Category Archives: Internet Scams

How to Check For Malware on the Mac

Macintosh Malware and Antivirus Support

Stay safe from virus and malware activity on your Macintosh with these simple tips.

Do you think your Mac has been infected by malware or a virus? It’s always possible, and here’s some ways to check.

Is it a virus? Is it malware?

First of all, don’t blame every single problem on malware or a virus. Many problems on the Mac appear to be virus related, but, actually are system related. If you’re not surfing underground sites or downloading software from places you shouldn’t, you shouldn’t have any virus or malware activity. In the off chance that you do get a virus or malware, here are some basic things you should do to get rid of the malware or virus on your Mac.

Let’s start with the browser.

Google Chrome for the MacOn the Macintosh, you have a few choices for web browsers. The big three browsers that most people use are Google Chrome, Safari, and Firefox. Of these particular browsers, we prefer Google Chrome as our day-to-day browser. Google chrome for Mac is a fairly lightweight browser, has great security controls, and doesn’t seem to have the issues that the other browsers tend to have. Another great feature of Google Chrome is that it has Adobe Flash built right into it. This means you’re not hounded by the constant warnings to upgrade Adobe Flash. This is not to say Safari and Firefox are not safe, we just have a better track record with Google Chrome across-the-board. It’s wise to be careful what extensions you do load into Google Chrome. Only stick to known good browser extensions that are featured on the Google app store. if you do need to stick to using Safari as your daily web browser, you should turn off the extensions. Extensions and toolbars are a common way for malware and viruses to get into your Mac.

Use free Malware and Virus checking software

The best free software we have found to detect malware on your Mac is Malwarebytes. This software is remarkably easy-to-use, and can be run once or twice a week to check for any malware on your Macintosh based computer. We’ve been surprised a few times to find that we actually did have malware and the software has found it and deleted it every single time. This software doesn’t run automatically; you will have to run it by yourself once in a while. Another great piece of software we have found the check for viruses and malware on a Mac is from the company Sophos. This free software does run continually on the Macintosh and is also a good, lightweight piece of software for checking viruses and malware on a Mac. Apple can also detect and defeat certain malware from their end which is built into the Macintosh operating system. This is obviously not the best option because you have no control over what it finds and what it gets rid of.

Did MalwareBytes find malware on your Macintosh?

View Results

Loading ... Loading ...

Backing up your data is a wise move

With good data backups, a good portion of malware and viruses shouldn’t affect your data. Even better, have multiple backup options so your main data backup doesn’t get infected. We prefer multiple hard drives, and Google Drive as our backup options. Apple provides the Time Machine software that can back up every single Mac for free. All you have to do is provide an external hard drive for this option to work.

Be incognito whenever possible

Most browsers today offer an incognito mode, Or stealth mode, which hides your browsing activities. If there are sensitive sites you travel to, using one of the stealth modes may help limit the malware and virus activity on your Mac. The stealth mode can stop tracking and automatically turn off cookies on these sites as you visit them, which aids in your protection.

Stay away from filesharing and torrent sites

A lot of virus and malware activity on a Mac comes from filesharing and torrent sites. You should limit access to the sites if at all possible, especially if other family members are using the Mac. A good option in this case is to use a DNS filtering service such as OpenDNS to stop people in your household from accessing these and other dangerous sites.

Everyone should not be an administrator on the Mac

If your Mac has multiple users, and all them are set up as a administrators, this is not a good situation. This simply means that anybody using the Macintosh has full privileges on the Mac. They would actually be able to install any piece of software, including malware, that they deemed fit. Changing these users to standard users is a great way to bypass this problem. By making them standard users, they don’t have the privileges that an administrator would have. Therefore, they would not be able to make any changes on the system at all. By teaching these users good browsing habits, you should be able to limit the amount of malware and virus activity on your Mac.

Please consider a small and secure donation if this post helped you with your issue!




