SOLVED Virus? Trojan? Something else like that ...?

[StratJack]

Dear Friends,


Presently I am on an iMac 24“ from 2009 and have recently migrated to OS 10.11.6 (El Capitan). It runs just great.

Yesterday the spouse of my nice used my machine to contact various trustful German portals for checking available rooms, flats and houses for rent.

This morning I opened Safari (Version 11.1.2) and my usual starting page (Google Search) was not on screen any more. Instead I got an notice of unavailability (see below) for the unknown page with this url:

http://(null)08511538/5CAD30C9-7C38-525C-A3BF-6BAD8E2BA1A9



So far, I was not able to change the starting page in Safari, because the respective part in the menue was greyed out. What to do?


Thanks for your support!


StratJack

 

[honestone]

Although an English translation of that message could help, it seems like you have contacted some kind of malware and/or adware. By the way, does this happen when you use another browser?

Before offering some possible solutions, need to ask some important questions:

1. Have you ever done any disk cleanup/maintenance/repairs, from a software perspective? You can actually do quite a lot of disk cleanup on your own, and there are some excellent products available (both free and commercial) that can help you with that.

2. Are you making backups to an external device? That task is so, so critical. If you are doing that, what software do you use for that task?

3. How much space is on your internal drive?

Here are a couple of programs you can try:

One is Malwarebytes, available from here:

https://www.malwarebytes.com/mwb-download/

As you can see, there is a free version. It is good at finding some malware, and adware.

The other one is ClamXav, available from here:

https://www.clamxav.com/

You can use it in trial mode, and it is very good. I eventually purchased it. It does a more extensive job than Malwarebytes.

After that, you still might want to consider re-installing Safari. However, given that I use Google Chrome, not sure how "easy" it is to get a version compatible with El Capitan.

 

[StratJack]

Dear honestone,

Thanks for your support. Here’s some more information re. your remarks:

I have no such problems with Firefox, my alternative browser.

English translation of the message I received when I clicked the now stuck address is: “Safari was unable to find the server. Safari cannot open the site (link as in German message), because it could not find the server (link repeated).“

ad question 1 and 2: Yes, I have done disk cleanup/maintenance/repairs, mainly using OnyX

ad question 3: My iMac has a 500 MB SSD with 279,08 GB free space.

Thanks for your program links, honesone. I have downloaded the two programs Malwarebytes and ClamXav an ran them one after another. One suspicious Item was found, which I trashed right away. (As I am writing this I realize that putting it into a quarantine file would have been a better idea... hmm.)

The questionable link still rests greyed out in the field where you can usually define your homepage in Safari, and thus blocks alternative choices.

I am not sure how to proceed. I read that re-installing Safari is a true drag and can't be performed easily, if at all. I may just have to live with the present situation.... What do you think?


Warm regards,

StratJack


PS: I like your philosophy behind your quotes ....

 

[honestone]

Sorry to hear you are still having this issue. When you ran ClamXav, did you let scan your entire drive?

Assuming you did, need to ask a couple of more questions:

1. What Mac OS did you upgrade from? (Also, it seems like you were not having this issue with that prior OS, correct?)

2. How did you upgrade to El Capitan? Did you upgrade "in place", is, basically let El Capitan over write what was on your machine already.

3. When you upgraded, did you insure that all the third party (ie, non-Apple) software you use is compatible with El Capitan? This site can help with that:

https://roaringapps.com/apps

4. What specific program are you using for backups? If it's Time Machine, can you identify the last backup that was made before your nice's spouse was on your machine?

Once you provide that information, then a possible course of action can occur.

 

[StratJack]

Sorry to hear you are still having this issue. When you ran ClamXav, did you let scan your entire drive?

Assuming you did, need to ask a couple of more questions:

1. What Mac OS did you upgrade from? (Also, it seems like you were not having this issue with that prior OS, correct?)

2. How did you upgrade to El Capitan? Did you upgrade "in place", is, basically let El Capitan over write what was on your machine already.

3. When you upgraded, did you insure that all the third party (ie, non-Apple) software you use is compatible with El Capitan? This site can help with that:

https://roaringapps.com/apps

4. What specific program are you using for backups? If it's Time Machine, can you identify the last backup that was made before your nice's spouse was on your machine?

Once you provide that information, then a possible course of action can occur.

Thanks for replying!

Yes, I checked the entire drive with ClamXav.

Ad 1: Upgrade was done on Nov 07, 2018 from 10.6.8 by a commercial IT guy specialized on Mac. I did not have this Safari issue on my old system and not after the upgrade. I realized this issue on Nov 28, one day after my niece’s friend worked with the machine.

Ad 2: I think the upgrade was done in place.

Ad 3: This was checked.

Ad 4: I use Time Machine. I did the last backup run some hours before I had the upgrade on Nov 07. Unfortunately, I did not make any backup after the upgrade was done, since I did not work on the machine very much recently.

