[MacTUG] Mac Malware report
Keith Peck
kdpeck at uwaterloo.ca
Thu Oct 16 15:03:49 EDT 2014
Hi,
I bumped into Mike Patterson on the way back from a building this afternoon and mentioned to him that I removed some malware from a Mac OS X machine; it is running 10.9.5 (Mavericks) and has had the BashBug update installed on it.
Symptoms were that Safari, Firefox and Google Chrome browsers were all redirecting to web pages other than the intended targets, typically either a survey page (asking for more 'personal' info with a chance to win a prize or gift certificate) or to a site advertising that you should try "Mac Keeper" (Apple discussions - do not install Mac Keeper<https://discussions.apple.com/docs/DOC-3691>) an even more invasive malware program.
Home pages and default search tools had been changed to "ConduitSearch" - changing them back to the defaults didn't fix the redirection or adds shown on search page results (nothing explicit, but content was at the boundary of being non-suitable for work.)
Did a Google search and I used the TSMART.zip Tool found at http://www.thesafemac.com/art/ to remove the threat plus a few related threats:
ConduitSearch
Genio adware
Downlite
Uninstall of Firefox and a restart was required to complete the cleanup.
Overall found the following site to be useful for both info and tips to remove Mac Malware: http://www.thesafemac.com/
--
I will forward details to SOC about the name of the machine that the malware was removed from.
Keith Peck
Client Services, Information Systems and Technology
University of Waterloo, Waterloo, Ontario, Canada, N2L 3G1.
MC 2020, (519) 888-4567 x.37770
kdpeck at uwaterloo.ca<mailto:kdpeck at uwaterloo.ca>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uwaterloo.ca/pipermail/mactug/attachments/20141016/92424033/attachment.html>
More information about the MacTUG
mailing list