Incoming search terms:

  • how to check if my mac has a virus
  • how to check mac for virus
  • mac malware el capitan

New Mac OS X ‘Keranger’ Ransomware: What You Need To Know

Transmission Mac Ransomware

Transmission Mac Ransomware

On March 4th 2016, virus researchers discovered a nasty new form of ‘ransomware,’ or software that can take over a Macintosh computer and encrypt and lock the files for monetary payment. This particular strain of ransomware is unique because A.) It’s one of the first public instances of ransomware on the Macintosh platform and B.) It was snuck onto the Mac platform by a popular piece of software commonly used to download torrents, such as movies and television shows called “Transmission.” Security researchers are calling this ransomware “OSX.KeRanger.A”

The delivery mechanism for this ransomware was also unique in that it appeared to sneak in with a very common update to the Transmission software. Most users simply perform these updates without thought, and that’s where the ransomware was hidden–in a seemingly normal text RTF document. Once the malware executes, it silently begins to encrypt the user files in the background–as well as any Time Machine backups–and then alerts the user to pay 1 bitcoin (which is equal to about $400) to unlock the files. By using Bitcoin to pay the ransom, the transactions become virtually untraceable.

Here’s what you need to know about this ransomware if you are using Transmission on a Macintosh:

  1. Immediately perform an upgrade to the Transmission software if you are currently running version 2.90. The currently unaffected version is now 2.92 and can be found at the Transmission website located here.
  2. The malware can take up to 3 days to begin work when installed.
  3. Apple has revoked the security certificate for the malicious software, which should stop it from being installed in the future.
  4. The Transmission authors have removed the malicious installers from their website, however, the malicious software still seems to be under development.
  5. The infected Transmission installers include an extra file (which looks like a text file) named General.rtf in the Transmission.app/Contents/Resources directory.
  6. Upon execution, the ransomware will create 3 files called “.kernel_pid”, “.kernel_time” and “.kernel_complete” in the ~/Library directory. It will then attempt to sleep for about 3 days before continuing.
  7. The user will then receive a text file explaining how to decrypt the files by purchasing a bitcoin and paying it to a particular address.
  8. The malware will encrypt many types of files, including documents, photos, audio and video, archive files, email and database files.
  9. Users should check /Applications/Transmission.app/Contents/Resources/ to see if a file called General.rtf exists. If so, delete your copy of Transmission immediately.
  10. Users can check Activity Monitor for a process called “kernel_service” in the list. If you see this process, select the process and choose “Open Files and Ports” and see if it contains a filename such as “/Users/<user_name>/Library/kernel_service,” which is most probably the main process of this ransomware. You can force quit this process by choosing “Quit –> Force Quit”
  11. Users should check for files with the names “.kernel_pid”, “.kernel_time”, “.kernel_complete” and “kernel_service” located in the ~/Library directory on the Mac. These files can be safely deleted.
  12. Apple will now present a message telling the user that they can no longer install an infected version of Transmission. All that they can do is to eject the disk image.

Please consider a small donation if this post helped you with your issues!


Has Your Apple ID Account Been “Frozen?”

Phishing for Apple ID AccountsThere’s another new scam going around that appears to be from places such as “katzweb.net” and other sites telling you that your AppleID account has been “frozen,” and that you should “verify your account.” This is complete nonsense and a horrible “phishing” attempt. Phishing is when a person or company that is not the real person or company attempts to get private and sensitive information from you, such as credit card numbers or social security numbers. This is NOT real and you should NEVER give your personal data away in these instances. Unless you are directly talking to an Apple employee (via the Apple.com website or 1-800-APL-CARE support line), you will have serious issues when these sites get your personal data.

If you are contacted by anyone or any company requesting data that has anything to do with an AppleID, you should forward that suspicious (although very real looking) email to Apple support located at reportphishing@apple.com. They will be able to determine if this was a real or fake request and they will contact you directly.

Be safe out there!

Issues with AppSo crashes and high CPU use on a Mac?

High Mac AppSo UseWe had a client report today about a strange thing that has started to happen on their Mac. They complain that the computer will begin to work fine, and slowly over time, the Mac will grind to a halt and begin to crash and freeze at times. They checked the Activity Monitor and noticed a process called “AppSo” taking up huge amounts of memory and processor usage. As it turns out, chances are pretty good that this Mac has a trojan horse installed onto it, probably from installing fake online-based utility programs like “Install Mac,” or “MacKeeper.” You may also see a pop-up window that says “Please run InstallMac compatibility test and updates for the upcoming Mac OSX.” These programs typically have full access to your Mac, and then proceed to install backdoor programs to capture your data and make it appear as if your Mac is having problems (which it creates).

So, we have to first determine if we in fact are infected by these types of Trojan Horse programs. It’s pretty easy to determine by going to the “Go” menu and choosing “Go To Folder…” in the Macintosh finder. When the search box appears, type in this path:

~/Library/LaunchAgents

That is the user library, not the system library. Inside this folder, look for some files that look like the following examples:

something.ltvbit.plist

something.download.plist

something.update.plist

The “something” above may contain random names–and this is just a few examples; there could be many variations of these–such as:

MacKeepr, InKeepr, Javeview,Leperdvil, Manroling,Totiteck, etc.

