Hey there! Sign in to join this conversationNew here? Join for free

Help, virus on my macbook?? Watch

    • Thread Starter
    Offline

    2
    ReputationRep:
    What I initially thought I had downloaded- Mac cleaning os application turned out to be something different. Ever since downloading the application, when I'm on the internet and go to a new tab to use the search engine it, it isn't google but instead some this- 'http://thesmartsearch.net/search?p=acp11&q=tsr' .. I'm at my wits end!!

    On top of all this, I'll be browsing on the internet and if I click on something a random tab will open advertising a load of crap. When I exit from this window it actually asks me do I want to leave the page instead of automatically shutting down.

    I have my safari preferences set to nothing- like no specific search engine.

    I downloaded AdwareMedic to try and rectify the situation. It had some files when I allowed the scan to go through and then I deleted them thinking the problem would go but I still have the search engine problem and random tabs opening up/changing to random pages.

    I have no idea what to do at this stage!! Please help, it would be great to hear from people who have encountered the same problem and how they fixed it.

    Thanks so much!!
    Offline

    16
    ReputationRep:
    Youd be best to do a fresh install of OS X. Move all of your important files off into a portable hard drive and boot your Mac into the recovery partition and do a fresh install of OS X
    Offline

    18
    ReputationRep:
    (Original post by marco14196)
    Youd be best to do a fresh install of OS X. Move all of your important files off into a portable hard drive and boot your Mac into the recovery partition and do a fresh install of OS X
    Well that's one lengthy way of approaching the problem :rofl:
    Offline

    1
    ReputationRep:
    factory reset.
    Offline

    16
    ReputationRep:
    (Original post by Binary Freak)
    Well that's one lengthy way of approaching the problem :rofl:
    Lengthy yes but it will ensure that no traces of a virus or malware remain in the system drive. Also as a warning, if you have thunderbolt ports, dont let anyone put anything of theirs into that port. A piece of malware has been getting about the place that uses Thunderbolt as a very low level means of accessing the system and installs malware into the boot ROM of the Mac. Same thing can go for USB drives, on Mac or PC. Malware can be installed into the vulnerable firmware of any USB device and there is no means of fixing this issue until a new UsB standard launches. So just be careful about letting other people putting a USB device into your PC.
    • Thread Starter
    Offline

    2
    ReputationRep:
    (Original post by G8D)
    Was it MacKeeper?
    Yess! I think it was! it had like an animated Mac cleaning animation thing... Have you encountered it??
    • Thread Starter
    Offline

    2
    ReputationRep:
    (Original post by marco14196)
    Youd be best to do a fresh install of OS X. Move all of your important files off into a portable hard drive and boot your Mac into the recovery partition and do a fresh install of OS X

    How long would this take - am I basically restarting my mac?
    Offline

    16
    ReputationRep:
    (Original post by NicolaM)
    How long would this take - am I basically restarting my mac?
    Well it wouldnt take too long, especially if the Mac is using an SSD. Make sure you take all personal files off the Mac and keep them safe.
    Heres Apples official line on how to do it. If you can remove the malware without a fresh wipe, this method shouldnt be necessary but you have to be careful incase malware has been installed elsewhere in the system

    http://support.apple.com/en-gb/HT4718
    Offline

    18
    ReputationRep:
    (Original post by marco14196)
    Lengthy yes but it will ensure that no traces of a virus or malware remain in the system drive. Also as a warning, if you have thunderbolt ports, dont let anyone put anything of theirs into that port. A piece of malware has been getting about the place that uses Thunderbolt as a very low level means of accessing the system and installs malware into the boot ROM of the Mac. Same thing can go for USB drives, on Mac or PC. Malware can be installed into the vulnerable firmware of any USB device and there is no means of fixing this issue until a new UsB standard launches. So just be careful about letting other people putting a USB device into your PC.
    Yeah it does ensure no traces.. In some respects.

