The Student Room Group

Help, virus on my macbook??

What I initially thought I had downloaded- Mac cleaning os application turned out to be something different. Ever since downloading the application, when I'm on the internet and go to a new tab to use the search engine it, it isn't google but instead some this- 'http://thesmartsearch.net/search?p=acp11&q=tsr' .. I'm at my wits end!!

On top of all this, I'll be browsing on the internet and if I click on something a random tab will open advertising a load of crap. When I exit from this window it actually asks me do I want to leave the page instead of automatically shutting down.

I have my safari preferences set to nothing- like no specific search engine.

I downloaded AdwareMedic to try and rectify the situation. It had some files when I allowed the scan to go through and then I deleted them thinking the problem would go but I still have the search engine problem and random tabs opening up/changing to random pages.

I have no idea what to do at this stage!! Please help, it would be great to hear from people who have encountered the same problem and how they fixed it.

Thanks so much!!
Youd be best to do a fresh install of OS X. Move all of your important files off into a portable hard drive and boot your Mac into the recovery partition and do a fresh install of OS X
Original post by marco14196
Youd be best to do a fresh install of OS X. Move all of your important files off into a portable hard drive and boot your Mac into the recovery partition and do a fresh install of OS X


Well that's one lengthy way of approaching the problem :rofl:
factory reset.
Original post by Binary Freak
Well that's one lengthy way of approaching the problem :rofl:


Lengthy yes but it will ensure that no traces of a virus or malware remain in the system drive. Also as a warning, if you have thunderbolt ports, dont let anyone put anything of theirs into that port. A piece of malware has been getting about the place that uses Thunderbolt as a very low level means of accessing the system and installs malware into the boot ROM of the Mac. Same thing can go for USB drives, on Mac or PC. Malware can be installed into the vulnerable firmware of any USB device and there is no means of fixing this issue until a new UsB standard launches. So just be careful about letting other people putting a USB device into your PC.
Original post by G8D
Was it MacKeeper?


Yess! I think it was! it had like an animated Mac cleaning animation thing... :s-smilie: Have you encountered it??
Original post by marco14196
Youd be best to do a fresh install of OS X. Move all of your important files off into a portable hard drive and boot your Mac into the recovery partition and do a fresh install of OS X



How long would this take - am I basically restarting my mac?
Original post by NicolaM
How long would this take - am I basically restarting my mac?


Well it wouldnt take too long, especially if the Mac is using an SSD. Make sure you take all personal files off the Mac and keep them safe.
Heres Apples official line on how to do it. If you can remove the malware without a fresh wipe, this method shouldnt be necessary but you have to be careful incase malware has been installed elsewhere in the system

http://support.apple.com/en-gb/HT4718
Original post by marco14196
Lengthy yes but it will ensure that no traces of a virus or malware remain in the system drive. Also as a warning, if you have thunderbolt ports, dont let anyone put anything of theirs into that port. A piece of malware has been getting about the place that uses Thunderbolt as a very low level means of accessing the system and installs malware into the boot ROM of the Mac. Same thing can go for USB drives, on Mac or PC. Malware can be installed into the vulnerable firmware of any USB device and there is no means of fixing this issue until a new UsB standard launches. So just be careful about letting other people putting a USB device into your PC.


Yeah it does ensure no traces.. In some respects.

Though this 'virus'.. Not really much of a virus.. Just a browser hijack (Hence why it doesn't appear in preferences). Usually best way to get rid of these is to just go to add.remove programs (You MAC users don't get this - But you can use AppTrap I believe) and to look for the SmartSearch.net extension and remove it from there.. Then an AV (Preferably Malwarbytes.. You don't get this either :biggrin:) But I suppose any other decent one would suffice to get rid of the final remains.. Then finish the job with AdwCleaner/AdwareMedic.

You Mac users don't get the best sense of security tbh :sad:

As for the Thunderbolt.. Very rarely that malware (Particularly browser hijackers) will access the system on a low-level.. Could be wrong on this though.. But never have I seen malware do such things, and contrary to the belief of many people I do purposefully install malware onto my PC for the enjoyment of being able to reverse engineer it, and understand how it interacts with the computer :smile:

I might install Mac OS on a VM later just to see what I can come up with on this problem


Original post by NicolaM

Spoiler



As much as I dislike and disagree with factory default or whatever as a first step.. But it might be best given that you've probably downloaded it with a pain in the *** application that'd take quite a bit of understanding to remove - Well, it probably doesn't but admittedly my understanding of Mac OS is not even close to Windows :smile:

Also what program did you install? To have such problems if you don't mind me asking?
Original post by Binary Freak
Yeah it does ensure no traces.. In some respects.

