Jump to content

Did Malwarebytes Actually Remove My Adware?


Recommended Posts

Hello! I am new to both Malwarebytes and this forum. Over the last few days, I've been noticing that Avast (the anit-virus software that I have installed on my Mac) has been giving me the 'Infection Detected' pop-up while using Google Chrome. This pop-up seemed to indicate that a malicious website was attempting to re-direct me/connect me to their site. Because of Avast and my pop-up blocker, I have never actually been re-directed to the offending site. 

After doing a bit of research, it became clear to me that my computer might be infected by some sort of malware or adware. My fiancee and I installed MacScan on my laptop (a Macbook Pro Retina for reference) and ran a full system scan. It indicted that I have two pieces of adware on my computer. In an attempt to rid myself of the adware, I installed Malwarebytes. As expected, it said that I had two infections (the same two referenced in my MacScan) and allowed me the option to clean them from my computer. I did that and, upon running a second scan, Malewarebytes claimed that I no longer had any infections. 

My issue is that, in an effort to double check, I ran another MacScan and it claimed that the two pieces of adware still exist. However, their codes have now been altered to say: /.Trash/Malewarebytes Removals/ 

Here are the full codes for reference: 

File Path:

/.MobileBackups/Computer/2016-04-02-153847/Volume/Users/mariyaartis/.Trash/Malwarebytes Removals/Sponsors.framework/Versions/A/Resources/APNSetup.app/Contents/Resources/toolbar_ORJ-M@apn.ask.com.xpi

File Path:

/.MobileBackups/Computer/2016-04-02-153847/Volume/Users/mariyaartis/.Trash/Malwarebytes Removals/Sponsors.framework/Versions/A/Resources/APNSetup.app/Contents/Resources/searchAskApp_ORJ-M.safariextz

Since I am new to Malwarebytes, I do not know if the extra section on the code means that the malware has been successfully removed or if it is still present/effecting my computer? If it is still actively effecting my computer, how do I go about removing it?

Thank you so very much for any and all assistance. It is greatly appreciated. 

Link to post
Share on other sites

Update: I am still getting the same Avast detects a threat pop-up when browsing on Google Chrome. This is what was happening before I made an attempt with Malewarebytes. At this point, I am not quite sure what (if anything) I can do. I would really love any and all assistance. 

Link to post
Share on other sites
7 minutes ago, Mariyaa said:

I would really love any and all assistance. 

The best assistance I can give you is a link to the  Malwarebytes Anti-Malware for Mac User Guide. It shows that after a scan you should be prompted to remove the items detected. See the screen shot on page 5 of the User Guide.

My MBAM is for Windows and the procedure is different. Questionable items are sent to quarantine where I can restore or delete them. Once in quarantine they are inert and deleting them permanently removes them from my computer, like I said WINDOWS is different.

Here is a link to the MBAM Mac User Guide.

https://www.malwarebytes.org/pdf/guides/MBAM-Mac-Guide.pdf

Link to post
Share on other sites
6 minutes ago, davidmg said:

The best assistance I can give you is a link to the  Malwarebytes Anti-Malware for Mac User Guide. It shows that after a scan you should be prompted to remove the items detected. See the screen shot on page 5 of the User Guide.

My MBAM is for Windows and the procedure is different. Questionable items are sent to quarantine where I can restore or delete them. Once in quarantine they are inert and deleting them permanently removes them from my computer, like I said WINDOWS is different.

Here is a link to the MBAM Mac User Guide.

https://www.malwarebytes.org/pdf/guides/MBAM-Mac-Guide.pdf

Hello,

Thank you for your suggestion. Let me try it once again and see if that solves my issue. As of a few minutes ago, I still seemed to have the Adware installed...

Link to post
Share on other sites
9 minutes ago, davidmg said:

The best assistance I can give you is a link to the  Malwarebytes Anti-Malware for Mac User Guide. It shows that after a scan you should be prompted to remove the items detected. See the screen shot on page 5 of the User Guide.

My MBAM is for Windows and the procedure is different. Questionable items are sent to quarantine where I can restore or delete them. Once in quarantine they are inert and deleting them permanently removes them from my computer, like I said WINDOWS is different.

Here is a link to the MBAM Mac User Guide.

https://www.malwarebytes.org/pdf/guides/MBAM-Mac-Guide.pdf

I just did another scan and it still says that the scan is coming up clean. However, it really does seem like I still have the adware (a site is still attempting to re-direct me). What do I do at this point? 

