Results 1 to 4 of 4
  1. #1


    Member Since
    Jun 24, 2011
    Posts
    1
    Unhappy New OS X Malware (Snow Leopard)
    The Mac in question has 2 user accounts and my SO (not a very sophisticated user) began getting dialogue box pop-ups about a week ago on her log-on - no issues with mine. Of course she only mentions this last night.

    A box appeared every few minutes asking if you wanted to open a text editor file from Google. I opened a few of these (instead of canceling) and saved the payload which appears to be code to do with google ads. I have a saved copy at home I can post later if it helps. Opening the first file caused a toggle through of all open windows for about 10 seconds then nothing???

    I looked at incoming/outgoing connections and traced a few to blacklisted ip addresses - 2 in China, 1 in Netherlands, etc. Around 4 or 5, not a ton. I have a screen shot of that output as well. After disconing the Mac from the internet, I searched on another computer for any trace of this from other users and found nothing. Tons of posts about MACdefender, which this is definitely not. Other machines on my network don't appear to be affected.

    Am I infected? thus far I've flushed the DNS cache, cleared cookies, uninstalled firefox (thinking could be some sort of browser hijack). I also checked related /etc file and nothing unusual going on there. Help!
    Next steps?

  2. #2

    northrnchimp's Avatar
    Member Since
    Jun 13, 2010
    Location
    England
    Posts
    217
    Specs:
    rMBP 13 2.5GHz 121GB SSD
    Might be an idea to just create a new user account for her (him?) and copy docs across. Then delete the old account.

  3. #3

    Lifeisabeach's Avatar
    Member Since
    Sep 30, 2007
    Location
    The Republic of Neptune
    Posts
    7,755
    If it's confined to just her user account, then an extremely simple way of handling this is to make a backup copy of her user Library, then delete the old. On re-logging into it, OS X will re-create a virgin copy and yer back in business. Just keep the copy around to recover things like Safari bookmarks and other data that may be stored there that she may want.

    EDIT: Actually before going that far… have you checked her login items in the System Preferences to see if anything is suspect?

    Please verify and include the exact model/year of your Mac and OS X version number (available from "About This Mac", then "More Info" on the Apple menu).
    ------
    Links: Onyx | EasyFind | Apple Hardware Test | How to test your hard drive | The Safe Mac Adware Removal Guide | Uninstall MacKeeper
    ------
    Lifeisabeach - Mac-Forums Member of the Month June 2009, Feb 2012, and March 2013.

  4. #4

    schweb's Avatar
    Member Since
    Oct 27, 2002
    Location
    Cleveland, Ohio
    Posts
    13,190
    Specs:
    MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
    You are not infected.

    Many member ask the question about viruses and malware on the Mac and in addition to using the search function at the top of the forum, you'll find almost all your answers here:

    Official Antivirus, Malware, and Firewall FAQ
    schweb | community leader
    flickr facebook twitter tumblr google+ about.me

    Mac-Forums: On Twitter | On Facebook | On Flickr


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. VMware Fusion update lets users virtualize Leopard, Snow Leopard (MacWorld)
    By Lifeisabeach in forum Apple Rumors and Reports
    Replies: 16
    Last Post: 11-22-2011, 04:20 PM
  2. Replies: 2
    Last Post: 08-10-2011, 02:00 PM
  3. Remove Snow Leopard Server and re-install Snow Leopard
    By b-rad in forum OS X - Operating System
    Replies: 4
    Last Post: 08-09-2011, 01:33 AM
  4. Replies: 6
    Last Post: 01-02-2011, 05:15 PM
  5. Replies: 2
    Last Post: 04-10-2010, 05:09 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •