Jump to content

Recommended Posts

So it seems I have some sort of malware on my Google Chrome on Mac. I'm pretty new to this so please bare with me.

For example When I search a random search in Google Chrome this URL briefly shows:

http://www.google.com/url?sa=D&q=http%3A%2F%2Fsearch.operativeeng.com%2Fcps%3Fq%3Dwhere%2Bare%2Byou%26_pg%3DD5AF862B-7C24-5787-AF3D-AEAFF9F8B205

I am then redirected to Yahoo's search engine even though Chrome had always been my default.

When I go to Chrome settings I see this search engine listed but there is no remove option. 

Chrome://management shows my computer is being managed by an outside source (this is a personal laptop).

Going to chrome://policy shows this as default search provider http://search.operativeeng.com/favicon.ico

I ran a Malwarebytes scan, it identified three threats and I quarantined and then restarted. However the malware is still on my chrome. I am wondering if it is embedded into my gmail account somehow.

Thanks for any suggestions, just worried they could steal my passwords/financial information somehow.

 

Screen Shot 2020-09-03 at 1.57.42 PM.png

Screen Shot 2020-09-03 at 3.02.25 PM.png

Link to post
Share on other sites

Now that the threat has been removed, you will need to manually change the settings that were modified. Please follow the instructions contained in this pinned posting at the top of the forum, paying particular attention to the Nuke Chrome portions: 

 

Link to post
Share on other sites

this was so helpful thank you ! I think I've been able to remove the after-effects as you've suggseted.

One thing, I installed a norton antivirus for 30 days just to be sure. While flipping through the web on Chrome I was just given this message on my computer (see attached photo). I told Norton to block it; is this some sort of malware attempting reeentry? I have no idea if it was how I would stop it without Norton turned on

Screen Shot 2020-09-03 at 8.14.07 PM.png

Link to post
Share on other sites

Unless there's another macOS user here familiar with Norton, you'll have to ask Norton about it.

If you google "ff02::FB" you'll find a lot of folks have seen it, but the only partial explanation came from this discussion https://discussions.apple.com/thread/6658906 which mostly bashes Norton, but if you click "All Replies" and go to the last one, there's a partial explanation that would indicate that it's might be a bug in your WiFi router. In any case, everything I read indicated that it's coming from something on your local LAN and not anything coming in from the Internet. Whether it should be allowed or blocked isn't clear and may not matter.

Link to post
Share on other sites

All 224.x.x.x IP addresses are from your local network and many reports I've read about these alerts point to the router.

Link to post
Share on other sites

Well, it's clear that nobody is attempting to do something nefarious using Google Chrome from outside of your local network. There is also ample evidence that these alerts are either False Positives generated by Norton or a bug involving your router. If it were me I would disregard it or if I had time challenge Norton about it and also confirm that these are router IP addresses. What I don't have an opinion on is whether such notifications should be blocked or allowed. I suppose there could be some good reason to do one or the other, but haven't a clue what the result would be.

Edited by alvarnell
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.