softwareupdaterlp MALWARE

[AustinChief]

Ok, there is a nasty piece of malware floating around the web so I thought I'd post the solution to the problem here.

This malware may be keying off certain ads on CP but the ads themselves shouldn't be an issue. Google is claiming to have fixed the previous ad hijack/redirect issue that we saw.

OK, to fix this for PC check this...

http://malwaretips.com/blogs/remove-...rlp-com-virus/

For Mac check this...

https://discussions.apple.com/thread/6802324


Please post here if the problem gets resolved or if it persists. If you have never had the problem (I have yet to see it) then feel free to ignore this.

[ghak99]

My Mac just started redirecting again via Safari and this thread 3 times in a row after force quitting each time.

These redirects didn't appear to be softwareupdater related, but the adds at the bottom of the page have been dominated by malware and virus related advertisements. Seems connected in this case.


The address bar image is hard to read, but I didn't see a softwareuploader connection in it.

[penguinz]

Quote:

Originally Posted by ghak99

My Mac just started redirecting again via Safari and this thread 3 times in a row after force quitting each time.

These redirects didn't appear to be softwareupdater related, but the adds at the bottom of the page have been dominated by malware and virus related advertisements. Seems connected in this case.


The address bar image is hard to read, but I didn't see a softwareuploader connection in it.

Get rid of avast. It contains malware in it.

[AustinChief]

Quote:

Originally Posted by ghak99

My Mac just started redirecting again via Safari and this thread 3 times in a row after force quitting each time.

These redirects didn't appear to be softwareupdater related, but the adds at the bottom of the page have been dominated by malware and virus related advertisements. Seems connected in this case.


The address bar image is hard to read, but I didn't see a softwareuploader connection in it.

Did you follow all the instruction in that thread? One thing it advises to do is to reset your browser and delete all cookie. If you are ok with that, it should keep you from getting the trigger ads displayed so the malware will still likely be on your system but won't activate.

[ghak99]

Quote:

Originally Posted by AustinChief

Did you follow all the instruction in that thread? One thing it advises to do is to reset your browser and delete all cookie. If you are ok with that, it should keep you from getting the trigger ads displayed so the malware will still likely be on your system but won't activate.

I followed the instructions in the pm you sent me which included running both scans and resetting browsers, cookies, and checking for extensions in Safari, Chrome, and Firefox. It seemed to cure the softwareupdater redirecting, but then I was later redirected to the MacKeeper as I mentioned.

[AustinChief]

Quote:

Originally Posted by ghak99

I followed the instructions in the pm you sent me which included running both scans and resetting browsers, cookies, and checking for extensions in Safari, Chrome, and Firefox. It seemed to cure the softwareupdater redirecting, but then I was later redirected to the MacKeeper as I mentioned.

Well hell!

[Rams Fan]

This had been happening to me the past few days. Uninstalled Chrome and downloaded Malwarebytes. Everything's been OK since.

[Fish]

Quote:

Originally Posted by AustinChief

Did you follow all the instruction in that thread? One thing it advises to do is to reset your browser and delete all cookie. If you are ok with that, it should keep you from getting the trigger ads displayed so the malware will still likely be on your system but won't activate.

Hey bud,

I've been in the middle of deploying new machines at work. And in doing so, I tend to browse CP on whatever machine I happen to be working on in the field. I've noticed the issue on brand new retail OS installs. OS X. Chrome/Safari/Firefox. All these machines I installed the OS myself, and know exactly what's been installed. Also running MS Endpoint virus client, OS X malware detection, etc. I have a very advanced knowledge of OS X and all possible locations for running apps, and I can tell you this isn't OS X malware/adware or browser extensions. I'm very familiar with the removal suggestions in the links provided, and this particular issue isn't part of the group of malware/adware that app looks for. Somehow it's being triggered by the ads displayed.

That said, I'd be happy to leverage any quick troubleshooting on OS X/Win 7 vanilla setups if you have anything specific to test. I generally have both vanilla OS X and Windows installs handy, with or without Flash/Java/adblock/etc. Let me know if I can do anything to help.

[DaveNull]

Is there another ad network that is a viable option? I feel like the only time I see posts like this on any site I visit is here.

I know you've got to pay the bills but damn. Its harming your users and even when it works properly the ads just torture Safari on iOS.