Though this 'virus'.. Not really much of a virus.. Just a browser hijack (Hence why it doesn't appear in preferences). Usually best way to get rid of these is to just go to add.remove programs (You MAC users don't get this - But you can use AppTrap I believe) and to look for the SmartSearch.net extension and remove it from there.. Then an AV (Preferably Malwarbytes.. You don't get this either :biggrin:) But I suppose any other decent one would suffice to get rid of the final remains.. Then finish the job with AdwCleaner/AdwareMedic.


You Mac users don't get the best sense of security tbh :sad:

As for the Thunderbolt.. Very rarely that malware (Particularly browser hijackers) will access the system on a low-level.. Could be wrong on this though.. But never have I seen malware do such things, and contrary to the belief of many people I do purposefully install malware onto my PC for the enjoyment of being able to reverse engineer it, and understand how it interacts with the computer :smile:

I might install Mac OS on a VM later just to see what I can come up with on this problem




As much as I dislike and disagree with factory default or whatever as a first step.. But it might be best given that you've probably downloaded it with a pain in the *** application that'd take quite a bit of understanding to remove - Well, it probably doesn't but admittedly my understanding of Mac OS is not even close to Windows :smile:

Also what program did you install? To have such problems if you don't mind me asking?


Im a Mac and Pc user btw, just clarifying that. I can agree that amac security is well.... ehhh. Low marketshare keeps it relatively safe in terms of number of users but its not brilliant security wise. Windows isnt either but at least I have a wide choice of anti virus software available and booting off a recovery partition will always save me a headache if my Windows partition is compromised by a virus. My preferred method of removing malware, spyware or any of that type of stuff is usually just nuke the entire drive and reinstall Windows or to go off a recovery ISO on a portable drive
Original post by marco14196
Im a Mac and Pc user btw, just clarifying that. I can agree that amac security is well.... ehhh. Low marketshare keeps it relatively safe in terms of number of users but its not brilliant security wise. Windows isnt either but at least I have a wide choice of anti virus software available and booting off a recovery partition will always save me a headache if my Windows partition is compromised by a virus. My preferred method of removing malware, spyware or any of that type of stuff is usually just nuke the entire drive and reinstall Windows or to go off a recovery ISO on a portable drive

It does yeah, as for windows I suppose the security on it isn't great either due to how widely used it is, but you can edit registry values (HKEY), and it has the best compatibility with Malwarebytes.

Another issue with Mac is they install everything as libraries (I think), and sometimes when you install an application on it, all third part crap just usually gets clumped in with it (I think again :P)
Original post by Binary Freak
It does yeah, as for windows I suppose the security on it isn't great either due to how widely used it is, but you can edit registry values (HKEY), and it has the best compatibility with Malwarebytes.

Another issue with Mac is they install everything as libraries (I think), and sometimes when you install an application on it, all third part crap just usually gets clumped in with it (I think again :P)


Im not a security expert but I always keep my eyes out on new malware that releases out into the web. Ive never even touched the Windows registry, partially because its a mess and I fear I will mess something up in it
Original post by marco14196
Im not a security expert but I always keep my eyes out on new malware that releases out into the web. Ive never even touched the Windows registry, partially because its a mess and I fear I will mess something up in it


I'm not an expert as such.. But I do enjoy fiddling around with malware.. It's a little hobby of mine and it might be my FYP (Malware Engineering or something)

As for registry, it is very very very easy to screw up when you first get started, especially without a guide, but you eventually learn what to look for as time goes by :biggrin:
Hey guys, sorry for taking so long to get back to you but I think I've solved the problem :smile:

Basically, I used the AdwareMedic to detect the application and get rid of this. Once it did that I was still having issues on the internet as pop-ups were happening. I've found the problem and solution for this.
Basically, each time I used google/typing something in the search bar to go onto a website I used whilst the virus was there, it was reusing this website from my bookmarks/history. I then just deleted my history therefore starting fresh. No problems now.

Thank you all for your help anyhow! :biggrin:
For each browser it is happening...

Disable or delete all your extensions.

Go to settings and reset all homepages and search engines to something sensible.

Restart your browser.

I had this on Chrome. This seemed to fix it.

I think I must have installed a malicious extension. It may have been one that pretended to be Google Hangouts.
Original post by noobynoo
For each browser it is happening...

Disable or delete all your extensions.

Go to settings and reset all homepages and search engines to something sensible.

Restart your browser.

I had this on Chrome. This seemed to fix it.

I think I must have installed a malicious extension. It may have been one that pretended to be Google Hangouts.


Yea I took it off my preferences at the very beginning as it was set as that on safari.

I just deleted my history and bookmarks because it was reusing these website links when I wanted to used the same website as I had visited when I had the virus.

It's all fixed now- thank you though :smile:

Quick Reply

Latest