Reviews:
 ·Verizon FiOS
| [OS X] my mac has a virus? My wife has a 2009 white mac book. She uses it all the time. It is running OS X 10.6.x. My wife will Google "discount coupon" websites to get coupon codes for retail websites. About a week ago my wife went to Potter Barn Kids website. On the home page, was a coupon code offer of 15% off your order. She put items in her cart and went to checkout and put the offer code in and it said expired. She kept trying. No go. She calls Pottery Barn customer service and they tell her that Pottery Barn doesn't put those types of promotions on their webpage but emails customers such offers. About a day later she notices a ton of spam in her inbox and people on her contact list getting spammed by her email address.
Well, I take a look at the web page tonight and when I go to it on her computer I'm seeing the promotion code and it is "embedded" in the web page. It looks very authentic but I can see that the color is a bit off. I reset safari and removed the cache but notice that it will still come up. I have run ClamX and Sophos and neither have found viruses. Any idea on how to get rid of what apparently is malware of some kind. |
|
| In Safari preferences, turn off Java. Just a shot in the dark, but it may work. |
|
| I will try that. However, I have opened that page using Chrome and Firefox and no matter how many times I go to that site in those browsers I do not get the "rouge" pottery barn kids website. |
|
| reply to modelamac
Turned off Java and still getting it. |
|
Rojo
join:2009-04-14
New York, NY
kudos:1 | reply to obeythelaw
Safari 5.0.3 |
Don't know what version Safari you have but if it's 5.0.3 try clearing out your database and setting allowed storage to None. See bottom of picture.
Also, FWIW, this 15+ year Mac owner has never permitted a single email to come directly into my Mac. Prefer instead to use a secure, paid web-based email service. |
|
Reviews:
·Verizon FiOS
| reply to obeythelaw
I think I may have fixed it. I tried clearing the database but that didn't do anything either.
So I went into the Library and went to the Safari folder and trashed "Downloads.plist", "Extensions.plist", History.plist, LastSession.plist, Topsites.plist.
There was also a strange thing called "wrc.safariextz." I have no idea what it was but also trashed it.
I restarted safari and no longer get the rouge pottery barn kids website. I also noticed in preferences that my cookies, even after clearing it, and just going back into safari, was showing 1800 websites. Why so many unless something was phoning back home. I now visit a few websites and it only shows 10.
I googled wrc.safariextz and it does seem suspect. Can anyone else tell me what that is? |
|
| Good detecting. Thanx for the followup. |
|
| reply to obeythelaw
Sounds like a DNS hijacker. |
|
 Count ZeroObama-Biden 2012Premium
join:2007-01-18
Winston Salem, NC | reply to obeythelaw
There was a story on Mac Rumors recently (last day or two) about a trojan that injected fake ads - might want to look into that. |
|
|
|
Reviews:
·Verizon FiOS
| That looks exactly or very similar to what it was. It was the "real" legitimate website but some code was essentially placed into the website. Very odd. What is somewhat troublesome is that I tried three different virus removal programs and not one found anything and I did a search of all files on the computer. |
|
 buckinghamBuckingham Pa
join:2005-07-17
Buckingham, PA | reply to Count Zero
Another one to watch out for...
»www.nbcnews.com/technology/techn···C8995971 |
|
