So my friend wanted to watch "50 shades of grey" (I know) and so I showed her how to install Bittorrent and download a torrent file. 2 days later (today) she messaged me saying that her browser settings have changed, the mackeeper icon is in her dock and that she couldn't even open google drive. I am mostly concerned about the mackeeper icon since I have heard very bad things about it. What is going on?? This didn't happen to me (also on a mac). How do I fix this without any kind of damage?
Asked
Active
Viewed 3,893 times
1
-
see http://apple.stackexchange.com/questions/171941/yahoo-search-has-hijacked-all-my-internet-browsers-safari-firefox-how-to-rem – Tetsujin Mar 03 '15 at 14:34
-
I'd recommend reading and following the answer from this question as it gives step-by-step instructions how to remove the adware. – Asmus Mar 03 '15 at 15:46
1 Answers
1
So the torrent file had extras, and your friend installed them.
Videos are, in general, just data files and thus safe to open. If the download included an installer package, program (perhaps disguised as a video) or script, and you run it, it can do many things.
Ask your friend if she was asked for her password at any point in the process. Videos will never, ever ask for your password. If she said yes, and typed it in, she just allowed the download to install anything it wants. This is a trojan, not a virus, and like the horse the Greeks gave to the Trojans it bypasses almost all of the system security.
Your friend needs to stop using her computer. Right now. From a different computer, she needs to change all of her passwords. Email, online banking, Apple ID, Google Drive, dropbox - anywhere she has ever accessed from that machine. That needs to happen immediately after turning the computer off.
Next, you get to reformat the computer's drive and reinstall everything from the original media. Do NOT use the migration assistant or restore from a backup - it's very easy to install something in the user's library that will persist through a restore process. And copy files one by one, only if you recognize them. Copying folders will also copy hidden files, and we don't want any of those.
Will this take a long time? Yes, it will. It will take less time than dealing with your various online services if someone steals your information a second time because you didn't clear it out correctly.
Never type in your password unless you are expecting to need to.
paul
- 2,665
- 12
- 8
-
I'd say reinstalling the system is a bit overkill, since it's most likely "only" Adware that got installed. Though, of course, you never now. – Asmus Mar 03 '15 at 15:42
-
I would think that a Time Machine restore from a safe time prior to the bit torrent, after a format and reinstall of the OS would be much faster and still avoid the malware. – jalynn2 Mar 03 '15 at 18:24
-
1Both of you guarantee that a keylogger didn't come with the adware? And note that it would take me about 20 minutes to write a script that would pollute the entire Time Machine process with whatever I want. – paul Mar 03 '15 at 23:28