BACKUP YOUR MAC FIRST! If you happen to see any or all of these files, you must move them to the trash to get rid of this Mac trojan horse. Simply move any one of those folders that contained our example above into the trash. You may have a now-empty LaunchAgents folder, and that is perfectly OK.

Let’s go to the Finder’s “GO” menu again and choose “Go To Folder…” and type in:

~/Library/Application Support

Locate any of the files in this folder that we noticed in our examples above. Remove anything that contains those names.

You can then head to your Applications folder on your Mac and locate any items that contain any of our example names from above, or, “ZipDevil.” Move these items to the trash as well.

Restart your Mac.

At this point when you come back after your restart, you should be able to empty your Mac’s trash in the Finder.

You may want to also consider checking all of your browsers for extensions that shouldn’t be there, or, look unfamiliar. This includes Safari, Chrome and Firefox. These extensions can be the door that the trojan horse used to get into your Macintosh. It wouldn’t be a bad idea to start to consider to use some Macintosh anti-virus and anti-trojan software such as Norton Antivirus or Trend Micro Antivirus.

Please leave some comments if you have issues with this procedure, or, just want to let us know that you indeed had a Macintosh Trojan Horse!


 If you enjoyed this article and we have helped you out, please consider a small donation so that we may bring you more helpful tips and tricks on the Macintosh!

Incoming search terms:

  • appso

800-656-8547 is another pop-up scam–don’t fall for it!

800-656-8547 Scam

800-656-8547 is most likely a phishing scam designed to get access into your Mac–don’t fall for it!

There is another scam going around as pop-ups that appear in your browser while surfing the web with Safari, Firefox or Chrome. What happens is a pop-up appears and explains that you have a security breach on your Macintosh (or Windows computer). Then, it directs you to call 800-656-8547, for instructions on how to take care of this “breach.” The instructions are to let a “technician” into your computer virtually, which is a bad idea in general, and then have to pay them upwards of $300 to “clean your Macintosh.” This is just another variation of the typical pop-up scareware banners that trick you into thinking something is wrong with your computer–which there is not. Whatever you do, don’t call that number! 

If you happen to be reading this post after you have called the number for this pop-up scam, here’s a few things to do immediately on your Macintosh.

  • First, if you gave them a credit card number, you will probably want to call the bank and have them deny the charge and cancel that card. Once they have that number, they may use it further, or, sell it off on the black market.
  • If they actually took control of your Mac, they may have done nothing, or, they may have inserted any variety of malware, keylogging software, etc. It’s hard to say for sure, but, different scams of this variety do different things. At minimum, you would want to change your administrator password (System Preferences –> Users and Groups –> Change Password) for all accounts on the Mac. Depending on your comfort level, you would also want to consider rolling back to an earlier date in time with Time Machine backup, or, consider a scorched Earth path to completely wipe the computer clean and start over. If you were to do this drastic step, I would wipe the computer clean, and then install an operating system first, and then go back and restore just your user folder from backup. Select only important users in the Setup Assistant dialog box—not the Applications, Other files and folders, or Computer & Network Settings. Don’t transfer the Guest account, if you had this enabled.
  • Don’t install 3rd party software from your backups–try to go back to the original media for this step.
  • We advise you change any internet passwords that you may have typed in after this breach, such as banking or online retail store accounts–this is a good step to do anyway, every few months.
  • It’s not a bad idea to install some form of anti-virus software at this point, such as Sophos for the Mac, which is more of a piece-of-mind-just-in-case step. It will come up with some errors during scanning, which usually means that it cannot scan system files that are in use. If it finds anything strange, it will quarantine these files.

Hopefully after all of these steps, your Mac will be somewhat back to normal. Remember, this scam is a popular one and many more malicious folks are putting this scam into action. 800-656-8547 is just one of many following the same routine and we ask that you don’t ever call anyone for Macintosh help except for AppleCare and local computer companies (such as Capital Mac Service) in your area that specialize in the Macintosh. If you get bitten by this, or any other scam, don’t panic and don’t ever give out personal information such as credit card numbers, social security numbers and birthdates. Above all else, don’t let remote people take over your computer–this is just asking for trouble!