to her, and I'm not crazy about the idea of her opening it again to try to find out more). Now she's got "Ads by MacMin" appearing on web pages and lots of those "embedded text ads" on websites that definitely don't have them by default (like in the middle of Tumblr posts). She lives in Paris so I can't sit down in front of her machine locally and try to figure out what's going on, I'm trying to direct the cleanup operation from across the Atlantic. Google searches haven't been super-fruitful for this specific thing so I'm flying a little blind here—not even really sure what specific thing has been installed.

    What I'd like to know is if anyone has any experience with either Sophos or Avast's free virus scanner/malware removal tools. Would installing either of these likely find this mess and clean it up? Which of the two is easier to get rid of after a successful cleanup—or, alternatively, which is lighter weight to run long-term (because I don't entirely trust her not to do something like this again)? Any help would be greatly appreciated.
  2. maflynn Moderator


    Staff Member

    May 3, 2009
    ClamXav is purported to be very good, and its free. Take a look at that one.
  3. smithrh macrumors 68020


    Feb 28, 2009
    If both sides have decent internet connectivity, you can use a screen-sharing service such as You'd be able to take control of her screen and address the issue remotely.

    I've found easier to get running than, say, Apple's screen sharing.
  4. chrfr macrumors 604

    Jul 11, 2009
    In the vast majority of these cases, Adware Medic will resolve the issue.
  5. cincygolfgrrl macrumors 6502


    Apr 2, 2012
    Somewhere In Time
    Adware Medic gets my vote too.
  6. simonsi macrumors 601


    Jan 3, 2014
    Teamviewer to see whats going on then Adwaremedic. Then let us know if that hasn't sorted it but if you can get her to install Teamviewer then send you the access code you'll be able to see if there are any unusual-looking login items etc left behind...
  7. crjackson2134 macrumors 601


    Mar 6, 2013
    Charlotte, NC
    Im not an expert like many others here, but I would talk her through making a new user account and test to see if the problem goes away.

    A lot of these Adware issues are sometimes buried in the users account holders home directory.

    If making a new account fixes the problem, she can move her critic le data to the new account and delete the old one. If the new account doesn't help, just delete it. It's a decent diagnostic tool.

    Also make sure to check for rouge Safari extensions.

    I too give a vote for Adwaremedic.
  8. Julien macrumors G4


    Jun 30, 2007
    Also go into System Preferences/Security & Privacy/General tab and select Allow apps downloaded from: Mac App Store. The open the App store and show here how it works so she can only get Apps through it.
  9. Ulenspiegel macrumors 68040


    Nov 8, 2014
    Land of Flanders and Elsewhere
    +1 for AdwareMedic.
    After AdwareMedic I would check the extensions of her browser. If there are any that she does not use then uninstall them. Last but not least, download EasyFind ( (it is free) and in Search type all the keywords linked to adware. When found, delete them. Reboot.

    P.S.: Don't forget to make her install AdBlock on her computer!

Share This Page

8 March 13, 2015