Adware blocking AdwareMedic downloads!
Published October 28th, 2014 at 6:24 AM EDT , modified October 28th, 2014 at 3:58 PM EDT
Last week, I began to receive a series of reports from people that the Download button on the AdwareMedic site wasn’t working. First it was just a trickle, then a flood. For some people, the button was redirecting to the MacKeeper website. For others, it was going to a “not found” error page. I knew that the site itself wasn’t doing that, since I wrote every single piece of code on the AdwareMedic site… so what was going on?
It didn’t take long to figure out that this was the work of adware working on the affected machines. The only real question in my mind was: which one? Before I began investigating, though, I fought back. I added information to the AdwareMedic home page about how to handle these redirects, in the form of an alert:
That didn’t work for long, though. I began getting reports that the “What to do if the Download button redirects” link was also redirecting to the MacKeeper site. It seemed like the makers of this adware were responding to every step I took to try to counter my efforts. So I added the direct download link as plain text as well, just to keep them hopping. I also changed my site’s “not found” page to include information on what to do if clicking the Download button ended up on that page.
Soon, the reports from affected users began to point the finger at one particular piece of adware: Downlite (aka VSearch). I eventually found a copy of the Downlite adware that exhibits this behavior, thanks to someone who had been affected by the issue, and installed it in a virtual machine. I found that the behavior had changed yet again, now simply removing my alert entirely:
This was done through JavaScripts injected into the browser by the adware, and wasn’t done very smoothly… on loading the page, the alert was visible for a second, then disappeared. I also found that the Download link had been changed yet again, this time to simply point back to the main page, so clicking it would seem to do nothing (and wouldn’t go to the explanatory “not found” page).
Although this is extremely annoying, and is making some people using Downlite-infected Macs question the legitimacy of my site, I’m taking this as an indication of the success of AdwareMedic. If it weren’t having some impact on Downlite, I doubt they would bother. I’ll continue fighting back with further changes to the site, in order to keep them on their toes.
I’ve also reported this to Apple’s product security team, in hopes that this behavior will be the thing that finally gets Apple to block Downlite via the anti-malware XProtect system in all recent versions of Mac OS X.
In the meantime, for anyone affected by this problem, you can download AdwareMedic directly from here:
http://www.adwaremedic.com/AdwareMedic.dmg
If some future change to Downlite causes even that to stop working on infected Macs, you could download AdwareMedic on a different computer and transfer it via flash drive, or you could restart the infected Mac in safe mode (which will temporarily disable Downlite) and download it then.
Updates
Tuesday, October 28, 2014 @ 3:55 pm EST: Downlite is now blocking the AdwareMedic site entirely:
However, the direct download link still works, as would downloading on another machine or restarting in safe mode.
Tags: adware, AdwareMedic, Downlite, VSearch
73 Comments
This post is more than 90 days old and has been locked. No further comments are allowed.
I’ve been wondering about this. I have Adwaremedic 1.1.1. It keeps asking me to download a new version. I’m scared now. I’m surprised no one else has commented on this.
That is perfectly normal – the current version is 1.1.2 – and not the same thing as what is going on here. Keep in mind that what’s going on is only affecting computers that are already infected with Downlite. As long as AdwareMedic 1.1.1 gives your machine a clean bill of health, you don’t have anything to fear from this issue.
I am new to this program since the Apple support guy directed me to add it for extra security. Now, I’m having the same error message as the person above. And, i don’t really know how to download the newer version
Just delete the older copy of AdwareMedic and download the latest copy from the AdwareMedic website:
http://www.adwaremedic.com
The current version is 2.1, and you won’t have to worry about manually downloading updates in the future. It now includes an updater.
I have been a PC user since the early nineties. Started learning the Imac in August 2014. I really like it, but still have so much to learn. Your site has been a great help. Oh I upgraded to 1.1.2. Thanks again.
Glad to hear I could help!
Some filtering software, like TrustWave also has your site and AdWareMedic flagged as adult content, therefore blocking it in many large institutions and schools. I had to do a work-around using my phone as a portable hotspot in order to get rid of a Genieo infection!
