dhiggzzz Posted September 3, 2020 ID:1405559 Share Posted September 3, 2020 So it seems I have some sort of malware on my Google Chrome on Mac. I'm pretty new to this so please bare with me. For example When I search a random search in Google Chrome this URL briefly shows: http://www.google.com/url?sa=D&q=http%3A%2F%2Fsearch.operativeeng.com%2Fcps%3Fq%3Dwhere%2Bare%2Byou%26_pg%3DD5AF862B-7C24-5787-AF3D-AEAFF9F8B205 I am then redirected to Yahoo's search engine even though Chrome had always been my default. When I go to Chrome settings I see this search engine listed but there is no remove option. Chrome://management shows my computer is being managed by an outside source (this is a personal laptop). Going to chrome://policy shows this as default search provider http://search.operativeeng.com/favicon.ico I ran a Malwarebytes scan, it identified three threats and I quarantined and then restarted. However the malware is still on my chrome. I am wondering if it is embedded into my gmail account somehow. Thanks for any suggestions, just worried they could steal my passwords/financial information somehow. Link to post Share on other sites More sharing options...
alvarnell Posted September 4, 2020 ID:1405576 Share Posted September 4, 2020 Now that the threat has been removed, you will need to manually change the settings that were modified. Please follow the instructions contained in this pinned posting at the top of the forum, paying particular attention to the Nuke Chrome portions: Link to post Share on other sites More sharing options...
dhiggzzz Posted September 4, 2020 Author ID:1405598 Share Posted September 4, 2020 this was so helpful thank you ! I think I've been able to remove the after-effects as you've suggseted. One thing, I installed a norton antivirus for 30 days just to be sure. While flipping through the web on Chrome I was just given this message on my computer (see attached photo). I told Norton to block it; is this some sort of malware attempting reeentry? I have no idea if it was how I would stop it without Norton turned on Link to post Share on other sites More sharing options...
alvarnell Posted September 4, 2020 ID:1405611 Share Posted September 4, 2020 Unless there's another macOS user here familiar with Norton, you'll have to ask Norton about it. If you google "ff02::FB" you'll find a lot of folks have seen it, but the only partial explanation came from this discussion https://discussions.apple.com/thread/6658906 which mostly bashes Norton, but if you click "All Replies" and go to the last one, there's a partial explanation that would indicate that it's might be a bug in your WiFi router. In any case, everything I read indicated that it's coming from something on your local LAN and not anything coming in from the Internet. Whether it should be allowed or blocked isn't clear and may not matter. Link to post Share on other sites More sharing options...
dhiggzzz Posted September 7, 2020 Author ID:1406247 Share Posted September 7, 2020 Interesting, I'm also getting this message from Norton. I'll have to do a little more searching. Link to post Share on other sites More sharing options...
alvarnell Posted September 8, 2020 ID:1406272 Share Posted September 8, 2020 All 224.x.x.x IP addresses are from your local network and many reports I've read about these alerts point to the router. Link to post Share on other sites More sharing options...
dhiggzzz Posted September 8, 2020 Author ID:1406277 Share Posted September 8, 2020 Ok thank you for the help, so in other words I can just disregard them ? Link to post Share on other sites More sharing options...
alvarnell Posted September 8, 2020 ID:1406279 Share Posted September 8, 2020 (edited) Well, it's clear that nobody is attempting to do something nefarious using Google Chrome from outside of your local network. There is also ample evidence that these alerts are either False Positives generated by Norton or a bug involving your router. If it were me I would disregard it or if I had time challenge Norton about it and also confirm that these are router IP addresses. What I don't have an opinion on is whether such notifications should be blocked or allowed. I suppose there could be some good reason to do one or the other, but haven't a clue what the result would be. Edited September 8, 2020 by alvarnell Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now