Home
Posted By: suzie popups - 04/23/14 09:11 AM
Hi,

I have been having some serious problems with popups on my mac. It all started happening after I downloaded a movie from pirate bay.com. I didn't realise it was such a dangerous site until now. I recently downloaded CCleaner, and it worked for a day and now the popups are back. They come up all the time on all sorts of sites. Just wondering if anyone knows how I can get to the root of the problem? and if thats even possible?

Thank you, any help would be appreciated.
Posted By: tacit Re: popups - 04/23/14 09:58 PM
More information would be helpful. When do you see the popups? Do you see them when you're browsing the Web? What Web browser do you use?
Posted By: suzie Re: popups - 04/24/14 01:40 AM
I see the pop ups all the time. Most of them are advertisements, others say "you have won something." Yes I see them when I am browsing the web. I use safari, I tried to see if they would appear using chrome, and they still do.
Posted By: tacit Re: popups - 04/24/14 09:43 AM
In Chrome, click on the Chrome menu next to the Apple menu and choose the Preferences command. In the Preferences window, click Extensions. What extensions do you see listed there?
Posted By: suzie Re: popups - 04/24/14 11:06 AM
I see google docs 0.5
Posted By: tacit Re: popups - 04/24/14 10:15 PM
Nothing else? Hmm. That's odd. From the sound of things, you might be infected with the Genieo malware (that link describes how to see and remove it if you are), but it should show up as a browser extension in Safari.

Another possibility is you've been infected with DNSchanger. If you go to System Preferences, click Network, click on however you access the Internet, and click Advanced, and click DNS, what do you see listed for DNS Servers?

When you downloaded this movie, can you describe step by step what happened next? Did you see a dialog telling you that you had to install movie player software? Did you see something asking you to type your administrator password?
Posted By: suzie Re: popups - 04/26/14 08:58 AM
In DNS servers I see 61.9.242.33 and 61.9.226.33

Hmm trying to remember, I remember I had to download something called utorrent to get the movie. I don't remember anything about a administrator password.

Thanks for helping me. I will try using the 'how to remove Genieo malware' link you sent me, and let you know how I go.
Posted By: artie505 Re: popups - 04/29/14 05:54 AM
uTorrent appears to be a reputable app, but considering its source, it may have been compromised; have you searched your Mac for any and all traces of it and removed them?
Posted By: artie505 Re: popups - 04/29/14 08:26 AM
This is interesting...perhaps significant:

This Google result reports a recent post to the uTorrent Forums, and this screenshot tells that the post has apparently been taken down.

(PUP.Optional.OpenCandy is a PC thing, but who knows what else is out there?)

Edit: For OS X, see Rookie error: how do I reverse µTorrent installing ad/malware?. (Recent) Again, the linked uTorrent Forum post has apparently been taken down.
Posted By: artie505 Re: popups - 04/29/14 10:46 AM
Sorry, suzie, I clicked on the wrong link; my last post was intended for you.
© FineTunedMac