OMG -- my machine is infected!

[IgorP]

I normally never click on anything remotely suspicious, but suddenly I’m having serious issues:

1) After a restart, I’m getting two popups, “Mac Tuneup Pro” and “Advanced Mac Tuneup”. Both run at the same time but out of sync with voices warning that my Mac has issues -- "click here to clean up." The latter installs an icon on the menu bar and I can’t get rid of it. Naturally I don’t click on anything.

2) Safari has gotten really bad: it keeps opening new tabs urging me to contact what they call “Apple Support” with a toll-free number and a case number. Further, any time I click on an open tab I get popups from “MyCouponsmart” telling me my Norton subscription (what?) has expired, click here to renew. Naturally I don’t click on anything here either.

3) I don’t normally use Chrome but I launched it to see how it would act and it was unusable -- every time I clicked on a bookmark the page would open and then be overwritten by a Yahoo-looking page (this might be my home page on Chrome, couldn’t tell for sure, maybe bogus). Dumped out of that one.

What is the best way to use Time Machine to clean up this mess? I can go back to yesterday when the machine was fine, but which files should I select to commence the RESTORE? Can I exclude my photos and music files?

Most important, will Time Machine be able to restore the whole system the way it was without the infection or am I going to need a 3rd-party utility or am I going to have to clear the disk and reinstall Mojave, and if so, how do I do that?

Thanks in advance for your help.

 

[nickyr]

download and run malwarebytes for Mac (it's free), see if that solves your issue before delving any further.

Malwarebytes | Malwarebytes for Mac — Mac Antivirus Replacement

 

[RadDave]

I normally never click on anything remotely suspicious, but suddenly I’m having serious issues:

1) After a restart, I’m getting two popups, “Mac Tuneup Pro” and “Advanced Mac Tuneup”. Both run at the same time but out of sync with voices warning that my Mac has issues -- "click here to clean up." The latter installs an icon on the menu bar and I can’t get rid of it. Naturally I don’t click on anything....................................

Hi IgorP - looks like you've been hit w/ ransomware demanding likely $$ if you had decided to contact the 'hackers' - try Nicky's suggestion and hope that it helps. What I would probably do is: 1) Disconnect from the internet; 2) Clear your history from the browsers mentioned (yes, a pain in losing info); 3) Run a malware app as suggested - another that has been recommended here is DirectX Swift (free download); and 4) also run OnyX (download from the link AND obtain the version for the macOS being used); the latter will re-boot your computer. Let us know if this helps rid you of this nuisance! Good luck - Dave

 

[IgorP]

OK. Per advice of Nicky and Dave I downloaded Malwarebytes and ran the trial version -- no joy. I then downloaded and ran DirectX Swift and the evil "Mac Tuneup Pro” and “Advanced Mac Tuneup” seem to be gone and Safari has returned to normal.

Re Chrome: I deleted it from the machine when it acted as I described above. I just now re-installed it and it’s working OK.

Re Onyx: I have Onyx and run it all the time, including before I appealed to you. I don’t know that Onyx looks for viruses or malware -- in any case, it didn’t report anything untoward. I also ran Disk Utility and my hard drive was OK.

I believe my mistake was to click on a bogus Flash Upgrade. My question now is: “Is Adobe even upgrading Flash any more, given its planned demise at the end of 2020?” While I do need Flash for a couple of sites, I sure won’t be “upgrading” it again.

Thanks guys.

 

[RadDave]

OK. Per advice of Nicky and Dave I downloaded Malwarebytes and ran the trial version -- no joy. I then downloaded and ran DirectX Swift and the evil "Mac Tuneup Pro” and “Advanced Mac Tuneup” seem to be gone and Safari has returned to normal.

Re Chrome: I deleted it from the machine when it acted as I described above. I just now re-installed it and it’s working OK.

Re Onyx: I have Onyx and run it all the time, including before I appealed to you. I don’t know that Onyx looks for viruses or malware -- in any case, it didn’t report anything untoward. I also ran Disk Utility and my hard drive was OK.

I believe my mistake was to click on a bogus Flash Upgrade. My question now is: “Is Adobe even upgrading Flash any more, given its planned demise at the end of 2020?” While I do need Flash for a couple of sites, I sure won’t be “upgrading” it again.