*sigh* That’s probably another attack on my site by the adware creators. I’ll look into it, thanks!
I got The Genieo Virus from an attempt to install Google Chrome. Norton Moved to quarantine, but I stall ran Adware Medic and surprisingly removed four other parts Norton missed. Things are running good now.
THANKS Thomas!! 1.1.2, no problems. I recommend AdwareMedic whenever I get the chance, and also tell people to read all relevant posts on The Safe Mac. All these attacks are an unmistakeable sign they’re scared of you. Keep it up, and again, THANKS!!! You’re doing a FANTASTIC job keeping the Mac universe a lot safer!! As a Mac newbie after long Windows years your site has been an invaluable element of confidence for my new Mac experience.
iMac late 2013 – Yosemite.
Help! I am being bombarded by adware and am so frustrated. I have an old MacBook and unfortunately cannot upgrade to OS X 10.7. I downloaded your ad removal program but it won’t run with my older version of 10.6.8. Is there anything else I can do? Please help!
Try the manual removal instructions in my Adware Removal Guide.
Could you please share the samples of VSearch/Downlite that perform actions described in this acricle?
Here’s one:
https://www.virustotal.com/en/file/b0705b33005776c3a13db9b1a08430835b8f9ed366234114bb5008bb568418fd/analysis/
Thomas,
For the last 24hrs I’ve been the victim of AdWare. As a 20 year mac user this is the first time I’ve ever experienced such a frustrating and intrusive event. On the verge of calling Apple Care I took one last stab at trying to understand what was happening. By happenstance I copied a ‘cookie’ that kept popping up in my Privacy section of Safari Preferences. Every time I’d delete it, it’d pop back up. It was never rattling.
After pasting the cookie in google one of the sites that popped up was yours……I felt like I just won the lottery!
Carefully reading all your clearly laid out instructions and explanations I decided to go the ‘manual’ route as I was still a little gun shy to your product. All I can say is WOW! Your a miracle worker and an angel to our adware issues. Thank you so very much for all your time, input and creative genius that it takes to fight the Dark Side!
Just FYI – the adware is now preventing this blog entry from expanding. I acquired some adware yesterday and went to remove it today. I found AdwareMedic via Mac forums and came to download it. I came here and from reading the top of the blog entry, figured out that the adware was redirecting, but was able to get around that by refreshing the Adware Medic download page and quickly clicking “download” before the site was redirected. So I downloaded and ran AdwareMedic, restarted, came back here, and voila! I can open the blog post.
For anyone who sees this article, if you have Web of Trust, rate the AdwareMedic site before the weenies start giving it bad ratings!! (I’m posting this on all of the AdwareMedic related posts on this website)
When i click on the download link or the download bar appears on the bottom with the browser, with the AdwareMedic.dmg file on the queue, but the download doesn’t even start (it stays at 0%) and after a while I get the message that
“The following disk images couldn’t be opened
Image: AdwareMedic.dmg
Reason: not recognized”
Could this have anything to do with the adware?
Also how could I get around that?
This probably does have something to do with Downlite. Try turning off JavaScript in Safari, or restarting your computer in safe mode to download the app, or downloading from another computer and transferring it via flash drive to the affected machine.
I downloaded the adware medic but it found nothing and the preferences feature is disabled on safari. What do I do?
Other options can be found here:
http://www.adwaremedic.com/kb/unsolved.php
Regardin the preferences in Safari… Do you have some kind of alert window open in Safari? If so, that’s probably a scam popup. That’s also covered in the above link.
Dear Thomas
When I ran the scan to see what adware I had on my mac (which I know I do have because the download process I went through for AdwareMedic did exactly what you mentioned above but I managed to overcome it) it told me that my Firefox may have been modified and that I should delete and reinstall it to be safe, but to my knowledge I do not have Firefox unless it comes with this mac. Can I ignore this precaution?
That’s a generic alert – it doesn’t check to see if you have Firefox, it just warns if you have adware that is known to modify Firefox. If you don’t have Firefox, you don’t need to worry.