    Though this 'virus'.. Not really much of a virus.. Just a browser hijack (Hence why it doesn't appear in preferences). Usually best way to get rid of these is to just go to add.remove programs (You MAC users don't get this - But you can use AppTrap I believe) and to look for the SmartSearch.net extension and remove it from there.. Then an AV (Preferably Malwarbytes.. You don't get this either ) But I suppose any other decent one would suffice to get rid of the final remains.. Then finish the job with AdwCleaner/AdwareMedic.

    You Mac users don't get the best sense of security tbh :sad:

    As for the Thunderbolt.. Very rarely that malware (Particularly browser hijackers) will access the system on a low-level.. Could be wrong on this though.. But never have I seen malware do such things, and contrary to the belief of many people I do purposefully install malware onto my PC for the enjoyment of being able to reverse engineer it, and understand how it interacts with the computer

    I might install Mac OS on a VM later just to see what I can come up with on this problem


    (Original post by NicolaM)
    Spoiler:
    Show
    What I initially thought I had downloaded- Mac cleaning os application turned out to be something different. Ever since downloading the application, when I'm on the internet and go to a new tab to use the search engine it, it isn't google but instead some this- 'http://thesmartsearch.net/search?p=acp11&q=tsr' .. I'm at my wits end!!

    On top of all this, I'll be browsing on the internet and if I click on something a random tab will open advertising a load of crap. When I exit from this window it actually asks me do I want to leave the page instead of automatically shutting down.

    I have my safari preferences set to nothing- like no specific search engine.

    I downloaded AdwareMedic to try and rectify the situation. It had some files when I allowed the scan to go through and then I deleted them thinking the problem would go but I still have the search engine problem and random tabs opening up/changing to random pages.

    I have no idea what to do at this stage!! Please help, it would be great to hear from people who have encountered the same problem and how they fixed it.

    Thanks so much!!
    As much as I dislike and disagree with factory default or whatever as a first step.. But it might be best given that you've probably downloaded it with a pain in the *** application that'd take quite a bit of understanding to remove - Well, it probably doesn't but admittedly my understanding of Mac OS is not even close to Windows

    Also what program did you install? To have such problems if you don't mind me asking?
    Offline

    16
    ReputationRep:
    (Original post by Binary Freak)
    Yeah it does ensure no traces.. In some respects.

    Though this 'virus'.. Not really much of a virus.. Just a browser hijack (Hence why it doesn't appear in preferences). Usually best way to get rid of these is to just go to add.remove programs (You MAC users don't get this - But you can use AppTrap I believe) and to look for the SmartSearch.net extension and remove it from there.. Then an AV (Preferably Malwarbytes.. You don't get this either ) But I suppose any other decent one would suffice to get rid of the final remains.. Then finish the job with AdwCleaner/AdwareMedic.


    You Mac users don't get the best sense of security tbh :sad:

    As for the Thunderbolt.. Very rarely that malware (Particularly browser hijackers) will access the system on a low-level.. Could be wrong on this though.. But never have I seen malware do such things, and contrary to the belief of many people I do purposefully install malware onto my PC for the enjoyment of being able to reverse engineer it, and understand how it interacts with the computer

    I might install Mac OS on a VM later just to see what I can come up with on this problem




    As much as I dislike and disagree with factory default or whatever as a first step.. But it might be best given that you've probably downloaded it with a pain in the *** application that'd take quite a bit of understanding to remove - Well, it probably doesn't but admittedly my understanding of Mac OS is not even close to Windows

    Also what program did you install? To have such problems if you don't mind me asking?
    Im a Mac and Pc user btw, just clarifying that. I can agree that amac security is well.... ehhh. Low marketshare keeps it relatively safe in terms of number of users but its not brilliant security wise. Windows isnt either but at least I have a wide choice of anti virus software available and booting off a recovery partition will always save me a headache if my Windows partition is compromised by a virus. My preferred method of removing malware, spyware or any of that type of stuff is usually just nuke the entire drive and reinstall Windows or to go off a recovery ISO on a portable drive
    Offline

    18
    ReputationRep:
    (Original post by marco14196)
    Im a Mac and Pc user btw, just clarifying that. I can agree that amac security is well.... ehhh. Low marketshare keeps it relatively safe in terms of number of users but its not brilliant security wise. Windows isnt either but at least I have a wide choice of anti virus software available and booting off a recovery partition will always save me a headache if my Windows partition is compromised by a virus. My preferred method of removing malware, spyware or any of that type of stuff is usually just nuke the entire drive and reinstall Windows or to go off a recovery ISO on a portable drive
    It does yeah, as for windows I suppose the security on it isn't great either due to how widely used it is, but you can edit registry values (HKEY), and it has the best compatibility with Malwarebytes.

