Page 1 of 1

Mal-Ware named MacKeeper?

Posted: Wed Mar 15, 2017 8:39 am UTC
by addams
Mal-Ware named MacKeeper?
Is this a Thing?

I thought I was updating Adobe Flash Player.
I thought that was a good idea for U-Tube use.

What I got is Some Thing called MacKeeper wanting to scan my machine.
I say, "No." It tells me I need its Protection. It is persistent. (I hate it.)

It has left an icon up on the Top Right with my clock, calendar, wi-fi, and TimeMachine.
Every time I attempt to Post, this MacKeeper Opens. It sends me the Beach Ball.

Everything has slowed down.
It bothers me.

Can I Kill It??

Re: Mal-Ware named MacKeeper?

Posted: Wed Mar 15, 2017 8:45 am UTC
by addams
Now! I'm getting a message that says it is from the Apple Store.
It says I need a Full System Scan. Should I do it?? Help!!

oh, Someone that knows more than I do...
Help! oh, Please Help.

(sniff) I have a malware.

Re: Mal-Ware named MacKeeper?

Posted: Wed Mar 15, 2017 10:50 am UTC
by Soupspoon
There is a MacKeeper, legitimately. Although it doesn't seem to be so well regarded as to be woth being 'faked' as a front for full Malware, nor kept about if it is the real thing.

It's been a while since I updated Flash Player (and never of a Mac), but I think that's one of the things that (on Windows) has the "oh, please install <some partnered tool that is a poor man's AV>" in the installation dialogue with a preticked checkbox next to it that you have to remember to untick.

Or the alert that you had to update(/install) Player itself was a false-advertising thing, to start with, the gateway to a whole slew of who-knows-what other things.

The "Full System Scan" is either a legitimate thing (wouldn't be surprised) or a pop-up/advertising weasel trick (very common), and I wouldn't trust the link it gave, but I might trust going and getting it myself, on the assumption that the usual Apple Store link hasn't been compromised/redirected, or (unlikely, but it has been done before!) Apple been fooled to put a malicious clone/nearly-legit-looking item on their libraries.

With not much Mac knowledge, myself, I would first of all advise uninstalling Flash (or 'Flash') and MacKeeper (ditto). You can always reinstall Flash again from Adobe and/or Apple Store later, however that works. Whatever real AV you have (assuming you have something..?), run that with as much thoroughness as you can configure it. (Once I make sure that possible updates to it are done, I disconnect it from the network - assuming I trust this possibly new-to-me AV package that I may never have seen before the owner got me to look at what mess they think they got their system into.)

Does MalwareBytes have a Mac edition? Apparently. (For your purposes, don't go for any 14 day free trial version, you're just trying to root out other stuff on your machine. Freeware version suffices, and keep an eye out for the boxes to untick. Decide whether you want RealTime/etc protection later on, when you have time to consider things more carefully.)

Mostly, though, get an actual Mac guy who knows about AV to look at your machine, because there's probably several nuances that I don't know about. The above is just a stop-gap to try to get you past the "seems to be an obviously bad thing on my system" stage, and if anything's actually rootkitting you, you may need heavier-duty tools to deal with the problem. (While not randomly removing legitimate software components just because you don't recognise them, like the old teddy bear thing.)

All the best. Hope a better expert in your system has something better to tell you, shortly...

Re: Mal-Ware named MacKeeper?

Posted: Wed Mar 15, 2017 5:34 pm UTC
by addams
Thank you, SoupSpoon for the thoughtful reply.

Oh! It was a Terrible Experience!
It left me shaken and exhausted.

Your advice to, "get an actual Mac guy who knows about AV to look at your machine," was Good Advice.
But; By the Time you had posted it, my machine had been turned into a PaperWeight by MalWare from SomeWhere.

At 7:00 a.m. the Mac Support people come on The Job.

