Author Topic: html:script-inf ; how do I get rid of pop ups for it? (Read 5118 times)

slurry · « **on:** September 03, 2012, 01:04:47 PM »

I tried posting this in the mac forum since I use a mac, but haven't had much response so I thought I'd try here:

I'm not sure if I have this virus or not. My webshield keeps blocking something, coming up with this warning about every day or second day:

infection: html:script-inf
url: h??p://www.rytterfalk.com/2011/02/04/calibrate-your-mac-for-free

I did visit that website via a google search about a week ago, however I still get 'infection detected!' pop ups even though I am not at that website.

When I do a system scan, no infection comes up. I do, get some 'warning' about:
/System/Library/PrivateFrameworks/MediaKit.framework/Versions/A/Loaders/MKDrivers.bundle/Contents/Resources/bootroot.loader
but nothing else.

I've deleted my cookies, history and temporary internet files. Avast (on mac) doesn't seem to give me an option on repair/delete/quarantine a file. How do I clean up this infection (if I have one)?

Pondus · « **Reply #1 on:** September 03, 2012, 01:27:40 PM »

Quote

Avast (on mac) doesn't seem to give me an option on repair/delete/quarantine a file. How do I clean up this infection (if I have one)?

what file is that?

attach screen shot ....

is it this one ?

Quote

/System/Library/PrivateFrameworks/MediaKit.framework/Versions/A/Loaders/MKDrivers.bundle/Contents/Resources/bootroot.loader

and what is the warning ....what does avast say ?

slurry · « **Reply #2 on:** September 03, 2012, 01:46:59 PM »

well it's not really the file I'm concerned about. It's the URL that webshield keeps blocking... even if I am not visiting the website.

I have a feeling the the warning is just a false positive.

But I've attached a few screenshots if its helps

slurry · « **Reply #3 on:** September 03, 2012, 01:47:38 PM »

here's a log of the webshield

slurry · « **Reply #4 on:** September 03, 2012, 01:48:17 PM »

log of the system scan, with warnings showing:

Pondus · « **Reply #5 on:** September 03, 2012, 01:56:57 PM »

OK i am not familiar with the avast mac .....so i dont know what the "File with warning" means ?
is there some thing you can click to get details ?

anyway since you get the pop up when not doing anything ...may indicate a infection
i scanned the URL with a bunch of online tools and they give that website a clean ?

i have sendt a PM to the removal specialist so that he will have a look when he arrive here later ....not sure if he can fix a Mac but he may know someone

.....may take some hours so be patient

!Donovan · « **Reply #6 on:** September 03, 2012, 02:21:12 PM »

If you have indeed visited the site, then it is highly possible that you were infected from it.

There was a trojan downloader on that site.. See:
https://www.virustotal.com/file/6b7d923f4215c96d19e708ff1440e48da003dd35ff5756fce98e122bee560296/analysis/

slurry · « **Reply #7 on:** September 03, 2012, 02:39:33 PM »

so how do I clean it out if avast isn't picking it up on the system scan?

Pondus · « **Reply #8 on:** September 03, 2012, 07:51:16 PM »

The removal experts recomend you try Geeks to Go as they have a Mac section and Mac OS experts there...the one here in the forums only work on windows OS

http://www.geekstogo.com/forum/

Author Topic: html:script-inf ; how do I get rid of pop ups for it? (Read 5118 times)

slurry

html:script-inf ; how do I get rid of pop ups for it?

Pondus

Re: html:script-inf ; how do I get rid of pop ups for it?

slurry

Re: html:script-inf ; how do I get rid of pop ups for it?

slurry

Re: html:script-inf ; how do I get rid of pop ups for it?

slurry

Re: html:script-inf ; how do I get rid of pop ups for it?

Pondus

Re: html:script-inf ; how do I get rid of pop ups for it?

!Donovan

Re: html:script-inf ; how do I get rid of pop ups for it?

slurry

Re: html:script-inf ; how do I get rid of pop ups for it?

Pondus

Re: html:script-inf ; how do I get rid of pop ups for it?