 

[honestone]

That sure is a HUGE leap from OS 10.6.8, Snow Leopard, to OS 10.11.6, El Capitan. Just hope that he did a clean installation. Also, for application compatibility, I would be surprised if a number of the third party apps you used with Snow Leopard either no longer run on that higher OS, or definitely needed to be upgraded.

There is an excellent free application called AppCleaner, available from here:

https://freemacsoft.net/appcleaner/

It does an excellent job of removing most files/folders, etc. associated with an application (and of course the application itself). However, I do not believe it can be used with a "core" application like Safari. Not 100% sure about that, but some other folks have inquired about removing "core"applications (like Spotlight, Garage Band, etc.) and were advised not to do that, as it can cause stability issues.

One final question before offering a solution: do you need everything (and specifically any third party applications) from that Time Machine backup (by the way, do not make another one, as your machine contains a "problematic" file somewhere that is causing this Safari issue)?

 

[StratJack]

That sure is a HUGE leap from OS 10.6.8, Snow Leopard, to OS 10.11.6, El Capitan. Just hope that he did a clean installation. Also, for application compatibility, I would be surprised if a number of the third party apps you used with Snow Leopard either no longer run on that higher OS, or definitely needed to be upgraded.

There is an excellent free application called AppCleaner, available from here:

https://freemacsoft.net/appcleaner/

It does an excellent job of removing most files/folders, etc. associated with an application (and of course the application itself). However, I do not believe it can be used with a "core" application like Safari. Not 100% sure about that, but some other folks have inquired about removing "core"applications (like Spotlight, Garage Band, etc.) and were advised not to do that, as it can cause stability issues.

One final question before offering a solution: do you need everything (and specifically any third party applications) from that Time Machine backup (by the way, do not make another one, as your machine contains a "problematic" file somewhere that is causing this Safari issue)?

--------------------------------------------------------------------------
Dear honestone,
I anticipated that the upgrade from 10.6.8 to 10.11.6 would be a huge leap. That's why I turned over this task into the hands of said Mac specialist. He did some other jobs for me in the past successfully.

I know the program AppCleaner and have used it several times to get rid of some incompatible 3rd party apps and their "associates", especially after the upgrade.

Regarding the backups: I do not need specific applications from the backup disk, since I regard it more or less as a "safe haven" for my files. But, I read your message too late .... and did a backup this morning! How blissfully ignorant of me! Now, I do hope that this will not collide seriously with any future measures to repair Safari or all the more with getting the whole machine "clean" again.

Best regards
StratJack

 

[honestone]

I use SuoerDuper! for my backups, and my backup need are simple. Once a weak is fine, and I do not need to save any prior ones.

From what I understand, Time Machine has a feature where one can backup just changes from a prior backup, and that those changes are on a separate "backup". Is that true? If so, and if you can get to the prior one, it will be OK. But if you can't, and/or just did a "complete" Time Machine backup and can't get to that prior "non-infected" one, then it will be more of a challenge for you.

Basically you would start your machine from the (hidden) Recovery HD partition, described here:

https://support.apple.com/en-us/HT201314

You would then first choose that last option on that screen, Disk Utility, and have it Erase and Format your internal drive. Next you would choose that second option, Reinstall macOS, which will download OS 10.11.6 from Apple, and do a fresh, clean installation of El Capitan onto your internal drive (that will take some time, depending on the speed (and stability) of your internet connection). When that completes, you'll be offered the opportunity to "migrate"/copy "stuff" from a backup (in your case, Time Machine). There are 4 categories of "stuff" you can copy over, one of them being Applications. If you don't need anything from that, you can just skip it. But there are other categories that contain setup information for your environment (Like internet/EMail), but also other "support" files. If you can get all of that from the prior Time Machine backup (the one made in early November), you should be good. But if not, you would be risking carrying over the "possible" problematic file that is causing issues with Safari. In that case, it would be best if you do not "migrate"/copy anything, but then you would need to go through an entire setup of your machine, just like it was brand new.

Please understand that I am not 100% sure about that last part, ie, risking carrying over that "problematic Safari" file. Maybe someone with more knowledge about Time Machine can "chime in".

 

[StratJack]

Thank you very much again, honestone!

From what I understand all this sounds very complicated for a simple user like me. Yet, I will carefully restudy your very valuable information. Eventually, I will have to make the decision whether to dive into the intestines of my machine myself or leave this to a person with greater knowledge.

 

[honestone]

Most of those steps I stated are not too complicated. The main issue, though, is trying to get to that prior Time Machine backup. Do you know another Mac user close by?

 

[StratJack]

Most of those steps I stated are not too complicated. The main issue, though, is trying to get to that prior Time Machine backup. Do you know another Mac user close by?

Hi honestone,

the bad news is that I made a "complete" Time Machine backup based on the new El Capitan obviously after I had contracted what eventually caused my Safari issue. So, meanwhile I have changed Safari settings into starting with my favorites as first page. That was possible.

