An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
interference
#58569 04/27/21 06:45 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
OS 10.12.6 Whenever I use a torrent site, immediately another site appears. I have tried safari, Firefox & chrome and it is happening all the time.

What can I do? Would a complete uninstall solve the problem? Assuming that to be true, just how would go about an complete uninstall? I'm thinking about all of the apps.


jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: interference
jaybass #58570 04/27/21 07:21 PM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Can you post a link?


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: interference
jchuzi #58571 04/27/21 07:43 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
https://1337x.to. This a torrent site

jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: interference
jaybass #58572 04/27/21 10:17 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted by jaybass
Would a complete uninstall solve the problem? Assuming that to be true, just how would go about an complete uninstall? I'm thinking about all of the apps.
Although there may other less drastic solutions and assuming you do not restore anything from your existing system and the “complete uninstall” includes completely wiping all your drives it should get rid of the existing problem, but it would not prevent it from recurring.

The complete uninstall would include:
  1. Shutting down your computer completely
  2. Waiting at least 10 seconds
  3. Powering up while holding the Command and R keys until you see a progress bar
  4. From the Recovery Assistant window launch Disk Utility and erase the boot drive (probably named Macintosh HD).
  5. Consider erasing any backup drives as potential sources of re-infection
  6. Quit Disk Utility
  7. From the Recovery Assistant window launch Reinstall MacOS
  8. Reinstall any third party apps ONLY from the App Store or the developer’s website
  9. A good anti-malware app such as ClamXAV or MalwareBytes can provide an additional layer of protection against future problems


If you have your Keychain, Mail, and other Apple apps synced with iCloud, re-syncing your new install with your ICloud account will safely restore all of those settings.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: interference
jaybass #58574 04/28/21 12:19 AM
Joined: Aug 2009
Likes: 7
Online

Joined: Aug 2009
Likes: 7
Originally Posted by jaybass
https://1337x.to. This a torrent site

jaybass
When I click that link in Safari, that is exactly the site that I get.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: interference
jchuzi #58575 04/28/21 12:33 AM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
When I click that site, I get it too. It's when I enter whatever it is I want to download that I get something else. Adobe player is the main problem along with others.

jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: interference
jaybass #58578 04/28/21 01:35 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Given this additional information it is safe to say that it is unlikely that there is anything you can do on your computer to change the behavior. So why don’t you download the player directly from Adobe? it is a free download. You should always download from the developer’s web site if at all possible. With sharing sites like Torrent too often you get more than you bargained for and that is not a good thing.

A better question is why do you need Adobe Flash in the first place? It is an obsolete technology that Adobe has officially abandoned and is no longer supported by anyone.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: interference
joemikeb #58581 04/28/21 04:21 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
Today for the first time I scanned my HD using ClamXAV (2hrs, 26mins.) and it found (2) infections. RotatorBox.dp & RuZQD trojan.OSX.generic which automatically went into quarantine.

I have never heard of these before. Before I trash them, perhaps you could tell me what they are.

Does this mean that I don't need to erase my HD? Perhaps wait and see?

Regarding downloading Adobe Flash Player, would that eliminate it from interfering with my computer? You suggest I download Adobe Flash Player and then ask me why I need F/P in the first place. Answer is I don't need it.

I did try to boot up into recovery mode, but all I got was a white padlock which required me to enter my firmware password, something which I never remember creating. Finding that is quite a chore for me.

It just occurred to me about finding where those (2) infections will be on my backup. I don't want to scan my HD again.

jaybass

Last edited by jaybass; 04/28/21 04:56 PM.

OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: interference
jaybass #58582 04/28/21 06:21 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted by jaybass
Today for the first time I scanned my HD using ClamXAV (2hrs, 26mins.) and it found (2) infections. RotatorBox.dp & RuZQD trojan.OSX.generic which automatically went into quarantine.
I always recommend the paid version of any anti-malware utility as those typically either monitor continually or automatically scan at frequent intervals. That way the malware can be detected and quarantined before it has opportunity to imbed itself in your system and do damage.

Originally Posted by jaybass
I have never heard of these before. Before I trash them, perhaps you could tell me what they are.
Would you keep a rattlesnake in your bed until you were formally introduced to it? You don't need to know what they are to get rid of them. However in answer to your question Rotator Box and trojan.OSX.generic.

Originally Posted by jaybass
Does this mean that I don't need to erase my HD? Perhaps wait and see?
you may well have quarantined Rotator box after your computer was infected which is why running ClamXAV sporadically is pretty much useless, as the best you can hope for is to lock the barn door after the horses have already gotten out. The link I provided has instructions for removing the infection.

Originally Posted by jaybass
Regarding downloading Adobe Flash Player, would that eliminate it from interfering with my computer? You suggest I download Adobe Flash Player and then ask me why I need F/P in the first place. Answer is I don't need it.

Then why are you trying to download it? I am confused confused

Originally Posted by jaybass
I did try to boot up into recovery mode, but all I got was a white padlock which required me to enter my firmware password, something which I never remember creating. Finding that is quite a chore for me.
Apple recommends you get an appointment with the Genius Desk at your nearest Apple Store and take you Mac in as the only solution to that problem.

