Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.sys.mac.system > #104937

Re: Something not particularly dangerous (?) is annoying the heck out of me

From Jolly Roger <jollyroger@pobox.com>
Newsgroups comp.sys.mac.system
Subject Re: Something not particularly dangerous (?) is annoying the heck out of me
Date 2017-04-22 17:43 +0000
Organization People for the Ethical Treatment of Pirates
Message-ID <em1j1lFosctU1@mid.individual.net> (permalink)
References (14 earlier) <4158b3b2-090d-4d80-a0e1-4f220b33be82@googlegroups.com> <el82vlFqipoU1@mid.individual.net> <a0460a20-e15f-4b63-b538-88de00bd50f9@googlegroups.com> <elvigaFdfs5U1@mid.individual.net> <7677d941-abca-40d0-a4eb-4c73baf59d73@googlegroups.com>

Show all headers | View raw

On 2017-04-22, licensedtoquill@gmail.com <licensedtoquill@gmail.com> wrote:
> I am running 10.12.4, def browser is chrome and yes, my description IS
> the way to get to the dashboard, - on my computer at any rate.
>
> Malwarebytes reports
>
> 2017-04-22 11:57:37 : Scanning with signatures version 184 (2017-4-18)
> 2017-04-22 11:58:20 : Adware.Crossrider :
> /Users/LicensedToQuill/Library/Application Support/.ShoppyTool
> 2017-04-22 11:58:36 : PUP.JDIBackup :
> /Users/LicensedToQuill/ZipCloud.exe 2017-04-22 11:58:44 : *** Scan
> time: 0d 00:01:06 *** 2017-04-22 11:58:44 : ------ Scan Ended ------
> 2017-04-22 12:04:21 : Removing detected threats...  2017-04-22
> 12:04:21 :  Removing Item: /Users/LicensedToQuill/Library/Application
> Support/.ShoppyTool 2017-04-22 12:04:21 :  Removing Item:
> /Users/LicensedToQuill/ZipCloud.exe 2017-04-22 12:04:21 : ---- Threat
> Removal Complete ----
>
> (The problem is unaffected)

As I suspected, this shows you have three different adware packages
installed:

* Crossrider 
* ZipCloud
* ShoppyTool

All of these can cause your browser to spy on you by gathering
information about you and your computer - especially your web browsing
habits - and deliver a variety of intrusive advertisements.

Crossrider was installed because you downloaded a video recording or
streaming app (fake Flash updates, etc), a download-manager, or a PDF
creator app which came with the adware bundled with its installer.

Likewise, ZipCloud is installed when an untrustworthy web site displays
a pop-up message telling you that you need to install a fake Flash
update, and you go ahead and follow the instructions to install it. The
installer you download in such a case has the ZipCloud install bundled
with it. It's also associated with Yahoo Search extension and
MacKeeper, both of which you should always avoid.

Like the others, ShoppyTool is bundled with installers that you are
tricked into installing thinking they are legitimate when you have
actually obtained them from untrustworthy sources.

Again, you should always refrain from installing anything in the future
unless you know for *certain* it was downloaded from a *trusted* source.

You should always ignore any web site that tells you out of the blue
that you need to download any piece of software, or that your computer
has a virus, or that your computer needs security software. And if you
are ever unsure whether a site or source is trustworthy, you should
*not* trust it by default. As the saying goes: Just Say No ™. ; )

Again, many software repository web sites are known to bundle adware
with installers downloaded from them, and should be avoided, including
these and possibly others:

* CNET Downloads
* VersionTracker
* MacUpdate
* Softonic

If you want to download a piece of software listed on such a site, you
should instead download the installer from the actual software
developer's web site. For instance, if you wanted to download Pixelmator
that is listed on MacUpdate.com, you should download it only from the
developer's website at http://www.pixelmator.com.

Obviously MalwareBytes is unable to completely remove these from your
system. So you'll need to remove them manually instead. The link below
is to a fairly comprehensive step-by-step guide showing how to remove
all vestiges of adware or unwanted software from your system. Be sure to
follow each step in the process thoroughly before moving on to the next.
If you get stuck at a certain spot, reply to this post asking for
assistance.

<http://www.thesafemac.com/arg-identification/>

Once you have gone through the whole process, reboot your computer and
then run MalwareBytes once more (make sure you are running the absolute
latest version first) to see if it reports anything new in the log. 

If it does report anything, you've apparently missed something along the
way, or you've again downloaded and installed some untrustworthy piece
of software. 

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

Back to comp.sys.mac.system | Previous | NextPrevious in thread | Find similar

Thread

Re: Something not particularly dangerous (?) is annoying the heck out of me licensedtoquill@gmail.com - 2017-04-21 11:51 -0700
  Re: Something not particularly dangerous (?) is annoying the heck out of me Jolly Roger <jollyroger@pobox.com> - 2017-04-21 23:21 +0000
    Re: Something not particularly dangerous (?) is annoying the heck out of me licensedtoquill@gmail.com - 2017-04-22 09:07 -0700
      Re: Something not particularly dangerous (?) is annoying the heck out of me Jolly Roger <jollyroger@pobox.com> - 2017-04-22 17:43 +0000

csiph-web