Well, I Got A Virus. Please Help!

[drl944377]

For the first time ever, my MacBook Pro is infected. I don't know if it was from a bundle download or from a remote Windows set up but I have what appears to be an "osascript wants to control your browser" malware/virus. I have not clicked either choice when that pop up window appears.

I am not very tech savvy.
I tried following some directions online but it's not working.

Can anyone please tell me the easiest way to go?
I'm hesitant to download/buy anything online because it will prompt me for my password and I would think entering any passwords right now is not the thing to do??? But again, I don't have any idea what I'm talking about so any guidance would help!

Thank you,
Lisa

 

[macgig]

try installing and running malwarebytes free for mac. if you can take a screen shot and post what you see than can be helpful... command shift 3 keys at the same time to take a screen shot. it's smart to not enter passwords right now if asked.

what browser are you using, safari? firefox? chrome?

Thank you for downloading Malwarebytes for Mac

Thanks for downloading Malwarebytes! Your download should have started automatically. If it didn’t, click here. Don’t want to be infected again?...

www.malwarebytes.com

 

[MacInWin]

Get DetectX Swift from here: https://sqwarq.com/detectx/. Install and run it. That should find the culprit for you. If not, come back and we can recommend something more aggressive.

 

[Rod]

What you have is not a virus but it is malware. Its also one of the commonest forms of malware. It is a fake operating system pop-up message used to trick MacOS users to allow "osascript" to control the Safari web browser. So long as you click the Do Not Allow option nothing will actually happen. It is not a "key logger" that records what you type so you can follow the above suggestions and download either of the above anti malware apps without fear of your passwords being captured. Virus Barrier Scanner available from the App Store is pretty good too but they all have free versions/options so try them all till you find one you like.

 

[Randy B. Singer]

For the first time ever, my MacBook Pro is infected. I don't know if it was from a bundle download or from a remote Windows set up but I have what appears to be an "osascript wants to control your browser" malware/virus. I have not clicked either choice when that pop up window appears.

Okay, you need to listen carefully, because some of this is going to be confusing.

You do not have a virus (i.e. self-replicating malware), but you do have a Trojan Horse (software that you downloaded from a Web site or possibly from a questionable download of what appeared to be legitimate software; your bundle deal is a likely suspect.)

It CAN ONLY HARM your Mac if you give it permission to run/load. DO NOT give it the permission that it is asking for UNDER ANY CIRCUMSTANCES.

I've never heard of an "osascript virus" before, and interestingly neither have ANY of the reputable anti-virus tracking Web sites. "OSA" is Open Scripting Architecture, and is a legitimate process. I don't know what the "osascript virus" will do if you allow it to run. Possibly nothing at all terribly nasty, I'm guessing. The reason that I'm guessing that is because there are new Web sites (that you've found some of) suddenly on the Web telling you how to deal with the "osascript virus" from previously unknown entities. My guess is that the software that they are encouraging you to purchase to clean out the osacript virus is this bit of malware's real payload. That is, this malware only exists to get you to go to the Web and purchase and install software that is actually malware! (This is a threat pattern that has become common very recently.) DO NOT PURCHASE any software such a site exhorts you to, to deal with the osascript virus.

What needs to happen is some reputable source has to examine this malware and come up with guidance on how to remove it manually, or a reputable anti-virus software company has to come out with an update to their product and push out an updated definition so that their product can clean out this malware for you.

So my advice is to sit tight for a couple of days until we can get that guidance to you or until a product can be updated to help you.

My guess is that this free product will be updated to help you sooner than anything else. (Intego, the company that makes it, is very aggressive in identifying new threats and pushing out updates to deal with them.) You can download it now and run it now and then until the point that it has been automatically updated to deal with the osascript virus:

VirusBarrier Free Edition (free)

‎Intego VirusBarrier Scanner

‎Free antivirus and malware security for your Mac! Intego Virus-Barrier Scanner can scan and remove Mac and Windows malware with a single click. VirusBarrier Scanner will detect any infected files which you might have downloaded or gotten in your inbox. This way your Mac is always kept safe and...

itunes.apple.com

Hang in there. I'll post again when I know more.

 

[Rod]

Just as a follow up on both my previous and Randy's post, I do prefer Virus Barrier-Scanner myself.
Simply click Start Scan, choose your Home folder (thats the one with the little House icon and your name) then click Scan. It will update it's virus definitions then scan all your User files. If it finds anything related to "osascript" you will see it and be given the opportunity to remove it.

 

[drl944377]

Okay, you need to listen carefully, because some of this is going to be confusing.

You do not have a virus (i.e. self-replicating malware), but you do have a Trojan Horse (software that you downloaded from a Web site or possibly from a questionable download of what appeared to be legitimate software; your bundle deal is a likely suspect.)

It CAN ONLY HARM your Mac if you give it permission to run/load. DO NOT give it the permission that it is asking for UNDER ANY CIRCUMSTANCES.