The redirecting must be happened after 17-10-2014 at 02:01 am (summer time The Netherlands – GMT +2).
I did download AdwareMedic 1.1 and I am not redirected.
I’d like to point out that if you Firefox instead of Safari with the NoScript plugin, you should be able to control which Javascripts run and which should not, which will allow you to block adware control of your browser and visit Thomas’s websites unbothered. Of course, if you already have adware, this may not work until the adware is gone. But Firefox/NoScript is a wonderful way to prevent adware from getting a foothold on your Mac.
VSearch was even stopping the http://www.adwaremedic.com/index.php from loading at all. Server not found error. I had to stop loading as soon as the page appeared and copy the direct download link before the page redirected.
THANKS for helping me fix it!!
Lifesaver. thank you. I had already tried to remove everything from MacKeeper manually, but the files your adwaremedic found did not show up. Anyway, I am so grateful. I disabled java, opted for the copy and past download method, and voilà! happy camper again. you’re the best. thanks again.
well that was freaking annoying lol! Thank you for posting the link here for the dmg because I was being blocked as well. Ans I do have to say I tried a few other software options before I found this one and none of them removed the problem. Very much appreciated!
Thank you, thank you. Had lots of trouble with everything you said about what was happening with adware medic. Finally downloaded, scanned and emptied and safari is running again, goodbye to that horrible I browser hijacker royal-search! Found it so hard to find any help for macs until I found you after many hours trying to fix my mac. I love you!
I ran Adware Medic to remove Mapticket, now my macbook won’t reboot. I tried safemode, but that doesn’t work either. I ran disk utilitly in recovery mode and it says the disk/volume seems to be fine. Any suggestions. Been trying for almost 2 hours to reboot. Using OS 10.8.6 (I think)-not sure of that since I cannot see my about any more.
Oops sorry I posted in the wrong forum…please forgive me. But if you can help let me know.
I finally it got it to reboot by resetting the PRAM. Sorry to have bothered you
No problem, I’m glad you got it sorted out.
Hi,
I very stupidly downloaded what I thought was flashplayer and since then my MacBook pro retina is behaving really odd, ads, browser windows opening onto random sites. I’ve thought it may be the adware mentioned on here, and so was looking to download the adware medic, but every time I click on the download button my web browser doesn’t let me – says safari cannot find the server.
Help please! Do I need to follow the manual steps?
Thanks,
Tin
Thank you so much for this site!
I very stupidly downloaded a non legit Flash Player and since then my machine started misbehaving by advertising random things, opening windows with adverts and Lord know what else. I did some searching in google and came across this site, thought it may be adware – and when trying to download the adware it would say that safari is unable to open the window.
The direct above has hopefully cleared it, I’ll report back if not.
Thanks again!
This is exactly what happened to me a week ago!~ I’m so glad that I ran into this site!
I also stupidly downloaded something that I thought was a flash player and tried removing the Adware manually, but I wasn’t able to remove them all! I thought I just had the Conduit search Adware, but it turned out that I also had vsearch!! These Adwares are so sneaky, right? I was also redirected from the adwaremedic page many times, but I was able to download it successfully by quickly clicking the download button right before the page got redirected!You have to be really fast, though! The redirect gets faster with each try, so aim to click the download button on your first visit to the page! 😀 Adwaremedic is simple to use, and removes all adware efficiently! 🙂 Now my mac is free of all adware and I can finally use it without constantly getting redirected to that mackeeper site!! 🙂
Thanks from me too. Got rid of Dynamic Pricer that was plaguing my Mac Chrome browser. Had to navigate through all the hints to get to your Twitter feed since I was experiencing all the blocks to your main page, but it is done. Donation on its way.
Hi Thomas, I have tried to download Adware medic (CONSTANTLY getting pop ups from MacKeeper!AAARRGG!) but as soon as the page opens a second later I get the “webpage not available) instantly after seeing a brief glimpse of your adware. Please advise! I’m not that technically inclined so if you can be very SPECIFIC about what to do, I would be deeply grateful and happy to donate to your cause!
