Troubleshooting a friend's malware-infected MacBook

Discussion in 'OS X Yosemite (10.10)' started by killmoms, Mar 13, 2015.

  1. killmoms, Mar 13, 2015
    Last edited: Mar 13, 2015

    killmoms macrumors 68040

    killmoms

    Joined:
    Jun 23, 2003
    Location:
    Washington, DC
    #1
    Hi all, long-time Mac user here, but I've never had to deal with someone who inadvertently installed malware disguised as legit software before.

    I have a friend who's… not super technically-inclined, let's just say. She wanted WhatsApp on her computer for messaging people, not realizing that there is no WhatsApp desktop client for OS X. She downloaded something purporting to be WhatsApp (it's just "WhatsApp.dmg" according to her, and I'm not crazy about the idea of her opening it again to try to find out more). Now she's got "Ads by MacMin" appearing on web pages and lots of those "embedded text ads" on websites that definitely don't have them by default (like in the middle of Tumblr posts). She lives in Paris so I can't sit down in front of her machine locally and try to figure out what's going on, I'm trying to direct the cleanup operation from across the Atlantic. Google searches haven't been super-fruitful for this specific thing so I'm flying a little blind here—not even really sure what specific thing has been installed.

    What I'd like to know is if anyone has any experience with either Sophos or Avast's free virus scanner/malware removal tools. Would installing either of these likely find this mess and clean it up? Which of the two is easier to get rid of after a successful cleanup—or, alternatively, which is lighter weight to run long-term (because I don't entirely trust her not to do something like this again)? Any help would be greatly appreciated.
     
  2. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #2
    ClamXav is purported to be very good, and its free. Take a look at that one.
     
  3. smithrh macrumors 68020

    smithrh

    Joined:
    Feb 28, 2009
    #3
    If both sides have decent internet connectivity, you can use a screen-sharing service such as join.me. You'd be able to take control of her screen and address the issue remotely.

    I've found join.me easier to get running than, say, Apple's screen sharing.
     
  4. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #4
    In the vast majority of these cases, Adware Medic will resolve the issue. adwaremedic.com.
     
  5. cincygolfgrrl macrumors 6502

    cincygolfgrrl

    Joined:
    Apr 2, 2012
    Location:
    Somewhere In Time
    #5
    Adware Medic gets my vote too.
     
  6. simonsi macrumors 601

    simonsi

    Joined:
    Jan 3, 2014
    Location:
    Auckland
    #6
    Teamviewer to see whats going on then Adwaremedic. Then let us know if that hasn't sorted it but if you can get her to install Teamviewer then send you the access code you'll be able to see if there are any unusual-looking login items etc left behind...
     
  7. crjackson2134 macrumors 68020

    crjackson2134

    Joined:
    Mar 6, 2013
    Location:
    Charlotte, NC
    #7
    Im not an expert like many others here, but I would talk her through making a new user account and test to see if the problem goes away.

    A lot of these Adware issues are sometimes buried in the users account holders home directory.

    If making a new account fixes the problem, she can move her critic le data to the new account and delete the old one. If the new account doesn't help, just delete it. It's a decent diagnostic tool.

    Also make sure to check for rouge Safari extensions.

    I too give a vote for Adwaremedic.
     
  8. Julien macrumors G3

    Julien

    Joined:
    Jun 30, 2007
    Location:
    Atlanta
    #8
    Also go into System Preferences/Security & Privacy/General tab and select Allow apps downloaded from: Mac App Store. The open the App store and show here how it works so she can only get Apps through it.
     
  9. Ulenspiegel macrumors 68020

    Ulenspiegel

    Joined:
    Nov 8, 2014
    Location:
    Land of Flanders and Elsewhere
    #9
    +1 for AdwareMedic.
    After AdwareMedic I would check the extensions of her browser. If there are any that she does not use then uninstall them. Last but not least, download EasyFind (http://www.devontechnologies.com/download/products.html) (it is free) and in Search type all the keywords linked to adware. When found, delete them. Reboot.

    P.S.: Don't forget to make her install AdBlock on her computer!
     

Share This Page