Skip navigation

Malware "searchmagnified.com" question!

1132 Views 13 Replies Latest reply: May 24, 2012 8:38 AM by WZZZ RSS
nadddod Calculating status...
Currently Being Moderated
May 16, 2012 3:25 PM

Dear Apple Support Communities:

 

I appreciate your help with this matter.  When I try to open certain website (not all of them), my safari browser re-direct me to this site:  www.searchmagnified.com

 

Please advise me how can I remove that.

 

I followed few advises i.e. deleting blist from the Safari's library, however, it didn't work with some websites. My Safari still re-direct me to: www.searchmagnified.com

 

I really appreciate any help.

 

Thank you

Macbook Pro, Mac OS X (10.6.4)
  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    May 16, 2012 7:28 PM (in response to nadddod)

    Your machine is infected with the Flashflake botnet.

     

     

    1: Backup your users files off the machine to a external drive and disconnect.

     

    Screen shot 2012-05-11 at 8.13.19 PM.jpg

     

     

    2: Stick the 10.6 install disk into the machine and reboot holding the option key down, you will see a choice to choose the 10.6 disk, choose that to boot from.

     

    3: Install 10.6, it will replace the infected copy with the one from the disk

     

    4: Reboot and log in, run Software Update from under the Apple Menu, that will clear the malware

  • ds store Level 7 Level 7 (30,305 points)
    Currently Being Moderated
    May 20, 2012 9:40 AM (in response to nadddod)

    Take your machine to a local PC/Mac specialist, we can't help you, only those who can help themselves.

     

     

    Good Luck.

  • WZZZ Level 6 Level 6 (11,875 points)
    Currently Being Moderated
    May 20, 2012 1:19 PM (in response to nadddod)

    I don't think that's Fakeflash, aka Flashback. First, go into your browser>preferences and empty the cache and all cookies. Then open System Preferences>Network>Advanced for the Network interface you use, e.g. Aiport (mine) or Ethernet,  and enter these numbers, the first two only, for OpenDNS, which are patched against DNS poisoning. Then hit "apply."

     

    Screen shot 2012-05-20 at 4.10.33 PM.png

     

    When finished, go to http://www.opendns.com/welcome/ to make sure you are now using these servers.

     

    Here's a short article with the instructions.

     

    http://guides.macrumors.com/Mac_Virus/Malware_FAQ#Why_am_I_being_redirected_to_o ther_sites.3F

  • WZZZ Level 6 Level 6 (11,875 points)
    Currently Being Moderated
    May 20, 2012 1:50 PM (in response to WZZZ)

    In any case, whether Flashback is responsible for this or not, make sure you get the latest Java update from Software Update. It includes a Flashback removal tool.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    May 20, 2012 2:04 PM (in response to nadddod)

    If you are still using OS X 10.6.4 as your profile states, then your first job is to update to 10.6.8 and then install everything that Software Update offers you. That will include the Java update and Flashback check / removal you need.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    May 20, 2012 3:12 PM (in response to nadddod)

    nadddod wrote:

     

    I have OSX10.6.4 and all software's are uptodate!

    One of us is still confused. Your profile now ways you are running OS X 10.6.8 which is what it should be if all your software is up-to-date. If that's true then this is probably not be a Flashback Trojan/Backdoor issue.

  • X423424X Level 6 Level 6 (14,190 points)
    Currently Being Moderated
    May 20, 2012 3:31 PM (in response to nadddod)

    Have you tried other browsers besides safari?  For example, firefox, chrome, etc.

  • WZZZ Level 6 Level 6 (11,875 points)
    Currently Being Moderated
    May 20, 2012 5:36 PM (in response to nadddod)

    nadddod wrote:

     

    Dear WZZZ:

     

    I followed the steps that you gave me. I entered the first 2 numbers. However, when I went to the link above to test it (if I am using an open DSN), it says NO!!! I am not sure why?!

     

    Did you follow the steps in the article I linked? It isn't necessary to remove the previous numbers if there are any. You may want to keep those as a backup. But make sure the two numbers for OpenDNS are inserted above any others, using the + button. Those servers will be used before any others. You can see the order of those in my screenshot. Make sure you hit OK and then Apply.

  • WZZZ Level 6 Level 6 (11,875 points)
    Currently Being Moderated
    May 24, 2012 8:38 AM (in response to nadddod)

    You're welcome. I hope that was it.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.