Q: I am having trouble with a redirect virus; how to fix?

Well, my iphone redirects through quite a chain of sites ending at BaDoink.

I have RESET as NEW iPhone, Advanced has ZERO bytes of website data.

My discovery of the problem was visiting disclosureproject.org and clicking on the movie trailer link.

http://sirius.neverendinglight.com/

I get where I am supposed to go on my computers, but on my iPhone I get redirected.

This occurs either through WiFi or E or 3G web data connections.

I reset DNS to 8.8.8.8 on WiFi but it had no effect.

I will likely cease using my iPhone as a result.

January 23, 2013

This is not caused by malware of any kind. Unless you have jailbroken your phone, there is no malware that affects iOS devices.

As to what it could be, I see exactly the same behavior from the URL you provided. What this tells me is that the site has been hacked, but only the mobile version of the site is affected. (A site can deliver different pages depending on the device, and many sites will deliver a different page to mobile devices than to full-fledged computers.)

Thus, there's no need to stop using your iPhone. However, you probably should contact the owner of that site to notify them of the issue.

Yes. It replicates on other iPhones, something I could not test by myself.

I have contacted the referring site and the site itsself.

I understand it might be in their htaccess file.

Thanks.

I got the strangest message that I was not allowed to access this resource when I followed the link, but got here via "My Stuff".

I have the same problem here with the Chrome browser. Sometimes it opens a new tab with a clickbucks url. I can't solve that. The return of the script you provided was:

defaults read ~/.MacOSX/environment -- 2013-02-24 21:37:49.323 defaults[56553:f07]

Domain /Users/arthursilva/.MacOSX/environment does not exist

ls -al /Applications/Safari.app/Contents/Resources/*COAA* -- ls: /Applications/Safari.app/Contents/Resources/*COAA*: No such file or directory

java version "1.6.0_41"

Java(TM) SE Runtime Environment (build 1.6.0_41-b02-445-11M4107)

Java HotSpot(TM) 64-Bit Server VM (build 20.14-b01-445, mixed mode)

And the following command:

ls -a /Applications/Safari.app/Contents/Resources/ | grep "^\."

Returns nothing . Empty (just . and ..)

I just noticed that the URL is also opening at Safari. So both chrome and safari are infected? I haven't been using Safari for a while, opened it today because I noticed that chrome was infected.

and I just checked my DNS and it is ok.

r2arthur wrote:

 

I have the same problem here with the Chrome browser. Sometimes it opens a new tab with a clickbucks url. I can't solve that. The return of the script you provided was:

 

defaults read ~/.MacOSX/environment -- 2013-02-24 21:37:49.323 defaults[56553:f07]

Domain /Users/arthursilva/.MacOSX/environment does not exist

 

ls -al /Applications/Safari.app/Contents/Resources/*COAA* -- ls: /Applications/Safari.app/Contents/Resources/*COAA*: No such file or directory

Those are very old and had to do with the Flashback Backdoor/Trojan that was in existance almost a year ago and has been declared extinct for several months now by most all of the Anti-Virus experts. If your software is fully up-to-date, and it sounds like it is, then Apple has fully protected you against that malware and would have removed anything that you already had on your hard drive a long time ago.  Your problem is almost certainly not malware and clearly not Flashback.

r2arthur wrote:

 

I just noticed that the URL is also opening at Safari. So both chrome and safari are infected?

I doubt it. Here's some more current information on how to avoid such things Eliminating browser redirects and advertisements.

https://discussions.apple.com/thread/4912510

any help/advice would be great please tried a couple of things from this discussion.

Thanks

Read:

http://www.reedcorner.net/eliminating-browser-redirects-and-advertisements/

Have done, although i've been unable to check if the problem is just on my internet or if its effecting other computers. 

https://discussions.apple.com/thread/4912510

Details of what ive tried.

Cheers

Sorry I've read it a bit more thoroughly and tried all the links. I changed my DNS servers to 8.8.8.8 and 8.8.4.4, I've also put

more /etc/hosts

into terminal and got the result that is displayed on http://www.reedcorner.net/eliminating-browser-redirects-and-advertisements/.

Where the DNS servers the right thing to do for Safari? are these just for chrome?

Thanks

Please stop all this and run Software Updates as I said in your original posting. Until you install all the Security and Java updates you are wasting all of our time!

"Where the DNS servers the right thing to do for Safari? are these just for chrome?"

They are for all.

I got rid of my Firefox redirect problem by removing eveything related to Firefox.app and re-download and reinstalled the software again. Make sure you also remove the ~/Library/Applicaiton Support/Firefox. I think there's where the virus hiding because when I did the first clean reinstall, the problem was still there. It was until I removed the "Application Support" stuffs, the problem then went away and firefox looked like a new born baby with none of my customizations. It's a shame that I have to redo all the add-ons and things, but at least I can still use Firefox as my broswer.

Be careful what add-ons you put back, because one of the add-ons you added was causing the problem. That's why the problem went away when you deleted the Firefox folder in Application Support.