|
|
Please Help - MacBook Pro is infected with Malware
|
|
|
|
Junior Member
Join Date: Oct 2008
Location: Clovis, CA
Status:
Offline
|
|
2007 MacBook Pro Santa Rosa Addition
OS 10.6.8
Something has taken over my computer. When I log into one of my favorite forums, a redirected address appears in the address box, Mac Mail gets opened up automatically, and then layers and layers of popup windows appear. I have already changed my DNS settings to no affect. I also changed my Admin Password to no affect. If I switch to a different computer and try to log into the forum, the malware takes over that computer too.
The link I'm redirected to is http://ha.ckers.org/weird/popup.html right before my Mac Mail is launched automatically. I have absolutely no control over my computer while this is happening. The only way to regain control is to force quit with the power button and then restart.
I couldn't take any screen shots while the malware was launching popups, so I had to resort to an actual camera to take screen shots. Here they are:
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Looks more like the site got hacked, not your computer.
In Safari preferences, switch off JavaScript and see if that helps.
Which site is this? If we can reproduce it, it's not a problem with your machine.
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Oct 2008
Location: Clovis, CA
Status:
Offline
|
|
Spheric Harlot,
I tried disabling Java and Java Script in Safari like you suggested - no change.
The site is GarageJournal.Com. Everything looks normal on that board if I view it offline.
My Mac Mail shouldn't automatically open like that. Something is seriously wrong here.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Aug 2001
Location: Nobletucky
Status:
Offline
|
|
The redirect you experience makes me wonder if you haven't inadvertently installed a DNSChanger trojan. They've been around for a few years, but still manage to catch people. Let's rule that out first...
Go to the Google search page and run a search for anything. Google has in-place an automatic system that will alert you if it detects a DNS Changer trojan at work on your system.
Alternately, this site will check your system: http://www.dns-ok.us/
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2001
Status:
Offline
|
|
Open the Terminal application in /Application/Utilities
type the following:
cat /etc/hosts
Copy and paste the output (if it isn't too big) so that we may inspect it
|
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2001
Status:
Offline
|
|
The link you supplied is an intentional attempt to overwhelm the memory resources of your computer. From the source of the page:
"This could cause a machine or at minimum a mail client/browser to crash due to memory exhaustion. Certaily it could cause you to close your mail client. It's just so buggy, it's difficult to tell what's causing the majority of the issues (the browser, the mail client or the embedded editor), and I get a mixed bag of results on machines. This will probably crash something. If you don't see anything that probably means you don't have an associated mail client attached to the mailto: directive."
It pops up 888 frames that redirect your browser to open whatever application you have assigned for sending email.
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Oct 2008
Location: Clovis, CA
Status:
Offline
|
|
I took the computer to the Fresno Apple store. There's nothing they can do about it; they said they've
never seen anything like it. They did say though that my hard drive is not infected; which is a good thing.
Mr Watson,
I think you're very much correct.
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Oct 2008
Location: Clovis, CA
Status:
Offline
|
|
I think I may have found the problem. Apparently, the malware is an add-on software available to forum site owners who use vBulletin. I was given the link below from a forum administrator on one of the forums I visit. Not the same forum I'm having the trouble with. If you click on the link, it should be fairly apparent what's going on.
http://www.vbulletin.org/forum/showthread.php?t=254328
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|