Help, virus on my macbook??

Watch
username973803
Badges: 14
Rep:
?
#1
Report Thread starter 6 years ago
#1
What I initially thought I had downloaded- Mac cleaning os application turned out to be something different. Ever since downloading the application, when I'm on the internet and go to a new tab to use the search engine it, it isn't google but instead some this- 'http://thesmartsearch.net/search?p=acp11&q=tsr' .. I'm at my wits end!!

On top of all this, I'll be browsing on the internet and if I click on something a random tab will open advertising a load of crap. When I exit from this window it actually asks me do I want to leave the page instead of automatically shutting down.

I have my safari preferences set to nothing- like no specific search engine.

I downloaded AdwareMedic to try and rectify the situation. It had some files when I allowed the scan to go through and then I deleted them thinking the problem would go but I still have the search engine problem and random tabs opening up/changing to random pages.

I have no idea what to do at this stage!! Please help, it would be great to hear from people who have encountered the same problem and how they fixed it.

Thanks so much!!
0
reply
username1494226
Badges: 19
Rep:
?
#2
Report 6 years ago
#2
Youd be best to do a fresh install of OS X. Move all of your important files off into a portable hard drive and boot your Mac into the recovery partition and do a fresh install of OS X
0
reply
Binary Freak
Badges: 18
Rep:
?
#3
Report 6 years ago
#3
(Original post by marco14196)
Youd be best to do a fresh install of OS X. Move all of your important files off into a portable hard drive and boot your Mac into the recovery partition and do a fresh install of OS X
Well that's one lengthy way of approaching the problem :rofl:
0
reply
gen. AIDEED
Badges: 1
Rep:
?
#4
Report 6 years ago
#4
factory reset.
0
reply
username1494226
Badges: 19
Rep:
?
#5
Report 6 years ago
#5
(Original post by Binary Freak)
Well that's one lengthy way of approaching the problem :rofl:
Lengthy yes but it will ensure that no traces of a virus or malware remain in the system drive. Also as a warning, if you have thunderbolt ports, dont let anyone put anything of theirs into that port. A piece of malware has been getting about the place that uses Thunderbolt as a very low level means of accessing the system and installs malware into the boot ROM of the Mac. Same thing can go for USB drives, on Mac or PC. Malware can be installed into the vulnerable firmware of any USB device and there is no means of fixing this issue until a new UsB standard launches. So just be careful about letting other people putting a USB device into your PC.
0
reply
username973803
Badges: 14
Rep:
?
#6
Report Thread starter 6 years ago
#6
(Original post by G8D)
Was it MacKeeper?
Yess! I think it was! it had like an animated Mac cleaning animation thing... Have you encountered it??
0
reply
username973803
Badges: 14
Rep:
?
#7
Report Thread starter 6 years ago
#7
(Original post by marco14196)
Youd be best to do a fresh install of OS X. Move all of your important files off into a portable hard drive and boot your Mac into the recovery partition and do a fresh install of OS X

How long would this take - am I basically restarting my mac?
0
reply
username1494226
Badges: 19
Rep:
?
#8
Report 6 years ago
#8
(Original post by NicolaM)
How long would this take - am I basically restarting my mac?
Well it wouldnt take too long, especially if the Mac is using an SSD. Make sure you take all personal files off the Mac and keep them safe.
Heres Apples official line on how to do it. If you can remove the malware without a fresh wipe, this method shouldnt be necessary but you have to be careful incase malware has been installed elsewhere in the system

http://support.apple.com/en-gb/HT4718
0
reply
Binary Freak
Badges: 18
Rep:
?
#9
Report 6 years ago
#9
(Original post by marco14196)
Lengthy yes but it will ensure that no traces of a virus or malware remain in the system drive. Also as a warning, if you have thunderbolt ports, dont let anyone put anything of theirs into that port. A piece of malware has been getting about the place that uses Thunderbolt as a very low level means of accessing the system and installs malware into the boot ROM of the Mac. Same thing can go for USB drives, on Mac or PC. Malware can be installed into the vulnerable firmware of any USB device and there is no means of fixing this issue until a new UsB standard launches. So just be careful about letting other people putting a USB device into your PC.
Yeah it does ensure no traces.. In some respects.