Link to post
Share on other sites
1 minute ago, davidmg said:

Sorry that tool is only for WINDOWS

Oh, darn. Do you know of anything that might help for Mac? Also, thank you so much for this. It is my finals week and I have TONS of essays due and all of this adware stuff has really gotten me stressed out....

Link to post
Share on other sites

If you are using Google Chrome on a Mac and the adware is only affecting Chrome consider downloading another browser.

Personally i like OPERA browser here is a link to OPERA for Mac just click on the top choice. (you will see what I mean)

http://www.opera.com/download/guide/?os=mac&list=all

Link to post
Share on other sites
1 minute ago, davidmg said:

If you are using Google Chrome on a Mac and the adware is only affecting Chrome consider downloading another browser.

Personally i like OPERA browser here is a link to OPERA for Mac just click on the top choice. (you will see what I mean)

http://www.opera.com/download/guide/?os=mac&list=all

Hello,

This may be a dumb question, so please bare with me. Is it okay to just have the adware on my computer? Like, won't just using a different browser just be ignoring a problem that is still in my computer? Basically, my fear is that I will just end up ignoring a problem that could possibly get worse. As you can tell, I don't really know much about malware, adware, or viruses in general and genuinely do not know if just leaving adware on my computer is fine. I also don't know if I can just go into my files and remove the adware myself or if Malewarebytes actually did anything when it claimed to have 'cleaned' my files. 

Link to post
Share on other sites

You can also consider REMOVING MBAM for Mac then reinstall MBAM (this is called doing a clean install).

To uninstall Anti-Malware for Mac, launch the program and choose Uninstall Malwarebytes from the Help menu (The Help menu can be found in the menu bar at the top of the screen).

Download a new MBAM for Mac from this link. 

https://www.malwarebytes.org/antimalware/mac/

 

From what I am seeing the adware listed in your first post is a "Toolbar" which I think you would notice in your browser and what I think is a Search Engine "Ask" which would replace "Google" If these things were active I bet you would notice them. I do not consider either of them to be serious malware. They are just adware that might be a minor problem.

Link to post
Share on other sites
Just now, davidmg said:

You can also consider REMOVING MBAM for Mac then reinstall MBAM (this is called doing a clean install).

To uninstall Anti-Malware for Mac, launch the program and choose Uninstall Malwarebytes from the Help menu (The Help menu can be found in the menu bar at the top of the screen).

Download a new MBAM for Mac from this link. 

https://www.malwarebytes.org/antimalware/mac/

 

From what I am seeing the adware listed in your first post is a "Toolbar" which I think you would notice in your browser and what I think is a Search Engine "Ask" which would replace "Google" If these things were active I bet you would notice them. I do not consider either of them to be serious malware. They are just adware that might be a minor problem.

Yes, I was also thinking that too. Once, I got the 'Ask' thing installed after downloading Adobe and it was VERY noticeable. This time around, I don't notice the 'Ask' thing or any alterations to my toolbar at all. Additionally, when I checked my google chrome for odd extensions, I saw nothing out of the ordinary. I will certainly uninstall it and do a reinstall. Thank you again for all of your help. 

Link to post
Share on other sites

If you download anything from a free site such as C-Net always do the "custom" install and carefully read everything before clicking on "NEXT". 

Often free sites add other software and doing the "QUICK" install will add it to your download, doing a custom install lets you uncheck optional items you do not want.

I would only download Adobe from Adobe.

You could consider doing a uninstall and reinstall of Google Chrome but if you have a lot of important bookmarks only do that later as a last resort because your bookmarks might disappear.

Link to post
Share on other sites

Looking closer at the file names you posted I do not think either are attached to Google Chrome because the second file lists "safari" at the end.

It is possible that some remnants remain for your earlier problem with "ask". Yes I would address removing them but it can surly wait until after finals.

GOOD LUCK WITH FINALS AND IF YOU HAVE TO GUESS ANY MULTIPLE CHOICE QUESTIONS TRY TO ELIMINATE ONE ANSWER AND THEN GUESS FROM THE OTHERS.

If the MBAM scan comes up clean trust it.

Link to post
Share on other sites
2 minutes ago, davidmg said:

Looking closer at the file names you posted I do not think either are attached to Google Chrome because the second file lists "safari" at the end.

