Simple MAC virus/adware annoyance - 2 today!

[phaZed]

This is the first I have heard of this and I have 2 macs coming in later this afternoon.

Looks like there is a drive-by website ****://chromebrowser.windowsdesk.net that is effectively locking up Safari to where the user can't exit by normal means. This is accompanied by lots of pop ups as well.

The website pops up (in SAFARI):
"Chrome Alert. Suspicious Activity Detected. Chrome may get stuck as an anonymous activity has found.
To fix, please call our Support at 844-503-3659 (Toll Free) immediately."

command Q to close Safari reportedly works. But Safari may need to be reset and/or ~/Library/Saved Application State/com.apple.Safari.savedState may need to be deleted. Some have said that reinstalling the OS is necessary.

Anybody come across this yet?

Seems the issue effects iPhone Safari as well.

 

[Mainstay]

This isn't quite as robust as MalwareBytes, but it has saved me serious time in digging through libraries

http://www.adwaremedic.com/AdwareMedic.dmg

 

[altrenda]

In addition to adware medic, deleting the ~/Library/Preferences/Safari.plist should do the trick.

 

[phaZed]

Deleting ~/Library/Saved Application State/com.apple.Safari.savedStat did the trick.

I was able to exit Safari and the error message by command+Q for the half a second before the pop-up message appears or option+command+ESC at any point.

The initial website my customer went to was a Birthday Cake gallery as in "Send a customized cake" to your birthday person.. site was ****://galleryhip .com/birthday-cake.html which redirects to the ****://chromebrowser .windowsdesk.net site, a few others real fast and then lands at the fake warning page at ****://treeforyou .com/popmac2

Smilebox was installed as well.

Additionally Genieo (/usr/lib/libgenkit.dylib) was installed as part of the drive-by.

Here's some screenshots of the message..

http://www.anony.ws/i/2015/01/08/IMG_20150108_113748.jpg
http://www.anony.ws/i/2015/01/08/IMG_20150108_113811.jpg

Running some additional scans and will report if anything else is found, but this looks like the extent of it so far.

 

[TechPJC]

anti-malware for macbooks?

 

[frase]

Apple users think they are unaffected

One cannot go past Kaspersky though for an overall solution -

http://reviews.usa.kaspersky.com/88...persky-anti-virus-for-mac-reviews/reviews.htm

 

[altrenda]

As the OP said, this is a simple browser hijack, it's malware but not a virus. And we all know how ineffective Windows AVs have been at stopping Conduit and its ilk. I don t think an AV is the answer here.

In supporting about a hundred macs, I have seen it twice. And its not that new.
Here is an example of this and similar ones and a way to remove them.https://sites.google.com/site/appleclubfhs/support/advice-and-articles/browser-popup-hijack-safari
You will find the chromewarning.windowsdeskdotnet in the list of sites.


btw, the site I linked to is a high school club, makes me feel old. I like how the guy who runs it calls himself the CEO, though.