Though this 'virus'.. Not really much of a virus.. Just a browser hijack (Hence why it doesn't appear in preferences). Usually best way to get rid of these is to just go to add.remove programs (You MAC users don't get this - But you can use AppTrap I believe) and to look for the SmartSearch.net extension and remove it from there.. Then an AV (Preferably Malwarbytes.. You don't get this either ) But I suppose any other decent one would suffice to get rid of the final remains.. Then finish the job with AdwCleaner/AdwareMedic.

You Mac users don't get the best sense of security tbh :sad:

As for the Thunderbolt.. Very rarely that malware (Particularly browser hijackers) will access the system on a low-level.. Could be wrong on this though.. But never have I seen malware do such things, and contrary to the belief of many people I do purposefully install malware onto my PC for the enjoyment of being able to reverse engineer it, and understand how it interacts with the computer

I might install Mac OS on a VM later just to see what I can come up with on this problem


(Original post by NicolaM)
Spoiler:
Show
What I initially thought I had downloaded- Mac cleaning os application turned out to be something different. Ever since downloading the application, when I'm on the internet and go to a new tab to use the search engine it, it isn't google but instead some this- 'http://thesmartsearch.net/search?p=acp11&q=tsr' .. I'm at my wits end!!

On top of all this, I'll be browsing on the internet and if I click on something a random tab will open advertising a load of crap. When I exit from this window it actually asks me do I want to leave the page instead of automatically shutting down.

I have my safari preferences set to nothing- like no specific search engine.

I downloaded AdwareMedic to try and rectify the situation. It had some files when I allowed the scan to go through and then I deleted them thinking the problem would go but I still have the search engine problem and random tabs opening up/changing to random pages.

I have no idea what to do at this stage!! Please help, it would be great to hear from people who have encountered the same problem and how they fixed it.

Thanks so much!!
As much as I dislike and disagree with factory default or whatever as a first step.. But it might be best given that you've probably downloaded it with a pain in the *** application that'd take quite a bit of understanding to remove - Well, it probably doesn't but admittedly my understanding of Mac OS is not even close to Windows

Also what program did you install? To have such problems if you don't mind me asking?
0
reply
username1494226
Badges: 19
Rep:
?
#10
Report 6 years ago
#10
(Original post by Binary Freak)
Yeah it does ensure no traces.. In some respects.

Though this 'virus'.. Not really much of a virus.. Just a browser hijack (Hence why it doesn't appear in preferences). Usually best way to get rid of these is to just go to add.remove programs (You MAC users don't get this - But you can use AppTrap I believe) and to look for the SmartSearch.net extension and remove it from there.. Then an AV (Preferably Malwarbytes.. You don't get this either ) But I suppose any other decent one would suffice to get rid of the final remains.. Then finish the job with AdwCleaner/AdwareMedic.


You Mac users don't get the best sense of security tbh :sad:

As for the Thunderbolt.. Very rarely that malware (Particularly browser hijackers) will access the system on a low-level.. Could be wrong on this though.. But never have I seen malware do such things, and contrary to the belief of many people I do purposefully install malware onto my PC for the enjoyment of being able to reverse engineer it, and understand how it interacts with the computer

I might install Mac OS on a VM later just to see what I can come up with on this problem




As much as I dislike and disagree with factory default or whatever as a first step.. But it might be best given that you've probably downloaded it with a pain in the *** application that'd take quite a bit of understanding to remove - Well, it probably doesn't but admittedly my understanding of Mac OS is not even close to Windows

Also what program did you install? To have such problems if you don't mind me asking?
Im a Mac and Pc user btw, just clarifying that. I can agree that amac security is well.... ehhh. Low marketshare keeps it relatively safe in terms of number of users but its not brilliant security wise. Windows isnt either but at least I have a wide choice of anti virus software available and booting off a recovery partition will always save me a headache if my Windows partition is compromised by a virus. My preferred method of removing malware, spyware or any of that type of stuff is usually just nuke the entire drive and reinstall Windows or to go off a recovery ISO on a portable drive
0
reply
Binary Freak
Badges: 18
Rep:
?
#11
Report 6 years ago
#11
(Original post by marco14196)
Im a Mac and Pc user btw, just clarifying that. I can agree that amac security is well.... ehhh. Low marketshare keeps it relatively safe in terms of number of users but its not brilliant security wise. Windows isnt either but at least I have a wide choice of anti virus software available and booting off a recovery partition will always save me a headache if my Windows partition is compromised by a virus. My preferred method of removing malware, spyware or any of that type of stuff is usually just nuke the entire drive and reinstall Windows or to go off a recovery ISO on a portable drive
It does yeah, as for windows I suppose the security on it isn't great either due to how widely used it is, but you can edit registry values (HKEY), and it has the best compatibility with Malwarebytes.

