Jump to content


  • Content Count

  • Joined

  • Last visited

About Doug_M

  • Rank
    New Member
  1. AdGuard is what I've been running for the past week now and so far so good. I like that is has a feature to use a blacklist or whitelist. All the others I could find were whitelist only.
  2. While I don't disagree about uninstalling Flash (or not installing it in the first place). In this case it won't solve the problem at all because the problem isn't actually about Flash or caused by Flash. Websites trying to look like the Flash installer are being presented to the user through malicious web-based ads on various websites. So if JayB uninstalls Flash he'll still see these websites with fake installers unless he implements an ad block of some sort.
  3. By way of third party advertising networks. The malicious advertising that redirects you to the fake update pop-up is bought and paid for on one or more of these ad networks that legitimate websites use. I too was searching all over the Internet. Thing is I wasn't finding any answers because what was happening was not an infection. The closest (and most frequent google result) was that WeKnow infection. But I didn't have Flash installed and none of the files removal instructions said to look for were there. And of course MWB and Bit Defender didn't find anything either. Then I tried an ad blocker and voila, no more malicious redirects from malvertising.
  4. Since I installed AdGuard for Safari I haven't had it happen again.
  5. Well it's only been a little less than 24 hours but so far so good.
  6. Yeah that's what I've done (temporarily). If that works then I'll revert to a blacklist model and play whack a mole for a bit.
  7. Crap, just when I thought I had it figured out it happens from the huffingtonpost.ca (don't judge, it was a Google News click thru lol) domain. Though I still believe it to be malvertising rather than a local infection as it happened as I was scrolling down to the bottom of the article where the comments are and that section dynamically loads tons of third party ads as you scroll.
  8. No doubt. Currently it is a sort of no win scenario. I couldn't find an ad blocker with a blacklist, but I did find that AdGuard allows custom filters so I've got that essentially "off" except for third party ads an eBay and Kijiji. Spent about 10 minutes on both sites and so far no malvertising. Not a definitive test by far, but so far so good.
  9. I agree, it is looking more and more like a malicious ad. I've been browsing the web for a few hours without issue but I have not been on Kijiji or eBay yet. I don't like ad blockers on principle (to each their own however) so I'll try an ad blocker on just Kijiji and eBay to see if that makes a difference. Of course as I'm typing this eBay could be removing the malicious ad from their network and we'll never know lol.
  10. Was trying to "trigger" it so did some eBay and Kijiji surfing and got it to happen again. I don't honestly know if it is tied to eBay or Kijiji at all or perhaps is triggered by searching or clicking any links. I'll know more going forward as I'll pay more attention to it than I did over the weekend lol. Anyway, it took me to one of the same domains as before and presented the fake Flash install.
  11. It does. Though that screenshot has only happened once (the latest). All the other times it was a cheesy looking Flash install screen. As an addition, that link mentions looking in LaunchAgents for suspicious items. I did that as well as in LaunchDaemons and didn't find anything. It talks about "PUA" (potentially unwanted apps) and I haven't installed anything recently. Other than a few apps from the the Mac Store all I have installed is Calibre E-Books, GIMP, Google Earth Pro, MacLoggerDX, Mailplane, NetBeans, SkookumLogger, Transmit and World of Tanks. No browser extensions, no Flash etc. The last program to be installed was World of Tanks. Though I would think that if the Mac version of this game was installing a click-jacker the Mac sub-forum on WOT would be full of people complaining. Then again you never know.
  12. As stated in the op, no profiles exist to delete in the first place, and everything else WeKnow doesn't apply (including extensions, I don't have any) as it doesn't exist. I've been down that road already which is why I posted here in the first place. There is nothing to submit to customer support yet because Malwarebytes isn't finding anything so there is nothing in the app log. All I have at this point is "something" is clickjacking in Safari and it isn't WeKnow. I will compile a collection of URLs it sends me to along with screenshots of the fake macOS screens. Then at least I'll have something to submit.
  13. Yeah that's just more WeKnow stuff. I've looked at many WeKnow removal howtos and they just don't seem to apply here. For example they talk about profiles but there are none on my Mac. They talk about WeKnow taking over Safari's default homepage, but that isn't an issue with mine. They talk about people getting infected by running a Flash installer. I didn't do that. I didn't even download a Flash installer. What I've got seems to be very new. Hopefully others will start reporting it but most will probably get mistaken for more WeKnow infections at first. And of course if you google macOS adware flash all you get are WeKnow posts. This may take some time...
  14. No, no ad blocker. The thing is though an ad blocker isn't a "solution" as the click hijacking is occurring on my machine. That is to say I believe my Mac to be infected as opposed to the websites I'm visiting where the click hijacking is occurring. If eBay and Kijiji were hacked (or ads they serve were malicious) it would be news in the tech-o-sphere.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.