Warning: IRP Hook virus on Macs

Discussion in 'macOS' started by Edgar Spayce, Aug 14, 2015.

  1. Edgar Spayce macrumors regular

    Joined:
    Jun 2, 2015
    #1
    Hi, so I've been using Macs for 15 years and never have I ever had any Windows-like virus, the kind that get deep into your system without you knowing, is hard to remove and can ****-up your computer.

    Yesterday my browsers (all of them) started acting weird: every link I clicked was highjacked by adware, especially an "Iphone for 1$/€ by RockyFrogger" scam was popping-up.

    When I looked it up I found very little information, until I stumble on someone who knew exactly what it was: apparently this not a regular adware but a very dangerous IRP Hook, that can modify the kernel, make your computer vulnerable and steal your data.

    So I'm searching for solutions, I haven't updated to 10.10.5 yet, but I suspect this sudden and urgent update might be a fix to that (given that apparently it installs itself through DNS vulnerabilities), but I'm not sure it fixes that, and so far I've found to tool to remove it.

    Any solutions?
     
  2. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #2
    There's no evidence that this is anything more than a simple browser extension.
    Have you run any sort of malware detection?
     
  3. Edgar Spayce thread starter macrumors regular

    Joined:
    Jun 2, 2015
    #3
    Yes, and I have deactivated all my extensions. I prefer to trust the guy who seems to knew his topic, on this scam that may have not hit lots of people yet.
     
  4. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #4
    Where are the links to this, then?
     
  5. Edgar Spayce thread starter macrumors regular

    Joined:
    Jun 2, 2015
    #5
    This is very recent so I haven't found much information but this article http://www.lefigaro.fr/secteur/high...ux-fausses-promos-qui-peuvent-couter-cher.php

    And if you look in the comment someones rightfully describes the symptoms and solutions. Two of my friends have the same problems.

    But for it seems to have stopped, and I don't know how. So it might not be a trojan virus although apparently it was describe as a particular one, and I did witness it and couldn't stop it from happening no matter what I did on my browsers.
     

Share This Page