Contribute
Register

Safari seems infected with adware

Status
Not open for further replies.
Joined
Jan 8, 2014
Messages
35
Motherboard
GIGABYTE GA-B150M-D3H
CPU
Intel Core i5 6500
Graphics
Intel HD 530
Mac
  1. iMac
Mobile Phone
  1. Android
  2. iOS
  3. Windows Phone
Hello friends,

This is a weird issue as I have never had this issue before 1 week ago. The annoying problem is that Safari on few particular websites (good websites i.e. news and one govt website) behaves as it is adware laden, whenever I click anywhere on a blank field on the webpage, a new tab opens up whose address changes almost every time and it displays advice to clean my Mac and install MacKeeper etc. Following are given such 2 urls.

https://brightonclick.com/script/preurl.php?r=973139
https://viralrecent.com/mackeeper/en/9/9.php?rzi=1327357&rsz=1327357&rid=

Let me tell you friends that I haven't installed anything even from "App Store" it is a clean install of OS. I had used some 3rd party softwares earlier but this time it was a fresh install and still the problem persists. I even scanned the system with Kaspersky and Malwarebyte's Antialware, found nothing. There are no extensions installed and I cleared Safari caches and deleted history.

To overcome this I have already installed OS, 4 or 5 times but every time after half an hour I face this with Safari.
Please help me friends.
 
Last edited:
Just because they are news and govt. sites doesn't mean they can't have malicious code injected into them. What version of macOS are you running ? Have you got all the latest Apple security updates ? Have you tried any other browsers like Chrome or Opera ?
 
Just because they are news and govt. sites doesn't mean they can't have malicious code injected into them. What version of macOS are you running ? Have you got all the latest Apple security updates ? Have you tried any other browsers like Chrome or Opera ?

Thanks for replying. I am on 10.12.6 and the system is up to date. Yes I tried Chrome and worked good for last 3-4 days(no redirections and pop ups) of sorting out problem but today it too, showed same behaviour.
 
Try using the MB free premium trial. The real-time protection should stop that from happening.
https://www.malwarebytes.com/mac/

If you want a free app get the adblock plus extension for your browsers. Works on both safari and chrome.

Screen Shot.jpg
 
Last edited:
Didn't work sir.
Then you'll need to simply avoid those sites or figure out which plugins you would need to disable in your browser for those sites. I don't know exactly which ones. Do some googling of that topic and see if you can adjust your browser security settings for those problematic sites.
 
Last edited:
Then you'll need to simply avoid those sites or figure out which plugins you would need to disable in your browser for those sites. I don't know exactly which ones. Do some googling of that topic and see if you can adjust your browser security settings for those problematic sites.

Thank you. I can not avoid those websites as they are somehow related to my work. I will try to explore different possible solutions. Thanks again.
 
After many scans with Kaspersky and Malwarebyte and reinstallation (which yielded nothing) I gave up using MacOS and switched to Windows (I have a dual boot system). In Windows, during a scan Kaspersky found a trojan named MultiDNS-changer. The AV removed it restarted PC and all seemed okay for an hour or so and again same problem though only in IE not in Chrome and FF. While goggling for this trojan I came across an article (http://www.wired.co.uk/article/dns-changer-check-and-fix), there I saw the author mentioning about change in DNS in router among other ramifications of its infection. Now I thought how things add up for its non removal from system as the DNS settings were changed in my router. I filled in right DNS and changed its password. Two days back at MacOS and everything looks normal again. A few applications earlier flagged red by my AV had to be deleted as well to forbid any further infection, if at all they were responsible for this.
 
Status
Not open for further replies.
Back
Top