Currently Being ModeratedAug 7, 2011 4:14 PM (in response to rkaufmann87)
Yes, I have reset the Comcast Cable modem and my Apple Time Capsul in various orders but that didn't work. I did traceroutes to www.google.com and the results seemed normal. I could ping www.google.com as well and recieved responses in the 30ms range (no delays). I was thinking that my routing could be going astray and tried to reset my IP address through Comcast but that wouldn't make sense becuase other computers (another iMac, a PC laptop, 2 iPhones, an iPad and an iPod) on the same network could access Google with no issues.
From my end, it seemed that www.google.com was being redirected. I could type in a real Google address and it would come up but it would not show search results because it would route to a www.google.com address and then re-direct to the bogus 22.214.171.124 address. I spent some time in a chat with the Comcast techs but they insisted it was on my iMac and it was out of their scope of support.
My issue is who/what had permission to change the host file? The file was updated on 30 Jul 11 just after midnight. I was asleep at the time. Also, I don't have a butler so rule that one out...
I've never heard of this type of problem but one thing you can try is resetting the DNS settings. I also use Comcast and found I had an issue with the DNS settings they use that created some connectivity issues. After resetting them the problem went away. Give it a shot:
1. System preferences
3. Click Advanced
4. Click DNS tab
5. Click + sign
6. Add 126.96.36.199
7. Click + sign
8. Add 188.8.131.52
9. Click OK.
10. Exit System Preferences
If you aren't familiar with what the DNS is here is an article from MacWorld. DNS Troubleshooting
Currently Being ModeratedAug 7, 2011 10:43 PM (in response to CW4PWR)
# Host Database
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
You have been infected by Trojan:BASH/QHost.WB. I was beginning to think this wasn't an actual threat, but apparently you found it by downloading and installing a fake FlashPlayer.
Deleting all the 184.108.40.206 entries may fix it, and stay away from Google until you do. As far as I know nothing bad has happened to anybody that visits that site yet, but once it's activated anything could happen. If you have any idea where you got it that might help us get all the AV software up-to-date.
Currently Being ModeratedAug 8, 2011 1:40 AM (in response to MadMacs0)
If you downloaded the file "FlashPlayer.pkg" mentioned in the f-secure blog and still have it you can do the community a big favor by uploading it to http://www.virustotal.com/. Assuming there is no entry in the status column next to ClamAV then also upload it to http://cgi.clamav.net/sendvirus.cgi and in the description include the keyword "macos".