Thanks
The instructions are found in the last couple paragraphs of the article above, before the “Updates” heading.
THANK YOU! I had to use my iPad to look for help to fix the mac book air- I couldn’t even search for fixes… and then when I found you the dumb ad wear wouldn’t let me click to you… Amazing that they can manipulate their programs that way- I ended up emailing myself the second link of the download you posted and copying and pasting into the safari bar. Lifesaver. So happy to donate!
Hello. Your software truly rocks! My problems have been resolved because of you. Thank you. My friend needs help as they have a pc using Windows. Is there something you can recommend that can do the same magic? Your reply is greatly appreciated.
Unfortunately, I don’t know what would be best to use on a Windows PC.
Not a problem Thomas. Thanks again for your help and reply!
I had the same problem and wasn’t able to download Adware Medic from their website but it can be downloaded from here:
http://mac.softpedia.com/get/Antivirus/AdwareMedic.shtml#download
Oh my god, you are amazing! Thankyou so much! I downloaded MplayerX, I think that was the problem, quick question, I have done the scans and removed the adware but how do I remove MplayerX completely from my computer? Sorry I’m not very good with computers.. thank you!
I find by creating a second user account on the machine you can download Adware Medic and run it. This will remove the bulk of it. Move the app or download file to the Shared folder. Once you do that, you log back into the original account and run it again and it will remove the rest of it from the original user.
I been dealing with this crud for some time and this works pretty well. Mac keeper is a steaming pile of you know what, but I have no idea why Apple won’t block these guys.
i download it but i keep getting pop ups adds what to do ?
http://www.adwaremedic.com/kb/unsolved.php
Great help, thanks. I was able to use my iPad to save the .dmg file to dropbox and then send a link to my mac to open. That was the only way I could install adware and fix the issue. It also blocks your October article about the problem as well. Nasty little file but all better now. I will be a regular at this site in the future, thanks again.
Thankyou!!!! It has fixed my problem!!!!. Safari wouldn’t let me open / download Adware Medic as it kept informing me it couldn’t find the server, I also tried using the tags but to no available. I used http://www.adwaremedic.com/AdwareMedic.dmg (Version 2.1). When I downloaded MacKeeper originally I wasn’t aware of the issues it had. It should be blocked!!! Once again a big thank you!!!!
Thanks so much!!! i couldn’t use any browser on my Macbook — it had become essentially impossible to use the internet with this machine because of the popups. To be able to use adwaremedic.com I had to start my macbook in safe mode. But once I did that, the AdwareMedic software worked like a charm and was most definitely worth a donation to the site.
Thank you Thomas. I was an idiot and downloaded something that I never should have and thought I had ruined my Macbook forever. The adware was stopping me from downloading your AdMedic, but eventually I got through to it on another one of your pages. Just wanted to let you know that I’m really grateful, and will NEVER be looking for downloadable content on the internet ever again.
Thank you Thomas, may you live long and prosper.
Hello! Nothing is working. I’ve followed all the steps. (Great, clear instruction by the way – thanks!) But the unwanted tabs opening and all the pop-up ads are still going on, and I downloaded and ran Adware Medic. Keep getting kicked off the unsolved site so I can’t read more advice. Please help if you can?
My wife’s Macbook became infected – downloaded free Norton from Comcast, scanned, and deleted some adware, trojans, etc. Downloaded AdwareMedic, scanned and deleted an instance of adware. When we subsequently did a full system scan with Norton, more stuff was found:
VSearchAgent
VSearchLoader
VSearchPlugin
libVSearchLoader.dylib (Trojan.Gen.2)
Thought you might want to know.
Those items were probably found in the trash by Norton, which is where AdwareMedic would have moved them.
Also, note that Norton is well-known for its ability to cause performance and stability problems, and it only does a so-so job of protecting you against malware. I do not recommend using Norton at all.
Can AdWare Medic be used on OS 10.6.8?
No, on 10.6.8 and earlier, you will need to follow the manual removal instructions in my Adware Removal Guide.
