mac malware

I have a user that uses a mac (OS X) and in the last 6 months when they go to websites there are ads all over the place.  They do not look like they are placed there by the website.  I have done some research and I think it is called ad injector software that is on the computer or the safari browser.  Any idea on how to get rid of this?
mkramer777Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott CSenior EngineerCommented:
I use Ad Block Plus on all of my PCs.

They also have one for the MAC.

https://adblockplus.org/category/adblock-plus-safari/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dan CraciunIT ConsultantCommented:
Try cleaning the mac using MBAM for OSX: https://www.malwarebytes.org/antimalware/mac/

HTH,
Dan
Thomas Zucker-ScharffSolution GuideCommented:
If it is malvertising (malware advertising unknowingly hosted by the website) you won't find anything to clean.  Just use an adblocker and that should alleviate the symptoms.  The malvertising itself is blocked so the user won't click on anything (including a close box).
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Justin BradshawOwnerCommented:
There are two types of malware going around on the mac right now:
1) actual malware that usually gets installed through questionable apps like MacKeeper and uTorrent and the like. These require the user to be somewhat duped and type in their administrator password to actually install them... and the malwarebytes tool is the best and easiest way to get rid of them.
2) Some sites are infected themselves and have been using invasive and difficult to ignore javascript pop-ups that have scary messages about the computer being infected and "you must call to remove it" kind of crap. They usually charge a few hundred bucks and ask to gain control of your computer to supposedly remove it, when all they do in fact is leave the site that generated a pop up. Usually force quitting your browser will get rid of them (and not going back to said infected website). In these cases, calling and paying the hackers is the worst possible way to solve it of course... and if someone were to let those guys on their computer I would definitely have it checked out for more invasive software, too. An adblocker can be helpful for this "malvertising" as Thomas puts it.
strungCommented:
Try downloading and running the freeware "AVAST":  https://www.avast.com/index
cousnitCommented:
You can try MacKeeper if it something that has been installed on the computer. www.mackeeper.com
Thomas Zucker-ScharffSolution GuideCommented:
I'm not really a MAC person, but I think Scott has answered the OP.
Justin BradshawOwnerCommented:
Whatever you do, DO NOT install MacKeeper. It is the source of much of the malware out there! It's a spammy, scummy piece of crappy software. Please avoid it at all costs.
Justin BradshawOwnerCommented:
Actually, Scott's answer is incomplete: adblock software will not help mkramer777's user with his problem.

Maybe it will help see less ads but it won't get rid of the malware that the person has on their computer. for that he must use malwarebytes' tool.
Scott CSenior EngineerCommented:
Glad to have been able to help.  Thanks!!!
Thomas Zucker-ScharffSolution GuideCommented:
Justin's comment prompted me to look further and the first hit on google (other than official mackeeper site) was this one: http://www.imore.com/avoid-mackeeper worth a read.

Disclaimer: I know very little about MACs and do not in any way purport to be a MAC expert.
Thomas Zucker-ScharffSolution GuideCommented:
Justin,

Why are you so sure there is malware on the users computer?  The OP gave very little information.
mkramer777Author Commented:
The adware blocker is working fine.  I'm good.
Justin BradshawOwnerCommented:
The reason I'm sure is that if it's been happening regularly for 6 months, then it's not type 2 that I was referring to.

An adware blocker may be able to fight the injector software but you're paying a performance cost for the situation and your better solution is to remove the software entirely rather than just cover it up by blocking ads.

mkramer777 please just run malwarebytes for mac and see if there is anything on the machine. Also, check Safari > Preferences > Extensions to see if there is anything in there you don't recognize or didn't install. It's probably the culprit (however if something is not there, it does't mean you don't have malware... just that it's not the easy-to-find-kind. that's what the malwarebytes tool is for.
Thomas Zucker-ScharffSolution GuideCommented:
Thanks for the clarification,  like I saps I'm not a MAC person.
Scott CSenior EngineerCommented:
I agree.  Run Malwarebyte's to clean that any anything else up.
mkramer777Author Commented:
Ran malware bytes.  Did not find anything.  Ran Avast and that found 5 things.  It removed it.  We will see if that helps.
Scott CSenior EngineerCommented:
Now that you can be pretty sure you now have a clean machine and the ad blocker you should be good to go.
Thomas Zucker-ScharffSolution GuideCommented:
My motto has always been, once infected, always infected.  If this is truly a malware problem, the only way to be SURE that you have no more problems is a full wipe and reinstall of the operating system.  Otherwise DO NOT use this machine to access any sites you don't want compromised. (that includes entering any passwords you don't want compromised).  While I'm on the passwords topic - Change all of your passwords, ASAP.
serialbandCommented:
Adblock Edge blocks more ads than their original Adblock Plus.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Mac OS X

From novice to tech pro — start learning today.