Solved

Possible Malware on my MacBook Air

Posted on 2014-10-11
5
112 Views
Last Modified: 2015-03-18
I was trying to stream movies from a few sites, and now my browsers (both Google Chrome and Safari) appear to be hi-jacked.  I downloaded Sophos Cloud AV in an attempt to remove the threats, but could not unfortunately.  Any help would be greatly appreciated.
0
Comment
Question by:jduran04
5 Comments
 
LVL 13

Expert Comment

by:Rizzle
ID: 40374712
Hopefully this will help: https://discussions.apple.com/docs/DOC-2435

In our environment before we had implemented Sophos AV onto our Apple Devices (iMac and MacBook pros) we used an application called ClamXav to remove infections from the devices. I can only remember some strange activity on the iMac which is very similar to your situation but ClamXav helped clear it.
0
 
LVL 39

Accepted Solution

by:
Eoin OSullivan earned 500 total points
ID: 40374969
Its not likely to be a virus or malware but probably is a DNS Changer or similar type trojan.

Most often it is installed by the user who thinks they are installing a video codec or plugin in order to view video or streaming video files .. does this sound like what might have happened??  Macs can rarely be infected without actually downloading and installing software of some type.

The DNS Changer type trojans redirect your browsers by routing all your traffic at a dns level on your mac so it isn't the browser infected it is the underlying networking protocls.  To remove you need to remove any non-standard DNS settings on your mac and run a removal tool such as the f-Secure tool listed here.
http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml
0
 

Expert Comment

by:Jason Kerr
ID: 40474800
You might try going in to applications>utility>terminal and type:

lsof -i | grep ESTABLISHED

This will show you a list of all the connected applications and the ports their running on.

Easy way to tell whats running in the background.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Set up iPhone and iPad email signatures to always send in high-quality HTML with this step-by step guide.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Users will learn how resize a batch of photos from a single command in Photoshop via Photoshop's Image Processor. Open up an Image you'd like to resize in Adobe Photoshop: Adjust the image size according to your preferences. Image > Adjustments > …
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now