Thank you, thank you, thank you, thank you, thank you so so much!! I’m new to Mac, and this stupid adware thing got me panicking. Thankfully I saw this site, it helped a lot. Thanks! 😀
Thank you so much!!! I had to finally just use the automatic download link–and it worked. First time my mac has ever caught anything–compliments of teenagers!
This sounds like it will solve my problem. I went to the http://www.adwaremedic.com site and before I could do anything I was sent to the “Safari Can’t find the Server” page. I see above that the next option was to bring the Mac up in safe mode. I did get it up in safe mode. I got to the site and downloaded the file and cleaned the MAC. There were a number of files that showed up and were removed. When I restarted in normal mode and reran the program everything came out clean. So far so good. Thanks much.
I saw the advise on Apple help forum to download Adwaremedic and was redirected to MacKeeper. I was surprised that as MacKeeper scan diagnosed my computer as “critical”, apparently cleaned about 25% of my computer and asked for payment for the rest. This made me smell a rat so I googled “Adwaremedic” and spotted the warning about being redirected to MacKeeper. However, when I first clicked on the warning I was again redirected to “no page found” so I clicked the ‘cache” button and was able to download Adwaremedic. My computer is now problem free. Thank you so much for persevering, you’re a big help to technophobes like myself. I will be donating to your site.
thomas
unfortunately adwaremedic did not remove rargenie. After several attempts i gave up and decided to remove adware medic. i cannot remove it. do I need an uninstall program.
frank
Rargenie is not adware that I’m familiar with. Can you submit a system snapshot using AdwareMedic? (Choose Scanner -> Take System Snapshot and then submit it to The Safe Mac.)
As for removing AdwareMedic, it does not require an uninstaller. If you want to remove it, all you have to do is drag it to the trash.
Etrecheck found a adware called “Omnibar “.
Which is a Safari extension.
After uninstalling the extension,
Etrecheck, says, it is still there.
I ran AdwareMedic again and it does not find anything.
I went through the recommended processes to find the culprit,
to no avail.
Additional note: I restarted my mac and it is still there ?
Any advice would be much appreciated.
EtreCheck looks at a Safari cache to determine whether extensions are installed. I don’t really agree with this, as the extensions can be truly removed and non-functional, yet the cache still has that data. Although I have not tested this, I believe that you should be able to fix the problem by going to Safari and choosing Clear History and Website Data from the Safari menu.
Downloaded. Your product is crap. still getting hidden ads. Thanks for wasting my time….
Not all ad problems are caused by adware, and I’ve provided a lot of free support – no requirement for a donation first – for people who have found that their problem was not fixed with AdwareMedic. There is detailed information on what to do if AdwareMedic didn’t solve the problem on the AdwareMedic website, and linked to in the AdwareMedic documentation. I cannot help people who are not interested in helping themselves, however.
Hi Thomas,
This MplayerX caused me huge problem with my mac (as same as the one you’ve said earlier). I downloaded AdwareMedic alreeady, scanned and remove it, however it still said “The disk Installer couldn’t be ejected because DM is using it” (after I went to Apple Menu -> Shut Down and it refused) and also the file MplayerX is still there.
Same problem. but i cannot restart or empty the trash, because every time i try, it says that “libLoader.dylib” is in use. and I cannot restart or shut down to put in safe mode.
I can’t seem to open the adware medic disk image file. I’ve downloaded on 3 machines (including 1 windows machine) and tried opening while in safe mode – every time OS X tells me the image is corrupted. Is this related? Is there anything to do about it?
I haven’t heard of any adware causing that, and certainly if you’re downloading on 3 different machines that would be unlikely. This is probably due to some kind of a serious problem with your system, perhaps a corrupt hard drive. Try repairing with Disk Utility:
http://pondini.org/OSX/DU6.html
AdwareMedic worked for me to clean out the adware. Had previously removed MacKeeper but that didn’t fix everything.
Thank you!
Thanks for your software. I’m not a download newbie and been a Mac User for over 20 yrs but ended up with adware none-the-less. Your program took care of it quickly. Will definitely recommend and donate.