It is possible that some remnants remain for your earlier problem with "ask". Yes I would address removing them but it can surly wait until after finals.

GOOD LUCK WITH FINALS AND IF YOU HAVE TO GUESS ANY MULTIPLE CHOICE QUESTIONS TRY TO ELIMINATE ONE ANSWER AND THEN GUESS FROM THE OTHERS.

If the MBAM scan comes up clean trust it.

Yes! I noticed the Safari thing too. I don't actually use Safari at all, so maybe that's why I haven't noticed anything other than what Avast claims is happening (and I am now doubting Avast's browser extension). 

That part about "ask" makes a lot of sense. My fiancee is good-ish with computers, so I might have him take care of that for me. 

I think that I was so intense before because I was super afraid that the adware would put a lock on my files or do something else dramatic. The news always makes things like this seem so intense....

 

HAHAHAH! I WILL REMEMBER YOUR SUGGESTIONS :D Let's hope that I do super well now that I can relax a little.

Link to post
Share on other sites
10 hours ago, davidmg said:

I am kind of a browser geek because a long time ago I owned a computer that only had one browser. When it quit working I did not know how to fix the problem (now I could easily fix that with a flash drive).

The computer was old so I replaced it but I learned a computer without a working browser is worthless. My computer has six different browsers right now, overkill right?

The point is I like the way Opera handles bookmarks. I can put them in different files such as "weather". Opera displays these files or individual bookmarks on the Start Screen for quick and easy access. Click on a folder and all the individual bookmarks are displayed. So I only have to open Opera then two clicks take me to any of my bookmarks.

 

<image deleted at poster's request>

Oh, that actually is really cool. I actually didn't know about Opera until you mentioned it. I told my fiancee about it and we both intend on installing it! Thanks again for everything. You have been insanely helpful.

Edited by gonzo
Link to post
Share on other sites
  • Staff

The reason that @davidmg mentioned Chrome earlier is because most people who use it also login to their Google profile.  If you pick up malware or adware with Chrome, it often gets saved in your profile and no matter how many times you clean your computer, your next connection to your profile (which is stored on the Google cloud) restores the malware/adware as well.  Neither Firefox or Opera have that problem.  I'm not telling you to not use Chrome, only telling how you how and why cooties keep coming back.

Link to post
Share on other sites
35 minutes ago, gonzo said:

The reason that @davidmg mentioned Chrome earlier is because most people who use it also login to their Google profile.  If you pick up malware or adware with Chrome, it often gets saved in your profile and no matter how many times you clean your computer, your next connection to your profile (which is stored on the Google cloud) restores the malware/adware as well.  Neither Firefox or Opera have that problem.  I'm not telling you to not use Chrome, only telling how you how and why cooties keep coming back.

I completely understand! Thank you so much for this comment. As I mentioned to the other commenter, I am VERY unknowledgable with things like this. So, every bit of assistance is majorly helpful :) 

So, the only option is to switch browsers if the adware is installed on my Chrome? From what I see in the code, the issue seems to be with Safari (which I don't use)? Additionally, someone suggested that it might be Avast falsely giving me that threat detection pop-up.

Link to post
Share on other sites

If you do not have many bookmarks in Chrome and you remove it.

Then it would be interesting to see the results of your MacScan.

Remember if you uninstall Chrome you might lose your bookmarks.

Link to post
Share on other sites
7 minutes ago, davidmg said:

If you do not have many bookmarks in Chrome and you remove it.

Then it would be interesting to see the results of your MacScan.

Remember if you uninstall Chrome you might lose your bookmarks.

Hmm...I think that I might end up uninstalling Chrome. I have a call with Apple in the morning so I'll see how that goes.

Thanks again for all of your suggestions. It is far less frightening knowing that there are people who are knowledgeable. 

Link to post
Share on other sites

Do you know how to check your Mac "Trash Can". I'm asking because I found the following in the MBAM for Mac User Guide.

Files that are removed are not deleted outright. Instead, they are moved to a folder named “Malwarebytes Removals” in the trash can.                                           This allows you to examine them and delete them at your leisure, or replace items that may have been removed by mistake.

So I am thinking if you can find the items you listed in the "trash can" and DELETE them your problem should be solved. Your Mac trash can does the same thing as the "Quarantine section" of my Windows MBAM.  Deleting them should give you a clean Mac Scan.

