A tech frustration Friday

[kimmer]

Wasn't it a fun Friday? It started with a legit Nikon upgrade, followed by a legit Adobe Flash upgrade, followed by not being able to get to a web page so I launched Firefox to see if it was Chrome or my ISP (they've recently started blocking various web sites for a day or so, and I don't know why). Launching FF brought up an alert about what I thought was a legit update to an extension I had installed, and I wasn’t really awake, so I said yes to all these upgrades/updates.

• The Nikon was legit and needed.
• The flash was legit, but not needed and it’s now uninstalled. (Thanks xABD!)
• The FF extension alert wasn't legit (and wasn't an upgrade to what I had installed)—it was malware, and it’s now banished; but banishing wasn't easy.

The malware was “install.mac”. I tried following directions on the apple support forum, and could not find all files and so it kept reinstalling its nasty self. I went in and reset FF to default and hoped that would take care of problem. It didn't. I finally gave up and used my cloned SuperDuper backup to restore my harddrive to last nights clean state.  

Now that I've installed the clone, I just launched FF and the very same install alert showed up. The extension is "flashandvideo". I'll attach a screen capture. Not gonna snag me twice.

[attachment=3005:ffalert.jpg]

I've learned my lesson though: don't install ANYTHING before my morning coffee.

[Xairbusdriver]

I thought we discussed this very thing already. I'll look in the threads...

Yep, it's mentioned in the linked site about removing the adware Bruce loaded. The original adware was called Genio or Genieo but it also can be called InstallMac. See this post.

Here's the removal guide, again.

Apparently you also forgot what day of the month it was today...

[kimmer]

QUOTE(Xairbusdriver @ Jun 13 2014, 08:06 PM) <{POST_SNAPBACK}>

I thought we discussed this very thing already.

You think I can remember everything we've discussed here?  I'm totally innocent in all this. It's simply because I hadn't had coffee and wasn't alert, so the fault belongs to the missing coffee.  

QUOTE

Here's the removal guide, again.

BTW, I followed that removal guide and it didn't work as I couldn't find all the files; and rather than go over and over his instructions, it was easier to install my clean clone. (Say that again 5 times fast. LOL) I've dropped a note to Mozilla about this extension and the adware.

QUOTE

Apparently you also forgot what day of the month it was today...

Nope. I'm not stupertisious.

[Xairbusdriver]

I'll go back and add some text about that other name maybe help it show up in a search here. That site also has a script that often works to uninstall this stuff... That was the other link in Bruce's thread. This adware probably has some fairly knowledgeable programmers and they had better than average skills at hiding things in different places with the different versions of the "app". So the steps that work on one version don't work with another.

The real problem is people doing things that aren't illegal but that are at best annoying and at worst can cause problems for users. The attitude of the 'developers' is questionable at best. And some may have paid for their "services" without understand what they were actually getting. It would be great if we could determine who the companies are who used this adware and force them to take responsibility for their ignorance (to put it kindly). I'm not holding my breath, of course...

It may also help to use only one browser for as long as possible. That way you could have a better idea of what changes we make to them and how they ask for updates. Maybe more coffee is the best solution!

[kimmer]

QUOTE(Xairbusdriver @ Jun 13 2014, 09:30 PM) <{POST_SNAPBACK}>

That site also has a script that often works to uninstall this stuff... That was the other link in Bruce's thread.

I missed the script, but I did read at the apple support forum that some folks complained about the script.

QUOTE

This adware probably has some fairly knowledgeable programmers and they had better than average skills at hiding things in different places with the different versions of the "app". So the steps that work on one version don't work with another.

Knowledgeable programmers? I'd call them scum bags. When I said yes to "flashandvideo", there was an alert about installing “install.mac”. I clicked NO, yet it installed anyhow. I caught it right away and did a fast search on how to remove, and eventually found a page that laid out how to reset prefs on all browsers, which I did; and then I found the site that's linked to in Bruce's thread and removed stuff—but none of that was good enough. I'm very thankful I had a clean SuperDuper backup to use to restore my iMac.

QUOTE

It may also help to use only one browser for as long as possible. That way you could have a better idea of what changes we make to them and how they ask for updates. Maybe more coffee is the best solution!

More coffee, and a chat with my ISP about blocked web sites.  

[Highmac]

We were trying to get hold of our lawyer yesterday about a query on our house sale and were told she was rather busy.

Friday is traditionally the day when people complete their house purchase/sales and the money has to be moved through the whole chain in a matter of a few hours to "complete" and allow keys to be handed over, usually at 1pm. Turned out the server at one of our big four banks had gone down and our lawyer was trying to solve her clients'  Friday the Thirteenth problems.

The main problem for the mover is that they have their belongings packed in a van outside the house, which is empty, but they cannot get the keys until the lawyers confirm the money is there and the estate agent can release the keys.

So a bad tech day for them too
 
Back on topic - thanks for the warning Kimmer, I'll be watching FF very closely!

[Xairbusdriver]

QUOTE

Knowledgeable programmers? I'd call them scum bags

Those are not actually mutually exclusive terms. your biggest mistake was not following every single link in every single post to every single thread at TS! Why do you think we pay you those big "Admin" bucks?! Fortunately, it seems your sentence will be "time served"! And, even better, it won't go on your 'record'!

[Xairbusdriver]

Another <ars article> yesterday about malware using a feature in Windows that is supposed to block certain apps. The hackers are using that feature to block lots of anti-virus software! Still need Admin approval, so it's still basically a 'social engineering' attack. But it points out, again, the dangers of logging in/using a computer as an Admin.

Here's an interesting post in the comments (credibility unknown):

QUOTE

(antivius software just hums along like nothing happned, Antivirus softwre needs to start targeting unwanted software)

Many do, especially the smaller ones, and they suffer a lot of lawsuits and other legal challenges over it from advertisers and ad-supported applications. It's a perilous legal line. That's why even the AVs that find advertising often have it disabled or detect-only by default.

That may apply to kimmer's question about why the adware she found was not blocked.

[Xairbusdriver]

QUOTE(Highmac @ Jun 14 2014, 04:09 AM) <{POST_SNAPBACK}>

We were trying to get hold of our lawyer yesterday about a query on our house sale and were told she was rather busy.

Friday is traditionally the day when people complete their house purchase/sales and the money has to be moved through the whole chain in a matter of a few hours to "complete" and allow keys to be handed over, usually at 1pm. Turned out the server at one of our big four banks had gone down and our lawyer was trying to solve her clients'  Friday the Thirteenth problems.

The main problem for the mover is that they have their belongings packed in a van outside the house, which is empty, but they cannot get the keys until the lawyers confirm the money is there and the estate agent can release the keys.

Perhaps you'd be interested in this site: Lawyer jokes gathered by a lawyer

On a more serious note, somehow we avoid that with escrow accounts and getting loans (if any) approved before-hand. The transfers needn't take place until the main lawyer has all the needed signatures which can be in his possession in any order at any time. And I certainly would not buy a house without a few days allowed to move out! Of course, this method sometimes means the seller takes possession of the new house before closing on the old one, usually because of poor advice from at least one real estate agent and/or a lawyer! That usually never happens more than once (to that person, anyway)!