    Another issue with Mac is they install everything as libraries (I think), and sometimes when you install an application on it, all third part crap just usually gets clumped in with it (I think again :P)
    Offline

    16
    ReputationRep:
    (Original post by Binary Freak)
    It does yeah, as for windows I suppose the security on it isn't great either due to how widely used it is, but you can edit registry values (HKEY), and it has the best compatibility with Malwarebytes.

    Another issue with Mac is they install everything as libraries (I think), and sometimes when you install an application on it, all third part crap just usually gets clumped in with it (I think again :P)
    Im not a security expert but I always keep my eyes out on new malware that releases out into the web. Ive never even touched the Windows registry, partially because its a mess and I fear I will mess something up in it
    Offline

    18
    ReputationRep:
    (Original post by marco14196)
    Im not a security expert but I always keep my eyes out on new malware that releases out into the web. Ive never even touched the Windows registry, partially because its a mess and I fear I will mess something up in it
    I'm not an expert as such.. But I do enjoy fiddling around with malware.. It's a little hobby of mine and it might be my FYP (Malware Engineering or something)

    As for registry, it is very very very easy to screw up when you first get started, especially without a guide, but you eventually learn what to look for as time goes by
    • Thread Starter
    Offline

    2
    ReputationRep:
    Hey guys, sorry for taking so long to get back to you but I think I've solved the problem

    Basically, I used the AdwareMedic to detect the application and get rid of this. Once it did that I was still having issues on the internet as pop-ups were happening. I've found the problem and solution for this.
    Basically, each time I used google/typing something in the search bar to go onto a website I used whilst the virus was there, it was reusing this website from my bookmarks/history. I then just deleted my history therefore starting fresh. No problems now.

    Thank you all for your help anyhow!
    Offline

    3
    ReputationRep:
    For each browser it is happening...

    Disable or delete all your extensions.

    Go to settings and reset all homepages and search engines to something sensible.

    Restart your browser.

    I had this on Chrome. This seemed to fix it.

    I think I must have installed a malicious extension. It may have been one that pretended to be Google Hangouts.
    • Thread Starter
    Offline

    2
    ReputationRep:
    (Original post by noobynoo)
    For each browser it is happening...

    Disable or delete all your extensions.

    Go to settings and reset all homepages and search engines to something sensible.

    Restart your browser.

    I had this on Chrome. This seemed to fix it.

    I think I must have installed a malicious extension. It may have been one that pretended to be Google Hangouts.
    Yea I took it off my preferences at the very beginning as it was set as that on safari.

    I just deleted my history and bookmarks because it was reusing these website links when I wanted to used the same website as I had visited when I had the virus.

    It's all fixed now- thank you though
 
 
 
  • See more of what you like on The Student Room

    You can personalise what you see on TSR. Tell us a little about yourself to get started.

  • Poll
    Has a teacher ever helped you cheat?
    Useful resources
    AtCTs

    Ask the Community Team

    Got a question about the site content or our moderation? Ask here.

    Welcome Lounge

    Welcome Lounge

    We're a friendly bunch. Post here if you're new to TSR.

    Groups associated with this forum:

    View associated groups
  • See more of what you like on The Student Room

    You can personalise what you see on TSR. Tell us a little about yourself to get started.

  • The Student Room, Get Revising and Marked by Teachers are trading names of The Student Room Group Ltd.

    Register Number: 04666380 (England and Wales), VAT No. 806 8067 22 Registered Office: International House, Queens Road, Brighton, BN1 3XE

    Write a reply...
    Reply
    Hide
    Reputation gems: You get these gems as you gain rep from other members for making good contributions and giving helpful advice.