Installed Yosemite and now have obscene ads popping up every where

[amanda2261]

I installed Yosemite and now have numerous obscene advertisements (and I mean 8-10 windows opening on their own) each time I click on a new page. They are also forcing their way onto the websites I view above an of their content.

Adware Medic is not picking up on anything. ClamXav finds the following but will not quarantine so I don't know how to get rid of it:

Filename Infection Name Status
/Users/amandabotfield/Library/Mail/V2/POP-amanda@shine-elc.com.au@pop.asia.secureserver.net/INBOX.mbox/835617ED-0865-46BB-85C6-C218F83C85B9/Data/1/3/Messages/31815.emlx Heuristics.Phishing.Email.SSL-Spoof
/Users/amandabotfield/Library/Mail/V2/POP-amanda@shine-elc.com.au@pop.asia.secureserver.net/INBOX.mbox/835617ED-0865-46BB-85C6-C218F83C85B9/Data/2/3/Messages/32509.emlx Heuristics.Phishing.Email.SpoofedDomain

My computer was fine prior to installing Yosemite and I have never previously had any trouble with any of my Mac's.

I cannot log into the Apple Forum, I enter my Apple ID and password and it does not log me in so I cannot ask for help there.

Our computer is a business computer for an early childhood service so these ads are highly inappropriate. I am not sure what else to do.

PLEASE HELP! And I apologise for the offensiveness of the picture below but that is a mild shot of what we are being exposed to.

 

[SlCKB0Y]

I installed Yosemite and now have numerous obscene advertisements (and I mean 8-10 windows opening on their own) each time I click on a new page.

Welcome to the internet!

 

[amanda2261]

Welcome to the internet!

It is exactly why we moved away from PC's and had never had a problem in the last 7 years with Mac's now we install a supposedly 'better' OS and it is the worst we have ever experienced!! Do you have any suggestions SICKBOY?

 

[Bruno09]

Do you have AdBlock for Safari installed ?

The 2 files ClamXav found are in your emails, and could be manually deleted.

 

[Watabou]

It is exactly why we moved away from PC's and had never had a problem in the last 7 years with Mac's now we install a supposedly 'better' OS and it is the worst we have ever experienced!! Do you have any suggestions SICKBOY?

You're right, Yosemite (obviously) doesn't come with ads.

You've definitely have some form of malware/adware installed. It's pretty surprising that Adware Medic didn't find anything. I would first check Safari's extensions and make sure that you haven't installed anything suspicious. It's interesting that ClamXAv is pointing towards some of your mail messages, so maybe you could have opened an attachment that contained malware.

The next thing I would try it open up Activity Monitor, and check out the processeses that are running and see if any of them looks suspicious.

If all else fails, I would actually suggest a clean install, and be very careful of what you install/download/open in the future.

 

[PhiLLoW]

Sounds like a program changed your default website and the homepage itself loads a lot of new tabs/pages/pop ups.

Go to Safari => Settings => Homepage and check for a suspicious website.

 

[fisherking]

check your login items too (in system preferences, Users & Groups). definitely not from the yosemite install.

FIND those 2 emails and DELETE them.

 

[AllergyDoc]

This thread brings back awful memories from my Windows days.

 

[zeeklancer]

And while you are poking around you should look at the web history and figure out who was viewing porn on your site

I highly doubt it was the e-mails.

 

[Apple_Robert]

The OP's problem definitely did not come from a fresh install of Yosemite. That problem arose afterward, from someone who has been using the computer.

 

[simonsi]

In addition to the above you need to control access to the machine, in particular once you have resolved the issue you should seperate admin access and use a daily usage account for routine access if the machine is shared, then you can use parental controls to limit the sites and material the daily use account can access.

Finally you then need to review everyone that has had any access to the machine, viewing such content is pretty incompatible with working in such an environment, you should consider a full review of your formal internet usage policy in that workplace and make all staff fully aware of what has been found and how it will be treated in the future.

You dont have a problem Yosemite install, you do have a problem staff member (or whomever could have accessed it).

Sorry but I have run child-related businesses in the past, you need zero tolerance here.

 

[Apple_Robert]

In addition to the above you need to control access to the machine, in particular once you have resolved the issue you should seperate admin access and use a daily usage account for routine access if the machine is shared, then you can use parental controls to limit the sites and material the daily use account can access.

Finally you then need to review everyone that has had any access to the machine, viewing such content is pretty incompatible with working in such an environment, you should consider a full review of your formal internet usage policy in that workplace and make all staff fully aware of what has been found and how it will be treated in the future.

You dont have a problem Yosemite install, you do have a problem staff member (or whomever could have accessed it).

Sorry but I have run child-related businesses in the past, you need zero tolerance here.

