Results 1 to 4 of 4
  1. #1

    Member Since
    Jun 24, 2011
    Unhappy New OS X Malware (Snow Leopard)
    The Mac in question has 2 user accounts and my SO (not a very sophisticated user) began getting dialogue box pop-ups about a week ago on her log-on - no issues with mine. Of course she only mentions this last night.

    A box appeared every few minutes asking if you wanted to open a text editor file from Google. I opened a few of these (instead of canceling) and saved the payload which appears to be code to do with google ads. I have a saved copy at home I can post later if it helps. Opening the first file caused a toggle through of all open windows for about 10 seconds then nothing???

    I looked at incoming/outgoing connections and traced a few to blacklisted ip addresses - 2 in China, 1 in Netherlands, etc. Around 4 or 5, not a ton. I have a screen shot of that output as well. After disconing the Mac from the internet, I searched on another computer for any trace of this from other users and found nothing. Tons of posts about MACdefender, which this is definitely not. Other machines on my network don't appear to be affected.

    Am I infected? thus far I've flushed the DNS cache, cleared cookies, uninstalled firefox (thinking could be some sort of browser hijack). I also checked related /etc file and nothing unusual going on there. Help!
    Next steps?

  2. #2

    northrnchimp's Avatar
    Member Since
    Jun 13, 2010
    rMBP 13 2.5GHz 121GB SSD
    Might be an idea to just create a new user account for her (him?) and copy docs across. Then delete the old account.

  3. #3

    Lifeisabeach's Avatar
    Member Since
    Sep 30, 2007
    The Republic of Neptune
    If it's confined to just her user account, then an extremely simple way of handling this is to make a backup copy of her user Library, then delete the old. On re-logging into it, OS X will re-create a virgin copy and yer back in business. Just keep the copy around to recover things like Safari bookmarks and other data that may be stored there that she may want.

    EDIT: Actually before going that far… have you checked her login items in the System Preferences to see if anything is suspect?

    Please verify and include the exact model/year of your Mac and OS X version number (available from "About This Mac", then "More Info" on the Apple menu).
    Links: Onyx | EasyFind | Apple Hardware Test | How to test your hard drive | The Safe Mac Adware Removal Guide | Uninstall MacKeeper
    Lifeisabeach - Mac-Forums Member of the Month June 2009, Feb 2012, and March 2013.

  4. #4

    schweb's Avatar
    Member Since
    Oct 27, 2002
    Cleveland, Ohio
    MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
    You are not infected.

    Many member ask the question about viruses and malware on the Mac and in addition to using the search function at the top of the forum, you'll find almost all your answers here:

    Official Antivirus, Malware, and Firewall FAQ
    schweb | community leader
    flickr facebook twitter tumblr google+

    Mac-Forums: On Twitter | On Facebook | On Flickr

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. VMware Fusion update lets users virtualize Leopard, Snow Leopard (MacWorld)
    By Lifeisabeach in forum Apple Rumors and Reports
    Replies: 16
    Last Post: 11-22-2011, 04:20 PM
  2. Replies: 2
    Last Post: 08-10-2011, 02:00 PM
  3. Remove Snow Leopard Server and re-install Snow Leopard
    By b-rad in forum OS X - Operating System
    Replies: 4
    Last Post: 08-09-2011, 01:33 AM
  4. Replies: 6
    Last Post: 01-02-2011, 05:15 PM
  5. Replies: 2
    Last Post: 04-10-2010, 05:09 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts