Jump to content

Recommended Posts

I have a macbook pro with macos 10.12.6. My websites were not running. Then malware bytes said I had a threat and I clicked on it and it said it wasn't downloaded. I downloaded it again, and ran the program. It found Booking application which I have found to be a common virus problem after googling. Then, I started wondering if other files including the Java I had on my computer were causing problems. I think I clicked a popup about Java about a month ago and must have accidentally downloaded it. I deleted Java from my computer today. This is probably the third time in the past two years I have noticed that something was wrong with my computer and this time I started searching around my computer and found that I still had files from March 12, 2019 the first time I had this problem. It literally just says "This is a virus". I was wondering if viewing previews of files from the search bar can cause further damage. I was then reading on different forums about common virus file names and websites. I searched them and had several of them show results on my computer. I don't know if these files are still able to cause damage if I deleted the applications. I also read about Adobe flash being an issue. I searched that and it showed that i have files titled "license.html" and when I click on them, it is written in a foreign language. This happened when I searched all the other common terms for virus file names. The titles were different and had different contents. I don't know how to clear my computer of dangerous files that aren't showing up on my scans, or if they aren't an issue. I am also wondering if I've had a virus on my computer for between a month and over a year, what damage could have been done? I haven't recognized any problems other than my internet suddenly not working when the same wifi works fine on my phone. Thank you!!!

Link to post
Share on other sites

There was a recent update to Java, so that was almost certainly legit. If you don't need it to run any third party apps, then there is no need to re-install it. There haven't been any serious issue with Java for Mac users for a long time now, but if needed you should keep it up-to-date.

Malwarebytes and many other anti-malware software packages focus on disabling malware by quarantining or deleting the active processes of that malware and often ignore the passive files that may be associated with it. Viewing previews of even active files should not cause any damage as they have to be actually running in order to do anything. Attempting to rid yourself of non-functioning files left over from a previous infection is unlikely to be worth your time and energy and since some file names are likely to match legitimate files that may be critical to macOS or apps, it would be unwise to remove any file simply based on it's name. And it certainly would not be unusual to find a license file in a foreign language as Macs are used world wide.

That said, after Malwarebytes removed the Booking app, you may need to reset some settings on your browser. Follow any applicable steps in this pinned article at the top of the forum, to see if they restore your Internet connectivity: 

 

Link to post
Share on other sites

Thank you! I got a notification on my iPhone today from my Settings that a lot of my passwords had been detected in a data leak and that I needed to change them. Then I would click to rechange the password and some of them said they could not open because Distil Networks didn’t have the website in their system. Then, I tried to change another one and it showed the picture attached, when I haven’t changed my cookie settings and have been on that website recently. I am working on the link that you sent me, but when I open links in text edit, it is hard to know what a “malicious” link looks like. Thank you for your help. If I change all my passwords, would they still be able to access my data? Or maybe already have my credit card info/stuff like that?

70F8386A-DFDE-4F96-B006-26E3270378C1.png

Link to post
Share on other sites

16 hours ago, pnkand1223 said:

I got a notification on my iPhone today from my Settings that a lot of my passwords had been detected in a data leak and that I needed to change them.

Are you certain that you received this notification from a reliable source? What was it that notified you and how did you receive it (e-mail, text, pop-up, etc.).

16 hours ago, pnkand1223 said:

Then I would click to rechange the password and some of them said they could not open because Distil Networks didn’t have the website in their system.

Do you have an Imperva product installed on your Mac (they appear to be associated with Distil Networks, Inc.).

I subscribe to some services (e.g. https://haveibeenpwned.com) that alert me to such things, but only something new and rarely more than one compromised password at a time. I'm concerned that this could be a phishing attempt designed to harvest changed passwords.

16 hours ago, pnkand1223 said:

Then, I tried to change another one and it showed the picture attached

I would need to know the url to give you any information concerning that.

I doubt that anybody here will be able to help you with any of the above and you will need to get in contact with whatever notified you of those compromised passwords to get answers.

16 hours ago, pnkand1223 said:

I am working on the link that you sent me, but when I open links in text edit, it is hard to know what a “malicious” link looks like.

OK. I admit that it takes some advanced familiarity with macOS to figure that out. Basically it's asking you to be suspicious of any that references applications, processes or developers that are unfamiliar to you. We might be able to help you with any of those if you post their content here.

16 hours ago, pnkand1223 said:

If I change all my passwords, would they still be able to access my data? Or maybe already have my credit card info/stuff like that?

As I said earlier, if you change a password on a phishing site, then yes, you would give them access to your data, even if they never had it to begin with. It's always best to never click on a link that you are given in a notice, rather log into the site in your normal manner and make any changes that way.

If any of the sites that were actually compromised are financial sites, then you should assume that any information they contain has been compromised. Most sites I'm familiar with do not post your entire credit card or account numbers, just the last few digits.

Link to post
Share on other sites

Again, thank you for your help. iOS 14 has an update in the settings of your phone where you can turn on/off notifications for if your saved passwords are in a data leak. many of my passwords are similar and i believe the ones mentioned were also saved on chrome on my computer. in iphone settings under passwords, it has a security recommendations section where you can see passwords that are weak, common, reused, or leaked. i am wearing of trusting things like that but i assumed it was legit because it came from my iphone settings in the app. i don’t think i have any imperva downloaded but i was thinking maybe that was being used by apple to detect password leaks?

Link to post
Share on other sites

4 minutes ago, GuruGuy said:

The issue isn’t that “your” password was leaked, but that hackers have shared and used a password that matches one you use. Hackers will use these leaked passwords to crack accounts even without knowing which account it goes with. You still want to change it.
 

 

Link to post
Share on other sites

7 hours ago, pnkand1223 said:

iOS 14 has an update in the settings of your phone where you can turn on/off notifications for if your saved passwords are in a data leak.

Since these notifications are coming from the Password settings on your iPhone, then I'm confident that those links were legit at the time of the compromise and clicking on them is a trustworthy means of accessing the site to make any password changed.

I went through all of the ones listed on my iPad today and was not able to repeat your findings. A small number of sites came up blank, but none came up referencing Distil Networks. I haven't taken the time to dig in to those, but suspect the sites no longer exist today and those messages are coming from either your DNS service provider or some sort of blocking software that you or your Internet ISP is using to let you know the URL is faulty. 

When I tried to go to pleasehold.evenue.net just now, was unable to do so. After it timed out, I got the following screen which does reference Distil Networks:

154217255_ScreenShot2020-09-25at18_36_49.thumb.png.490a5a89e9fdede1edefb79f463abd99.png

I was able to determine an IP address for evenue.net (216.177.87.56) which is registered to: 

Registrant Organization: Paciolan Systems
Registrant Street: 5291 CALIFORNIA AVE
Registrant City: IRVINE
Registrant State/Province: CA
Registrant Postal Code: 92617-3073
Registrant Country: US
Registrant Phone: +1.19498231671

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.