Excellent advice.

OP: If possible, I would remove the computer from employee access. If clients were to see the mess on your computer, it could be very bad for you. I would restrict access to the owners of the business, if at all possible, unless you have a sure fire way of locking it down tight for employees. You do not want to put your livelihood at risk, because some employee wants to treat your business computer as his or her own personal computer to troll the internet.

 

[amanda2261]

Employees do not have access. It is my computer in the office. I think it may have something to do with the router can they get malware?

----------

The OP's problem definitely did not come from a fresh install of Yosemite. That problem arose afterward, from someone who has been using the computer.

It was a fresh install of Yosemite. No one else has access to the computer (password protected)

----------

In addition to the above you need to control access to the machine, in particular once you have resolved the issue you should seperate admin access and use a daily usage account for routine access if the machine is shared, then you can use parental controls to limit the sites and material the daily use account can access.

Finally you then need to review everyone that has had any access to the machine, viewing such content is pretty incompatible with working in such an environment, you should consider a full review of your formal internet usage policy in that workplace and make all staff fully aware of what has been found and how it will be treated in the future.

You dont have a problem Yosemite install, you do have a problem staff member (or whomever could have accessed it).

Sorry but I have run child-related businesses in the past, you need zero tolerance here.

I am the owner of the business and Boone has access to the computer and I certainly have not looked at porn. History does not reveal any porn sites visited and the office is separately alarmed, security camera over the past few months have not shown anyone using my computer other than myself.

 

[Apple_Robert]

Employees do not have access. It is my computer in the office. I think it may have something to do with the router can they get malware?

----------



It was a fresh install of Yosemite. No one else has access to the computer (password protected)

----------



I am the owner of the business and Boone has access to the computer and I certainly have not looked at porn. History does not reveal any porn sites visited and the office is separately alarmed, security camera over the past few months have not shown anyone using my computer other than myself.

Is your Mac networked with other computers in the business? Have you opened any forwarded email or attachments? Have you installed any programs recently? If so, were they Apple developer approved?

A clean browser history (re: Boone usage or otherwise) doesn't really mean a lot, as it (history) can be cleared from view from the average user.

By fresh install, do you mean you wiped the HD and then installed Yosemite followed by a clean install of all programs, without using a TM backup for anything?

 

[simonsi]

Employees do not have access....and Boone has access

Sorry I'm not understanding those statements here but either way....there are only a few methods by which what you are experiencing can be achieved:

Loading adware or malware onto your computer (often as part of an innocent-sounding installer - but normally obtained from a dubious source, perhaps along with a hacked/illegal copy of a mainstream App or program)

A phishing website redirecting you - often linked to or contained in innocent-but-unlikely sounding emails...

Redirecting all web traffic in your router by changing its DNS settings (this would have to have been done manually by someone with access changing those setting after logging into the router).

Lets look at these in reverse order:

Your router, I'd suggest you change its admin and WiFi passwords to make sure the WiFi network is secure, if your router has an option to be administered from the WAN/public side (i.e. out on the internet), turn that option OFF to make sure settings can only be changed from within your network. Ensure the WiFi network is using some form of security. Also ensure if the router has a firewall it is UP. Then check with your ISP what its settings for DNS should be and make sure they are set so. Then reboot it to make sure those settings are active.

If you are unsure how to do this then normally your ISP can advise, especially if you rent the modem/router from them.

Phishing emails, well ClamxAV found two I see so find them and delete them, understand whose account they came in on and were they spam or were links being actively passed around (whether or not the recipient knowingly understood what they were. Spam is normally easy for a human to spot. Investigate whether your email provider has anti-spam services running and again, talk to them to decide if the settings are correct for you. Practice safe computing for yourself (basically use software only from trusted sources etc), and secure your machine so that only you can install software on it (see my comments about running two accounts above).

Now your machine. Passwords are great but they can be discovered/cracked or simply guessed at, you should consider who has physical access to the machine and any opportunity, both potentially malicious and unintentional (this is why running a limited-permission daily account is a good idea). Change your password to a strong one and avoid easily/obvious ones that might be guessed at.

Once you have considered all this and the router is secured and using the ISPs settings I would recommend you do a further clean install, given that some known good tools are not finding this for you it is the best way to guarantee you a clean start. Once reinstalled, reload your apps only from known good sources (such as the Mac App Store), then reload any documents your may have - do not do a full restore from a Time Machine backup though as you may then re-install any malware or adware you have just removed....

I think this would give you a good clean position and shouldn't take more than a few hours and possibly a couple of phone calls to achieve - well worth the investment for peace of mind.

If anyone sees I've missed anything please chime in....

 

[amanda2261]

Employees do not have access....and Boone has access


Ahh that would be no one not Boone!