Originally Posted by jaybass
It just occurred to me about finding where those (2) infections will be on my backup. I don't want to scan my HD again.
If you read my instructions, they specifically recommended erasing all of your backups and not recovering anything from them.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: interference
joemikeb #58584 04/28/21 07:34 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
I will get back to you after I have spoken to apple

I contacted apple and they told me to take my iMac back to where I purchased it from. With the present lockdown, they don't open until may20th

I guess I will just have to wait.

Is there any disassembly involved in unlocking my iMac?

jaybass

Last edited by jaybass; 04/29/21 04:59 PM. Reason: further info

OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: interference
joemikeb #58601 04/30/21 03:24 PM
Joined: Aug 2009
Likes: 2
jaybass Offline OP
OP Offline

Joined: Aug 2009
Likes: 2
Joe, I have not said I wanted to download Flash Player. Just the reverse, they tell me I need to update when I don't even have it.

Now when you say not to use anything from my back up which makes sense but what about apps that I purchased from the App Store and developers which are on my HD?

Should copy them to a thumb drive?

Never having erased my HD before, can you tell me if I will lose anything from the following, apple mail, bookmarks, iTunes, iPhotos, docs or anything else I should know about?

Thanks in advance,

jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: interference
jaybass #58602 04/30/21 04:54 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted by jaybass
Joe, I have not said I wanted to download Flash Player. Just the reverse, they tell me I need to update when I don't even have it.
I got it now. It is almost a dead bang guarantee that had you downloaded the Flash Player the download package would have included more malware than you already have, perhaps turning your computer into something like a kiddie porn web hosting.

Originally Posted by jaybass
Now when you say not to use anything from my back up which makes sense but what about apps that I purchased from the App Store and developers which are on my HD?
As those may be infected you should download fresh copies from the App Store and the developer's web sites rather than risk reinfection.

Originally Posted by jaybass
Should copy them to a thumb drive?
As those may be infected you should download fresh copies from the App Store and the developer's web sites rather than risk reinfection. Copying them to a flash drive will not remove infection it merely preserves it on the new media.

Originally Posted by jaybass
Never having erased my HD before, can you tell me if I will lose anything from the following, apple mail, bookmarks, iTunes, iPhotos, docs or anything else I should know about?
You will lose ABSOLUTELY EVERYTHING and have to start over from scratch. The only possible exceptions would be those Apple functions such as Keychain, Mail, Safari Settings, photos, and calendars that are selected in System Preferences > Cloud to be backed up on your iCloud Drive. You will also lose all of your tunes unless Music > Preferences > Synch Library is checked. NOTE: If those were not previously checked it can take a day or more after they are first checked for all of the data to be synched with iCloud. So allow time for it to settle.

Nuke and Pave, which is what you are proposing is a Final Solution option not to be taken or performed lightly. That is why regular prevention is so much better than occasional spot checks and well worth the cost of paid licenses. It is also why I, and many others, assiduously avoid sites like Torrent.

Given the time and aggravation imposed by nuke and pave you might consider...
  • attempting to remove the infection following the instructions in the links provided and see if the apparent redirection continues,
  • invest in paid versions of ClamXAV or MalwareBytes and set them up to run continuously or at very frequent intervals.
  • Check your bank and credit card accounts daily for possible fraudulent transactions
  • Consider investing in a credit monitoring service
  • Being very careful about where you venture on the internet and very security aware
  • 🤞

But the choice depends on how risk tolerant you are.

Last edited by joemikeb; 04/30/21 04:57 PM. Reason: %&^^% Spell Check

If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: interference
joemikeb #58603 04/30/21 05:22 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Have you ever heard of an exploit that can set a firmware password with no user intervention?

jaybass says he doesn't recall ever having set one, and since the setup is in no way prone to accidental initiation, how'd jaybass's get set?

Any guesses?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: interference
artie505 #58607 04/30/21 08:15 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted by artie505
Have you ever heard of an exploit that can set a firmware password with no user intervention?
No

Originally Posted by artie505
jaybass says he doesn't recall ever having set one, and since the setup is in no way prone to accidental initiation, how'd jaybass's get set?

Any guesses?
  1. Jay set it inadvertently?
  2. Jay set it thinking it was something else?
  3. Jay set it so long ago that he has forgotten setting it?
  4. Someone else with access to Jay's computer set it?
  5. Poltergeists?
  6. Gremlins?
  7. some of the above?
  8. None of the above?
  9. Other

and the answer is
I have no idea how it was set and can only deal with the facts as presented 🤷‍♂️


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: interference
joemikeb #58609 04/30/21 11:58 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
grin

But the initial "No" is reassuring.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Moderated by  alternaut, dianne, dkmarsh 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.029s Queries: 44 (0.022s) Memory: 0.6522 MB (Peak: 0.7739 MB) Data Comp: Zlib Server Time: 2024-03-28 14:52:59 UTC
Valid HTML 5 and Valid CSS