Hi again - sounds like success - congrats! OnyX was suggested to 'clean out' potential caches and detritus left behind - doesn't hurt. As to Flash, I migrated my 3 Macs to Catalina and no longer use the Adobe product - of course, always upgrade Flash, if still desired, from 'System Preferences' or the 'official' Adobe website - the popups that come up to upgrade Flash often will have embedded malware. Dave

 

[nickyr]

glad you got it sorted

re flash, it's best to update it through System Preferences.

Never trust a pop-up that's prompting you to update flash or any other app for that matter.

 

[chscag]

I believe my mistake was to click on a bogus Flash Upgrade. My question now is: “Is Adobe even upgrading Flash any more, given its planned demise at the end of 2020?” While I do need Flash for a couple of sites, I sure won’t be “upgrading” it again.

As Nick stated, only update Flash from System Preferences, Flash Player. That will take you direct to Adobe.

As for Flash no longer being updated or developed after 2020, no worries. Most sites no longer use it and you can always access a site that needs it with Chrome. Chrome has its own version of Flash built in and keeps it up to date.

 

[harryb2448]

For mine DetectX Swift is by far a better option than Malwarebytes lori.

 

[IgorP]

Thanks to all -- here’s a summary:

Malwarebytes was good, but left two threats. DetectX got ‘em.

Still not done -- had a nasty app “SearchMine” messing with my searches. Got rid of it via Guide to remove Searchmine.net Browser Redirect from Mac

Seems to be clean now. Thanks to all.

 

[chscag]

Okay! Good cleanup job. Thanks for posting back and letting us know.

 

[jklingel]

I just found this and appreciate the info therein. After running and killing threats with Malware, I downloaded and ran Direct, and it nuked several more items. Again, thanks. j

 

[Rod]

Another useful tool for your arsenal is Find Any File (FAF). If you enter any search term like "mac tuneup" for example in the search bar it will find even hidden/invisible files within system files and folders. From the search window you can trash any and all of these files or delete them immediately. I have removed malware in the past only to find there are still remaining files within the system. Of course they may not be harmful but I like to be thorough.
FAF is also useful when deleting apps it is surprising after uninstalling an app how much stuff can be stored in difficult to find locations.
FAF is free shareware available from the very supportive developer here; Thomas Tempelmann - Find Any File

 

[jga40]

Apple UK advises the only application you need to what's not provided is Malwarebytes, but I 'm a pessimist so have antivirus and CleanMyMac X, recommend all users to try out the free copy of CleanMYMac by MacPaw.

 

[Raz0rEdge]

Apple UK advises the only application you need to what's not provided is Malwarebytes, but I 'm a pessimist so have antivirus and CleanMyMac X, recommend all users to try out the free copy of CleanMYMac by MacPaw.

No, not recommended to install CleanMyMac, unnecessary and wasteful. Enough people have had to deal with the consequences of having that app installed and the so called "cleaning" that it does. You also don't need antivirus, but if you want to run it, it's your machine, you are free to do so. Do not recommend others do it!

 

[IWT]

May I endorse what our Moderator Raz0rEdge has said above?

Everyone is fully entitled to put whatever apps they wish onto the Mac They must have the freedom to use their Mac in any way they like and we don't judge them.

But this is a Mac Forum where people come for advice and it is not appropriate for fake or unsubstatiated recommendations to be promulgated.

We have had to deal with countless examples of folks getting into serious difficulties through using a range of "Clean Up" applications which have rendered their Mac unusable, or close to it. Getting rid of these nuisances from your Mac can be problematic.

CleanMyMac is one of these.

Malwarebytes has been recommended here for some time, and is still useful for sure, but ownership has changed hands and ongoing experience suggests that DetectXSwift does a better job. (See posts #9 and 11 above, for example).

AntiVirus apps are a necessity for Windows' machines, but pointless for Macs - if only pointless, that wouldn't be so bad; but in many cases it blocks legitimate updates from Apple, slows down the Mac and is frequently difficult to remove, so deep are their tentacles. They may frequently clash with other anti-this-or-that apps, each seeing the other as a threat.

All these AV app are made by Windows' developers/companies - with ONE exception - Intego, which makes apps exclusively for Macs and does not slow them down. I used their top-of-the-range product for 6 years, at one time, without a single "naughty" being found. I have never used it since.

