Q: MacKeeper can't be deleted!!!

Safari AdBlock

http://safariadblock.com/

And just to be sure, old news but scan for the DNSChanger.

http://www.dnschanger.com/

EDIT: If this doesn't help, I would seriously consider changing browsers to the far more secure Firefox, if run with the Add-ons, NoScript, Adblock Plus, WOT and Ghostery. NoScript will help prevent browser exploits and attacks through JavaScript, one of the principal attack vectors in OS X.

I never see an ad and have never encountered the MacKeeper sleaze.

Message was edited by: WZZZ

Just to add to that, the NoScript extension can also block cross-site scripting attempts and disable iFrames which are often used to create redirects such as this from otherwise innocuous sites.

Firefox itself has a redirection warning setting, too.

Hi WZZZ Thank you for your kind support, it is a great help. I tried DNS changer a few days ago and it showed no issues existed.

I have downloaded the extensions you mentioned for Firefox and will use that and see if the issue continues.

You are quite lucky to have stayed out of the MacKeeper Sleaze net, it is definately a night mare.

How do you activate the redirection warning setting noondaywitch?

Firefox > preferences > Advanced > general. tick (check) the box for "warn me when web sites try to redirect or reload the page"

This will effectively block the redirect, with FF showing a warning banner at the top with a button to allow.

Be aware that this setting can prevent some sites working; Verified by Visa is a total pain in this regard.

Hi - thank you I found and set the redirection warning. It even warned after sign into Apple and I had to accept a page redirect. Looks good for now. There was no MacKeeper embedded adverts yet.

I am quite curious what was planted into my system to allow Zoebit to redirect http: URLs to have their Mackeeper advert. All very stange.

I'm not certain this feature will prevent the kind of redirect you have been experiencing -- if, indeed, that is what you have been experiencing. Not sure it prevents true redirects or just reloads/refreshes from within a site. Unclear if this will prevent "JavaScript or HTTP" redirects. I will have to look into this some more.

The setting in "Tools > Options > Advanced > General" is meant as an accessibility feature, as you can see by the label of that section, so that people with disabilities or people who use screen readers do not get confused and is not meant as a safety protection to stop redirecting.

• http://kb.mozillazine.org/accessibility.blockautorefresh
• http://kb.mozillazine.org/Accessibility_features_of_Firefox
  

http://support.mozilla.com/en-US/questions/817115

I think simply using NoScript to allow the minimum JS, or none at all, for a site to function is the way to go.

See the Quick Start Guide for Beginners.

http://forums.informaction.com/viewtopic.php?f=7&t=268&sid=4e25abc2cc3165a8a6575 a58a740741e

Message was edited by: WZZZ

What I thought. It only prevents meta refresh, and nothing else.

This extension will prevent HTTP redirects.

https://addons.mozilla.org/en-US/firefox/addon/noredirect/

Thank you so much for all your kind and accurate support WZZZ, I have all the bits and pieces you recommended installed into Firefox and the MacKeeper embedded adverts are no longer present, even with http: URLs; so that is magic, thank you.

I stll wonder what was causing that issue of the embedded MacKeeper adverts, whether it was something external or or internal; perhaps I will never know.

All in all I seem to be back to normal with the website log on pages etc. Seems to be all right.

You're welcome. Glad to help. If and when you find out, let us know.

Yes sure thing WZZZ. I am interested to locate whatever was causing the problem just in case it is currently sleeping and likely to raise it's ugly head if activated in future.

At least for now web-surfing to critcle pages seems more secure.

I am greatful for all your kind support, pure magic!

Correction: I think I've just found out that the Firefox "Warn me when..." feature may, after all, prevent redirects to other URLs, not just refreshes or redirects within a site. I'm learning the meta refresh tag, which Firefox flags, can be coded to redirect to other domains. Therefore, I think it is a useful safety feature.

Meta refresh is a legacy method of instructing a web browser to automatically refresh the current web page or frame after a given time interval, using an HTML meta element with the http-equiv parameter set to "refresh" and a content parameter giving the time interval in seconds. It is also possible to instruct the browser to fetch a different URL when the page is refreshed, by including the alternative URL in the content parameter. By setting the refresh time interval to zero (or a very low value), this allows meta refresh to be used as a method of URL redirection.

 

http://en.wikipedia.org/wiki/Meta_refresh

Hi WZZZ,

Yes I am finding the features you advise very interesting; they are quite active with Facebook, I never dreamt so many things were going on while FB was open. Also not over-riding them doesn't really interfer much with the practical use of FB in this example.

I think the meta refresh has the original function to over-ride the webpages stored by web-browsers, so rather than seeing the last visited page it forces the page to look for the latest version. I am unsure how it works for frames as I have never used that programing on my webpages: I usually use the less intrusive:

<meta http-equiv="Pragma" content="no-cache">

so that the new content is always accessable.

Usually the redirect is used for when you change the location of a page on the server for example, or update the page, the redirect sends the user to the new page. Well that's how it used to be. I haven't kept up with the latest developments; so as you point out these initially inocent functions are now being used for less desirable purposes.

I am still curious how Zoebit managed to embed their advert for MacKeeper into http://mail.com and http://cnet.com - just two examples. I was particularly concerned that because they could hack their advert into cnet.com people would think the software was supported by cnet; as usual using https://cnet.com or a proxy server and the MacKeeper advert was no longer there. I will try to ask on a website programing forum to see if I can get any feedback. When I do I will let you know.

One way is to use iFrames - an invisible frame placed in front of some (or all) site content so that clicking on an apparently innocuous object triggers a JavaScript redirect to their adserver. You can disable these in NoScript.

Thank you for the information Noondaywitch.

I am still keep to find out how Zeobit hacked their adverts for MacKeeper into legitimate webpages. It could be connected to this, for sure they are gone now.

> I am still curious how Zoebit managed to embed their advert for MacKeeper into

> http://mail.com and http://cnet.com - just two examples.

Here is one possibility:

QuickTime

Available for:  Mac OS X v10.5.8, Mac OS X Server v10.5.8,

Windows 7, Vista, XP SP2 or later

Impact:  Visiting a maliciously crafted website may lead to the

disclosure of video data from another site

Description:  A cross-origin issue existed in QuickTime plug-in's

handling of cross-site redirects. Visiting a maliciously crafted

website may lead to the disclosure of video data from another site.

This issue is addressed by preventing QuickTime from following cross-

site redirects. For Mac OS X v10.6 systems, this issue is addressed

in Mac OS X v10.6.7. This issue does not affect Mac OS X v10.7

systems.

CVE-ID

CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability

Research (MSVR)

Update to QT 7.7.