----------

Sorry I'm not understanding those statements here but either way....there are only a few methods by which what you are experiencing can be achieved:

Loading adware or malware onto your computer (often as part of an innocent-sounding installer - but normally obtained from a dubious source, perhaps along with a hacked/illegal copy of a mainstream App or program)

A phishing website redirecting you - often linked to or contained in innocent-but-unlikely sounding emails...

Redirecting all web traffic in your router by changing its DNS settings (this would have to have been done manually by someone with access changing those setting after logging into the router).

Lets look at these in reverse order:

Your router, I'd suggest you change its admin and WiFi passwords to make sure the WiFi network is secure, if your router has an option to be administered from the WAN/public side (i.e. out on the internet), turn that option OFF to make sure settings can only be changed from within your network. Ensure the WiFi network is using some form of security. Also ensure if the router has a firewall it is UP. Then check with your ISP what its settings for DNS should be and make sure they are set so. Then reboot it to make sure those settings are active.

If you are unsure how to do this then normally your ISP can advise, especially if you rent the modem/router from them.

Phishing emails, well ClamxAV found two I see so find them and delete them, understand whose account they came in on and were they spam or were links being actively passed around (whether or not the recipient knowingly understood what they were. Spam is normally easy for a human to spot. Investigate whether your email provider has anti-spam services running and again, talk to them to decide if the settings are correct for you. Practice safe computing for yourself (basically use software only from trusted sources etc), and secure your machine so that only you can install software on it (see my comments about running two accounts above).

Now your machine. Passwords are great but they can be discovered/cracked or simply guessed at, you should consider who has physical access to the machine and any opportunity, both potentially malicious and unintentional (this is why running a limited-permission daily account is a good idea). Change your password to a strong one and avoid easily/obvious ones that might be guessed at.

Once you have considered all this and the router is secured and using the ISPs settings I would recommend you do a further clean install, given that some known good tools are not finding this for you it is the best way to guarantee you a clean start. Once reinstalled, reload your apps only from known good sources (such as the Mac App Store), then reload any documents your may have - do not do a full restore from a Time Machine backup though as you may then re-install any malware or adware you have just removed....

I think this would give you a good clean position and shouldn't take more than a few hours and possibly a couple of phone calls to achieve - well worth the investment for peace of mind.

If anyone sees I've missed anything please chime in....

Many thanks I will try all of this tomorrow when I can do it in peace and quiet and no accidental eyes seeing the porn!

 

[simonsi]

Many thanks I will try all of this tomorrow when I can do it in peace and quiet and no accidental eyes seeing the porn!

Yep take it steady and just work it through

 

[Abba1]

I installed Yosemite and now have numerous obscene advertisements (and I mean 8-10 windows opening on their own) each time I click on a new page. They are also forcing their way onto the websites I view above an of their content.

Adware Medic is not picking up on anything. ClamXav finds the following but will not quarantine so I don't know how to get rid of it:

Filename Infection Name Status
/Users/amandabotfield/Library/Mail/V2/POP-amanda@shine-elc.com.au@pop.asia.secureserver.net/INBOX.mbox/835617ED-0865-46BB-85C6-C218F83C85B9/Data/1/3/Messages/31815.emlx Heuristics.Phishing.Email.SSL-Spoof
/Users/amandabotfield/Library/Mail/V2/POP-amanda@shine-elc.com.au@pop.asia.secureserver.net/INBOX.mbox/835617ED-0865-46BB-85C6-C218F83C85B9/Data/2/3/Messages/32509.emlx Heuristics.Phishing.Email.SpoofedDomain

My computer was fine prior to installing Yosemite and I have never previously had any trouble with any of my Mac's.

I cannot log into the Apple Forum, I enter my Apple ID and password and it does not log me in so I cannot ask for help there.

Our computer is a business computer for an early childhood service so these ads are highly inappropriate. I am not sure what else to do.

PLEASE HELP! And I apologise for the offensiveness of the picture below but that is a mild shot of what we are being exposed to.

From Extensions, get Ghostery and AdBlock Plus. You may also want to get Web of Trust, which will help you to decide if you want to open a website or not. All three are free. Also, you need to be very careful of the email you open. It would help if you disabled "Load Remote Images" in iPhone and iPad (Mail), as this should help, but not totally, to keep the bad guys out. You may also want to get some sort of Spam filter as that would also help. And, you can use rules on iCloud to send any email from a particular address to the trash, which will certainly help you on the Mac. Just be sure to set up delete trash (on Mail) every day or even every time you close Mail.

 

[dsemf]

Also, for Safari, go to Preferences >> General Tab. Uncheck Open Safe Files. There is no such thing.

DS