Your Mac, most definitely your choice, but we must avoid potentially misleading other users.

Ian

 

[Rod]

I'm afraid you will not get much approval for CMM or Malwarebytes on this forum. Malwarebytes used to be a good application before it was bought from the original developer by a large software company that prefer a subscription based business model. The subscription app is so filled with what is commonly called "bloatware" that it simply saps your CPU resources with unnecessary bells an whistles many of which duplicate existing functions. The free version expends most of its energy advertising the subscription version. Clean My Mac is similar in one respect that it uses an unnecessary large amount of resources with its"helper" app but apart from that is potentially dangerous if you don't know exactly what to and what not to let it do. In trying to be a jack of all trades it does too much without doing much very well. I say this as a long term user of CMM. I have had it since inception and from a basic system cleaner which had a few potential faults I've seen it grow into a monster which now tries to be an optimiser, cleaner as well as duplicating many of OnyX's functions it empties the trash searches for threats and installs application updates. Auto clean requires careful selection of options to avoid default settings deleting your email attachment and more. I tend to think of it as a suite of tools used separately and judiciously they can be helpful.
The shredder is handy, the uninstaller has its uses, the ability to locate large old files by size and usage, all good but I do not use the helper and I certainly don't allow it to launch at startup.
When apps start telling me how and when to do things while using my resources that's usually when I either disable them or delete them. I don't need an app to tell me when to empty my trash just yet.

 

[Randy B. Singer]

All these AV app are made by Windows' developers/companies - with ONE exception - Intego, which makes apps exclusively for Macs and does not slow them down.

I have heard a couple of cases of Intego's Virus Barrier slowing a user's computer down, but it's extremely rare. it's still by far the best , most comprehensive, anti-virus software for the Macintosh.

And....one really nice thing about Virus Barrier is that there is a free version available, and it's just as effective as the commercial version:

VirusBarrier Free Edition (free)
Intego Launches VirusBarrier Scanner — Free Mac Antivirus | The Mac Security Blog
Intego VirusBarrier Scanner on the Mac App Store
(This is a full version of Intego's anti-virus program VirusBarrier [usually $40/year] minus some [but not all] of the automated scanning features in the commercial version. Intego's VirusBarrier consistently wins all the believable comparison tests of Macintosh anti-virus software [there are lots of shill sites on the Web].
Have a look at this respected review site:
The Safe Mac » Mac anti-virus testing 2014
Do you need AV software? No, the Mac has it's own built-in, and there is very little malware for the Macintosh in the wild to be concerned about. The value in having this free AV program is that if you are the paranoid type, you can now use the best program available to satisfy yourself that you aren't infected with something. Also, this free version is sandboxed and it isn't deeply embedded in your system, like other AV programs, so it shouldn't impact your Mac's overall performance as just about all the other AV programs do.)

With regard to Adobe Flash, if at any time you are wondering if you already have the latest version of Flash installed, you can check in the Flash preferences pane, or you can find out which version of Flash you currently have installed, and what the latest version is, here:
Adobe - Flash Player

Note that there is very little true malware in the wild for the Macintosh, but lately there has been a rash of adware (which isn't usually at all malicious, just extremely annoying). Adware can't install itself on your Macintosh. You have to volitionally install it yourself. That usually happens when you download a fake Adobe Flash installer or updater and run the install procedure. So... DON'T EVER install or update Adobe Flash unless you get it directly from Adobe:
Adobe Flash Player Download
If it didn't come directly from Adobe, DON'T INSTALL IT! This is the most simple way to avoid adware.

 

[Randy B. Singer]

Intego's Virus Barrier ... still by far the best , most comprehensive, anti-virus software for the Macintosh.

Do you need AV software? No, the Mac has it's own built-in

One follow-up point. The Mac's built-in anti-virus software looks for just about no adware.

And Virus Barrier, just like all the traditional true anti-virus programs for the Mac, doesn't look for any adware either.

Why? I can only speculate that since adware isn't literally malicious, and some adware may include legitimate features, Apple and the AV developers are afraid of getting sued by the developers of some adware if they go around deleting adware.

So, if you have an adware problem, your first thought should be to download and try this to see if it helps:

DetectX Swift (free/commercial)
DetectX – sqwarq | security for your mac

I hope that this isn't too confusing.