Separate Item Below

I have done searches on your problem so I'm pretty sure you are "Princess Meow" on the Apple Support Communities. The Avast screen shot you posted does say Google Chrome. You should read a post on Apple Communities, it is a post with many long replies. (Link below)                                  https://discussions.apple.com/thread/7011958?start=0&tstart=0

Here is part of the post from a level 10 Apple person. "Avast" is the worst of the whole wretched lot of commercial "security" products for the Mac. Not only does it fail to protect you from any real danger, it may send personal data (such as web browsing history and the contents of email messages) back to the developer without your knowledge, give false warnings, destabilize and slow down the computer, expose you to network attack, and corrupt the network settings and the permissions of files in your home folder. Removing it may not repair all the damage. Some versions of the product also inject advertising into web pages. In short, apart from the fine print in the license agreement, Avast is indistinguishable from malware, and is arguably worse than any known malware now in circulation."

If you decide to remove Avast click on this link and scroll down the page to the instructions.                                                                                                               https://www.avast.com/faq.php?article=AVKB67

Another Useful Item

Delete your cache, history, and other browser data from your Chrome Browser. Cache builds up over time and should be cleared at least every two weeks. 

Instructions are in this link.                                                                                                                                                       https://support.google.com/chrome/answer/95582?hl=en

Link to post
Share on other sites

@davidmg:

Thanks for your input and suggestions.

With no disrespect intended, Forum Mod @treed typically assists users here in this section of the forum.  That is why I referred @Mariyaa here from another forum section.

Before @Mariyaa ends up too far into the weeds, perhaps we might defer to his expertise?

This would be consistent with the forum's longstanding policy to reserve malware removal assistance for members of the specially-trained groups, as explained HERE and HERE.
This policy is in place for everyone's safety.
(While MBAM-Mac is a new product and this is a new forum section, the same policy is in place for Mac malware removal.)

<just a friendly suggestion>

Thank you for your help and for your understanding,

Link to post
Share on other sites
4 minutes ago, daledoc1 said:

Before @Mariyaa ends up too far into the weeds, perhaps we might defer to his expertise?

This would be consistent with the forum's longstanding policy to reserve malware removal assistance for members of the specially-trained groups, as explained HERE and HERE.
This policy is in place for everyone's safety.

 

7 hours ago, Mariyaa said:

I would really love any and all assistance. 

Not a problem, I only replied because of Mariyaa's second post on her thread (topic). It was posted 3 hours after her first post.

My first reply was a link to the MBAM Mac User Guide and stated I have a Windows MBAM.

I thought that reply was OK but one post led to another and yes I got in deeper than I thought I would.

I agree with your post 100% and will not post here again.

Link to post
Share on other sites
  • Staff
On April 3, 2016 at 9:31 PM, Mariyaa said:

File Path:

/.MobileBackups/Computer/2016-04-02-153847/Volume/Users/mariyaartis/.Trash/Malwarebytes Removals/Sponsors.framework/Versions/A/Resources/APNSetup.app/Contents/Resources/toolbar_ORJ-M@apn.ask.com.xpi

File Path:

/.MobileBackups/Computer/2016-04-02-153847/Volume/Users/mariyaartis/.Trash/Malwarebytes Removals/Sponsors.framework/Versions/A/Resources/APNSetup.app/Contents/Resources/searchAskApp_ORJ-M.safariextz

Mariyaa,

Those two items are found in your MobileBackups folder. This is a part of your Time Machine backups. When you are away from your normal Time Machine backups, your computer will create "backups" directly on the hard drive, within the ".MobileBackups" folder. This is not a true backup, as anything that damages the data on the drive will also ruin the MobileBackups, but it could be useful in cases where you lost a single file since the last time you backed up.

Files in MobileBackups are only kept for a maximum of one week, possibly less if hard drive space becomes limited. Any files that have been in MobileBackups for more than a week are deleted. Thus, these files are not still active on your system, and will shortly disappear on their own.

Files in your backups really don't need to be worried about, and I'd argue that anti-virus software really ought to leave any Time Machine backups alone, since mucking around with Time Machine backups can cause those backups to become corrupt. If Avast ever alerts you to anything in the ".MobileBackups" folder or in your other Time Machine backups, never allow it (or any other AV software) to remove it!

Hope this helps!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.