[DaFace]

Quote:

Originally Posted by Fish

Hey bud,

I've been in the middle of deploying new machines at work. And in doing so, I tend to browse CP on whatever machine I happen to be working on in the field. I've noticed the issue on brand new retail OS installs. OS X. Chrome/Safari/Firefox. All these machines I installed the OS myself, and know exactly what's been installed. Also running MS Endpoint virus client, OS X malware detection, etc. I have a very advanced knowledge of OS X and all possible locations for running apps, and I can tell you this isn't OS X malware/adware or browser extensions. I'm very familiar with the removal suggestions in the links provided, and this particular issue isn't part of the group of malware/adware that app looks for. Somehow it's being triggered by the ads displayed.

That said, I'd be happy to leverage any quick troubleshooting on OS X/Win 7 vanilla setups if you have anything specific to test. I generally have both vanilla OS X and Windows installs handy, with or without Flash/Java/adblock/etc. Let me know if I can do anything to help.

I find it hard to believe that it's client side as well. I've seen it on three computers that I have control over in terms of virus/malware detection, and in all three cases it's happened for an hour or two, then disappeared. Manual scans have revealed nothing.

[AustinChief]

Quote:

Originally Posted by Fish

Hey bud,

I've been in the middle of deploying new machines at work. And in doing so, I tend to browse CP on whatever machine I happen to be working on in the field. I've noticed the issue on brand new retail OS installs. OS X. Chrome/Safari/Firefox. All these machines I installed the OS myself, and know exactly what's been installed. Also running MS Endpoint virus client, OS X malware detection, etc. I have a very advanced knowledge of OS X and all possible locations for running apps, and I can tell you this isn't OS X malware/adware or browser extensions. I'm very familiar with the removal suggestions in the links provided, and this particular issue isn't part of the group of malware/adware that app looks for. Somehow it's being triggered by the ads displayed.

That said, I'd be happy to leverage any quick troubleshooting on OS X/Win 7 vanilla setups if you have anything specific to test. I generally have both vanilla OS X and Windows installs handy, with or without Flash/Java/adblock/etc. Let me know if I can do anything to help.

Thanks man. I think we may be conflating two separate issues though. The softwareupdater thing (this thread) is definitely malware. That doesn't mean the same people aren't also injecting softwareupdater redirect code into google ads but I think that is unlikely. The other issue is purely with Google ads causing redirects. Google claims to have addressed this but if people are still getting them (not softwareupdater) then apparently they haven't.

It's frustrating as hell because I have yet to see either problem myself except when it first started I could replicate it by going to our ad panel and reviewing ads. There I found offending ads and blocked them from being served. I have continued to do so and haven't seen the issue lately.

What would help is if we could determine exactly which ones are occurring NOW (after Google claims to have fixed it) on clean machines.

[AustinChief]

Quote:

Originally Posted by DaveNull

Is there another ad network that is a viable option? I feel like the only time I see posts like this on any site I visit is here.

I know you've got to pay the bills but damn. Its harming your users and even when it works properly the ads just torture Safari on iOS.

Yep, I have reached out to a few and am waiting on them getting back to me. Unfortunately Google is the best one but obviously not if they keep letting this crap happen.

[Fish]

The fact that the same exact redirect happens in iOS would rule out malware and point to adware redirect.

[DaFace]

Quote:

Originally Posted by AustinChief

Thanks man. I think we may be conflating two separate issues though. The softwareupdater thing (this thread) is definitely malware. That doesn't mean the same people aren't also injecting softwareupdater redirect code into google ads but I think that is unlikely. The other issue is purely with Google ads causing redirects. Google claims to have addressed this but if people are still getting them (not softwareupdater) then apparently they haven't.

It's frustrating as hell because I have yet to see either problem myself except when it first started I could replicate it by going to our ad panel and reviewing ads. There I found offending ads and blocked them from being served. I have continued to do so and haven't seen the issue lately.

What would help is if we could determine exactly which ones are occurring NOW (after Google claims to have fixed it) on clean machines.

It could be two separate issues, but I definitely got the softwareupdaterlp thing as a redirect on a machine that has been scanned and seems to be clean. It hasn't happened in a week or so though.

I suppose conceivably it could be the same site - the redirect gets people fooled into installing it, and then it installs other adware that forces pop ups later.

[SPchief]

FWIW I ran malwares and haven't had any issues since. That was around 5 tonight.

[AustinChief]

Quote:

Originally Posted by Fish

The fact that the same exact redirect happens in iOS would rule out malware and point to adware redirect.

The iOS issue was definitely ad redirects. But "supposedly" Google fixed that... who know though.

Here is another weird thing... I have been doing iOS devel lately so the last 2 months I have primarily been accessing CP from my Mac... and haven't seen the issue once. Just bizarre.