Another issue with Mac is they install everything as libraries (I think), and sometimes when you install an application on it, all third part crap just usually gets clumped in with it (I think again :P)
0
reply
username1494226
Badges: 19
Rep:
?
#12
Report 6 years ago
#12
(Original post by Binary Freak)
It does yeah, as for windows I suppose the security on it isn't great either due to how widely used it is, but you can edit registry values (HKEY), and it has the best compatibility with Malwarebytes.

Another issue with Mac is they install everything as libraries (I think), and sometimes when you install an application on it, all third part crap just usually gets clumped in with it (I think again :P)
Im not a security expert but I always keep my eyes out on new malware that releases out into the web. Ive never even touched the Windows registry, partially because its a mess and I fear I will mess something up in it
0
reply
Binary Freak
Badges: 18
Rep:
?
#13
Report 6 years ago
#13
(Original post by marco14196)
Im not a security expert but I always keep my eyes out on new malware that releases out into the web. Ive never even touched the Windows registry, partially because its a mess and I fear I will mess something up in it
I'm not an expert as such.. But I do enjoy fiddling around with malware.. It's a little hobby of mine and it might be my FYP (Malware Engineering or something)

As for registry, it is very very very easy to screw up when you first get started, especially without a guide, but you eventually learn what to look for as time goes by
0
reply
username973803
Badges: 14
Rep:
?
#14
Report Thread starter 6 years ago
#14
Hey guys, sorry for taking so long to get back to you but I think I've solved the problem

Basically, I used the AdwareMedic to detect the application and get rid of this. Once it did that I was still having issues on the internet as pop-ups were happening. I've found the problem and solution for this.
Basically, each time I used google/typing something in the search bar to go onto a website I used whilst the virus was there, it was reusing this website from my bookmarks/history. I then just deleted my history therefore starting fresh. No problems now.

Thank you all for your help anyhow!
0
reply
noobynoo
Badges: 6
Rep:
?
#15
Report 6 years ago
#15
For each browser it is happening...

Disable or delete all your extensions.

Go to settings and reset all homepages and search engines to something sensible.

Restart your browser.

I had this on Chrome. This seemed to fix it.

I think I must have installed a malicious extension. It may have been one that pretended to be Google Hangouts.
0
reply
username973803
Badges: 14
Rep:
?
#16
Report Thread starter 6 years ago
#16
(Original post by noobynoo)
For each browser it is happening...

Disable or delete all your extensions.

Go to settings and reset all homepages and search engines to something sensible.

Restart your browser.

I had this on Chrome. This seemed to fix it.

I think I must have installed a malicious extension. It may have been one that pretended to be Google Hangouts.
Yea I took it off my preferences at the very beginning as it was set as that on safari.

I just deleted my history and bookmarks because it was reusing these website links when I wanted to used the same website as I had visited when I had the virus.

It's all fixed now- thank you though
0
reply
X

Quick Reply

Attached files
Write a reply...
Reply
new posts
Back
to top
Latest
My Feed

See more of what you like on
The Student Room

You can personalise what you see on TSR. Tell us a little about yourself to get started.

Personalise

Poll: What factors affect your mental health most right now? Post-lockdown edition

Anxiousness about restrictions easing (41)
5.71%
Uncertainty around my education (83)
11.56%
Uncertainty around my future career prospects (76)
10.58%
Lack of purpose or motivation (92)
12.81%
Lack of support system (eg. teachers, counsellors, delays in care) (38)
5.29%
Impact lockdown had on physical health (41)
5.71%
Social worries (incl. loneliness/making friends) (77)
10.72%
Financial worries (47)
6.55%
Concern about myself or my loves ones getting/having been ill (31)
4.32%
Exposure to negative news/social media (43)
5.99%
Difficulty accessing real life entertainment (24)
3.34%
Lack of confidence in making big life decisions (69)
9.61%
Worry about missed opportunities during the pandemic (56)
7.8%

Watched Threads

View All