But, anyway, yesterday I ran ClamXAV and Malwarebytes a second time on my full HD and, alas, OS X.Genio as well as sisinfo.plist was spotted and quarantined. I deleted it successfully, ... but the Safari issues still exists. I will try to take care of this somewhat later, based on your helpful tips.

Thank you so very much!

Best regards,

StratJack

 

[honestone]

Again I am no expert when it comes to Time Machine. Did that complete Time Machine backup completely overwrite the one you made prior to you upgrading to El Capitan?

Also, maybe run Malewarebytes, and especially ClamXav, again.

 

[StratJack]

Again I am no expert when it comes to Time Machine. Did that complete Time Machine backup completely overwrite the one you made prior to you upgrading to El Capitan?

Also, maybe run Malewarebytes, and especially ClamXav, again.

The backup done prior to the upgrade to El Capitan was not overwritten. But certain applications within that backup version, for example Safari, iPhoto and 3rd party apps, are symbolically stroke out and not functioning any more.

I run Malewarebytes and ClamXav every couple of days.

 

[honestone]

Given that you will be doing a clean installation of El Capitan, you will have new versions of the Apple apps. Not sure why some third party apps are "struck out". Also, any third party apps remaining will need to be checked out for compatibility with El Capitan.

What third party apps do you use?

 

[StratJack]

Given that you will be doing a clean installation of El Capitan, you will have new versions of the Apple apps. Not sure why some third party apps are "struck out". Also, any third party apps remaining will need to be checked out for compatibility with El Capitan.

What third party apps do you use?

Hi honestone,

I have used some movie conversion apps and other little freeware which I used only very rarely. I can do without them, so I will do a good and thorough spring-clean as soon as possible. Have a nice weekend!

 

[honestone]

Sounds good. After the clean installation of El Capitan, you can "migrate"/copy other "stuff" from that "early November" backup, that is, pick and choose which categories to copy. Maybe just copy all except the Applications. That should get all your settings, account setups, etc.

 

[mbiviano]

You have the "Weknow.ac" malware on your computer. This virus will change all browsers on your machine. I also have it on my computer and have yet to find a way to remove it. I've heard that Mac Cleaner may possibly work. My understanding is that it really doesn't do any "damage," but doesn't allow you to change your search engine options. Hopefully someone will have a solution soon!

 

[honestone]

You have the "Weknow.ac" malware on your computer. This virus will change all browsers on your machine. I also have it on my computer and have yet to find a way to remove it. I've heard that Mac Cleaner may possibly work. My understanding is that it really doesn't do any "damage," but doesn't allow you to change your search engine options. Hopefully someone will have a solution soon!

Note that the op stated that Firefox is not affected, so not sure if that malware is on his machine. What would be helpful (and definitely informative) is to download, install, and run the excellent freeware program EasyFind, available from here:

https://www.devontechnologies.com/products/freeware.html

EasyFind "digs deeper" than Spotlight, and it works very, very well. For the search term, just use "Weknow" to see if it is on your machine.

 

[StratJack]

Note that the op stated that Firefox is not affected, so not sure if that malware is on his machine. What would be helpful (and definitely informative) is to download, install, and run the excellent freeware program EasyFind, available from here:

https://www.devontechnologies.com/products/freeware.html

EasyFind "digs deeper" than Spotlight, and it works very, very well. For the search term, just use "Weknow" to see if it is on your machine.

Note that the op stated that Firefox is not affected, so not sure if that malware is on his machine. What would be helpful (and definitely informative) is to download, install, and run the excellent freeware program EasyFind, available from here:

https://www.devontechnologies.com/products/freeware.html

EasyFind "digs deeper" than Spotlight, and it works very, very well. For the search term, just use "Weknow" to see if it is on your machine.

To honestone and mbiviano: Sorry for my delay in reacting! Thanks a lot for your support.

I will download EasyFind as soon as possible and try to find out if there is a malware on my Mac. Meanwhile, I found a way to unlock my Safari engine: In the folder *Name of my hard disk* I went to the Library folder, then to Managed Preferences folder, then to a folder with my name. I found "com.apple.Safari.plist" and deleted this file. Eventually, the selection for changing the starting page in Safari was not blocked anymore. Still, I will be out to seek the troublemaker with EasyFind.

 

[mbiviano]

Here's how to remove the "Weknow.ac" virus with Chrome.


Open "Terminal" and copy and paste each of the following entries below. I did each one at a time. I copy and pasted the first line and then hit enter and then went to the next until I had finished all 6 below:


defaults write com.google.Chrome HomepageIsNewTabPage -bool false

defaults write com.google.Chrome NewTabPageLocation -string "https://www.google.com/"

defaults write com.google.Chrome HomepageLocation -string "https://www.google.com/"

defaults delete com.google.Chrome DefaultSearchProviderSearchURL

defaults delete com.google.Chrome DefaultSearchProviderNewTabURL

defaults delete com.google.Chrome DefaultSearchProviderName


Quit Chome and restart it and voila the virus will be gone. I tried everything and 3 phone calls with Apple and this was the only thing that worked.