I spoke to Darell in Kansas.
What a Great Guy! (*Hug!*)

The Real Mac People are where a Lost Soul can and should turn.

Darell from Kansas got rid of the MalWare, cleaned up my machine;
And; He provided me with emotional support while doing Tech. Support.

Three Cheers for Mac Support and Darell from Kansas.

They have a number: 1-408-974-2042.
I highly recommend talking to those guys.

I had loads of malware quietly running in the BackGround.
I watched and followed directions while Darell cleaned it up.

I was being extorted.
They, the MalWare Guys, were demanding between
$150.00 and $350.00 ransom to use my machine.

Darell, at Mac Support in Kansas, said people pay the money and the MalWare remains, forever.
How Horrible! It was an awful experience. I'm still a little shaken.

Again, Thank you for the reply SoupSpoon.
I'm O.K., now.


Oh!! Oh!!
And; My machine is faster than Greased Lightening.

Re: Mal-Ware named MacKeeper?

Posted: Wed Mar 15, 2017 5:44 pm UTC
by cphite
Glad to hear you got it cleared up! :)

If could make a suggestion, download a copy of MalwareBytes free version and install it, and also keep the install file on a USB stick; it's a wonderful program for dealing with this sort of thing. I don't recommend the paid version... not that it's bad or anything, it's just that there are better programs for prevention out there. But MalwareBytes does a great job at removal.

If you don't already have an anti-virus program, you should really look into it. BitDefender is excellent, but it's got a cost associated with it; if you need something free then AVG has a fairly good free version.

Re: Mal-Ware named MacKeeper?

Posted: Wed Mar 15, 2017 6:26 pm UTC
by Soupspoon
Yep, I've cleaned systems of Ransomware before (not the proprietry data encrypting kind, but the ones that just put a boot password/request message on top of standards Windows encryption... Not quite as impenetrable, luckily.). Sounds like you've avoided the trap of caving in and making the black hats richer. Assuming that Darrell wasn't the trap, being 'meta' in his spiel meant to hook you in, but I'm gonna happily assume otherwise as that number you gave is on the website... ;)

I also like AVG, though each and every preferred AV vendor I have favoured have done something silly to make me want to switch elsewhere, after enough provocation, at least for a brief interlude. Their free version (again, watch out for the push towards the limited-period trial of the 'full' version, which is of course where they make much of their money) is eminently capable and has graced a number of my own PCs.

In fact, I only don't say "ignore the upgrade pestering" because if everyone stuck with AVGFree and MalwareBytes free version, there would be far worse ways implemented for the authors to monetise their products than merely giving people strong (but ignorable) nudges towards subscription.

It'd be nice to know how the first 'hook' of Malware got onto the machine (may or may not have been the point of accepting the 'Flash' download) so you can avoid the same mistake in future, however much AV protection you have active. Though it (also) breaks various funding models by software vendors/advertisers, if I get a pop-up suggesting I install a plug-in that I (otherwise) trust, I tend to ignore or cancel it, then personally hunt down the manual download page, just in case the poke was going to send me to a fake executable. But it's a bit of a minefield. You have to live with the twin pardigms of being careful and being lucky... Also make backups. (Not my own strongpoint, that latter. I fill memory sticks, external HDDs and the internal ones too easily to just casually maintain enough of a backup to get around severe data loss issues.) But do as I say, more than as I do, and you might be better off. ;)

Re: Mal-Ware named MacKeeper?

Posted: Wed Mar 15, 2017 6:38 pm UTC
by addams
Darell, in Kansas, used MalwareBytes.
He used it expertly.

There are steps he went through so Fast,
I can not reproduce his actions.

No. Darell is Not another front.
Darell is the Real Deal.

I am so pleased and grateful for Apple's Tech Support.
It seems anything that demands money from you is Wrong.

The Apple products are expensive.
In my opinion they are worth every dime.

Because they come with Darell.
What a Great Guy!

To White Hats EveryWhere!