Avoid downloading apps advertised through bestantius.com

What is bestantius[.]com?

bestantius[.]com is a deceptive website that is used to trick iPhone users into downloading and installing a VPN application developed by Hi Security Lab. This app is available for download on an official App Store web page, which usually indicates this is a legitimate application, however, websites such as bestantius[.]com should never be trusted.

Furthermore, people do not generally visit these sites intentionally - they are opened when people click dubious ads or when a potentially unwanted application (PUA) is installed on the device and/or browser.

When opened, bestantius[.]com displays a pop-up window stating that someone might be tracking your browsing activity. To encrypt web browsing traffic, users are encouraged to download and install the aforementioned VPN app.

Typically, apps available on App Store are legitimate, however, do not download or install software that is advertised through deceptive web pages. Sites such as bestantius[.]com are used to promote dubious, possibly malicious apps. To avoid unwanted downloads/installations, do not trust dubious web pages and uninstall PUAs that might be designed to open them.

Typically, PUAs display coupons, banners, surveys, pop-ups, and other intrusive advertisements. If clicked, these might open dubious or even malicious websites, or run scripts that download and install unwanted software. Furthermore, these apps can collect information relating to users' browsing habits.

For example, entered search queries, URLs of visited websites, geolocations, Internet Protocol (IP) addresses, and other data of this kind. Some PUAs might be designed to record personal (sensitive) data.

Developers share the data with other parties (potentially, cyber criminals) who misuse private information to generate revenue. If PUAs are installed on the browser or operating system, remove them immediately.

Threat Summary:

Name	bestantius.com pop-up
Threat Type	Mac malware, Mac virus.
Fake Claim	bestantius[.]com informs visitors that someone might be monitoring their browsing activity.
Detection Names	Full List (VirusTotal)
Serving IP Address	104.248.118.186
Promoted Application	VPN by Hi Security Lab.
Symptoms	Your device becomes slower than normal, you see unwanted pop-up ads, you are redirected to dubious websites.
Distribution methods	Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers, torrent file downloads.
Damage	Internet browser tracking (potential privacy issues), display of unwanted ads, redirects to dubious websites, loss of private information.
Malware Removal (Mac)	To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner for Mac To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

bestantius[.]com is identical to bestlandcn[.]com and very similar to mobileapplesecurity[.]com, safari-protection[.]com, and many other web pages.

Generally, these sites aim to trick people into downloading and installing applications. When opened by the browser, this is often due to a PUA already installed on the device. This situation could lead to problems with browsing safety, privacy, or be the reason behind more serious problems such as identity theft.

How did potentially unwanted applications install on my computer?

This usually happens when users accidentally or intentionally click deceptive ads, or when software developers distribute them using a marketing method called "bundling". They use this method to trick people into downloading/installing PUAs together with other software.

They include PUAs into the set-ups of other (usually free) software and not disclose information about the inclusion of additional downloads or installations.

They hide the details in "Advanced", "Custom", and other similar settings. Note, however, that unwanted downloads and installations happen only when people leave the settings unchecked and unchanged. In doing so, they allow unwanted apps to be downloaded/installed with regular software that people wish to download/install intentionally.

How to avoid installation of potentially unwanted applications

Software download/installation channels such as Peer-to-Peer networks (torrent clients, eMule etc.), unofficial websites, third party downloaders, installers and other sources of this kind should not be trusted.

The safest way to download software is to use official websites. Install software properly: check "Custom", "Advanced", and other similar settings available in the setup and dismiss offers to install/download unwanted (additional) programs. Avoid clicking intrusive ads, especially if they are displayed on untrustworthy websites.

When clicked, they can redirect to deceptive, dubious websites or cause download/installation of unwanted software. Finally, remove any unwanted, unknown apps (extensions, add-ons, plug-ins) from the browser and programs of this type from the computer.

If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text in a bestantius[.]com pop-up:

Someone May Be Watching
What You Browse
Your IP 104.236.233.182 could be exposed.
Someone may know your Apple iPhone
Follow three steps to encrypt your web traffic and change your IP address:
    
Click below to download VPN.
Open app, click connect button.
Browse web and apps anonymously.
5 minutes 57 seconds
Install Now Cancel

Download web page of VPN app by Hi Security Lab:

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is bestantius[.]com?
• STEP 1. Remove PUA related files and folders from OSX.
• STEP 2. Remove rogue extensions from Safari.
• STEP 3. Remove rogue add-ons from Google Chrome.
• STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX", "NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove adware-related files and folders

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

Check for adware generated files in the /Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: /Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the ~/Library/Application Support/ folder:

In the Go to Folder... bar, type: ~/Library/Application Support/

In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.

Check for adware generated files in the ~/Library/LaunchAgents/ folder:

In the Go to Folder... bar, type: ~/Library/LaunchAgents/

In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.

Check for adware generated files in the /Library/LaunchDaemons/ folder:

In the "Go to Folder..." bar, type: /Library/LaunchDaemons/

In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.

Scan your Mac with Combo Cleaner:

If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

Remove malicious extensions from Internet browsers

Remove malicious Safari extensions:

Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

Remove malicious extensions from Google Chrome:

Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

Remove malicious extensions from Mozilla Firefox:

Click the Firefox menu (at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".

• If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

▼ Show Discussion