I've never heard of an "osascript virus" before, and interestingly neither have ANY of the reputable anti-virus tracking Web sites. "OSA" is Open Scripting Architecture, and is a legitimate process. I don't know what the "osascript virus" will do if you allow it to run. Possibly nothing at all terribly nasty, I'm guessing. The reason that I'm guessing that is because there are new Web sites (that you've found some of) suddenly on the Web telling you how to deal with the "osascript virus" from previously unknown entities. My guess is that the software that they are encouraging you to purchase to clean out the osacript virus is this bit of malware's real payload. That is, this malware only exists to get you to go to the Web and purchase and install software that is actually malware! (This is a threat pattern that has become common very recently.) DO NOT PURCHASE any software such a site exhorts you to, to deal with the osascript virus.

What needs to happen is some reputable source has to examine this malware and come up with guidance on how to remove it manually, or a reputable anti-virus software company has to come out with an update to their product and push out an updated definition so that their product can clean out this malware for you.

So my advice is to sit tight for a couple of days until we can get that guidance to you or until a product can be updated to help you.

My guess is that this free product will be updated to help you sooner than anything else. (Intego, the company that makes it, is very aggressive in identifying new threats and pushing out updates to deal with them.) You can download it now and run it now and then until the point that it has been automatically updated to deal with the osascript virus:

VirusBarrier Free Edition (free)

‎Intego VirusBarrier Scanner

‎Free antivirus and malware security for your Mac! Intego Virus-Barrier Scanner can scan and remove Mac and Windows malware with a single click. VirusBarrier Scanner will detect any infected files which you might have downloaded or gotten in your inbox. This way your Mac is always kept safe and...

itunes.apple.com

Hang in there. I'll post again when I know more.

Thank you so much for all this info.

I don't do anything when the popup for osascript appears so hopefully I'm "fine" in so far as nothing has been allowed on my end like you said.

I just tried to download Intego but the App store wants my password, which I am very hesitant to enter right now.
Thoughts?

 

[drl944377]

Also, I'm just noticing this when I enter something directly into the search bar as opposed to using something like Yahoo.
http://search.validexplorer.com/ps?_pg=78EE0470-944D-5B60-BD39-FF8333111E3F&q=presidential+election

Is that search part normal?

 

[drl944377]

What you have is not a virus but it is malware. Its also one of the commonest forms of malware. It is a fake operating system pop-up message used to trick MacOS users to allow "osascript" to control the Safari web browser. So long as you click the Do Not Allow option nothing will actually happen. It is not a "key logger" that records what you type so you can follow the above suggestions and download either of the above anti malware apps without fear of your passwords being captured. Virus Barrier Scanner available from the App Store is pretty good too but they all have free versions/options so try them all till you find one you like.

I don't click either option as I've been told in the past that sometimes any action allows it in. ??? But again, I don't know what the **** I'm talking about over here so there's that. Should I click the Do Not Allow option or just leave it in the background?

 

[drl944377]

try installing and running malwarebytes free for mac. if you can take a screen shot and post what you see than can be helpful... command shift 3 keys at the same time to take a screen shot. it's smart to not enter passwords right now if asked.

what browser are you using, safari? firefox? chrome?

Thank you for downloading Malwarebytes for Mac

Thanks for downloading Malwarebytes! Your download should have started automatically. If it didn’t, click here. Don’t want to be infected again?...

www.malwarebytes.com

Safari

 

[drl944377]

try installing and running malwarebytes free for mac. if you can take a screen shot and post what you see than can be helpful... command shift 3 keys at the same time to take a screen shot. it's smart to not enter passwords right now if asked.

what browser are you using, safari? firefox? chrome?

Thank you for downloading Malwarebytes for Mac

Thanks for downloading Malwarebytes! Your download should have started automatically. If it didn’t, click here. Don’t want to be infected again?...

www.malwarebytes.com

I just tried to download malwarebytes for mac free on the App store and that is also requiring a password which I'd rather not enter right now. Also, it brought up about 4 different options. Any in particular? Would going directly to one of these sites avoid the password request?

 

[chscag]

I just tried to download malwarebytes for mac free on the App store and that is also requiring a password which I'd rather not enter right now

Why not? I can certainly understand the reluctance to enter your password, but you need to know that without entering your Apple ID and password, you will not be able to use the App Store.

You need to enter your Apple ID and password to carry out certain actions with Apple, otherwise, you will be unable to use your Mac properly.

Entering your Apple ID and password for the App Store or other required Apple actions is perfectly safe.

 

[Rod]

From what I can find out this malware package is limited to your browser (safari) and requires your action to enable it ie. clicking yes or no in the text box. The App Store is not a browser, like Music it is a “live” application. Your Apple login is encrypted so there is no risk in verifying your Apple ID. I do suggest VirusBarrier Scanner though and follow the instructions I gave you in post #6.
There really is no other way of removing this malware.