1 2 Previous Next 23 Replies Latest reply: Aug 3, 2013 12:18 PM by andyBall_uk
elena_ts Level 1 Level 1 (0 points)

Since yesterday I get redirected to this site: http://undeps.vizvaz.com

By searching it in Google I came across some blogs saying that this is a browser hijack, but it doesn't mention how to get rid of if on Safari.

What should I do?


MacBook Pro, Mac OS X (10.7.5)
  • 1. Re: Another Safari hijack: "http://undeps.vizvaz.com" ?
    Carolyn Samit Level 10 Level 10 (89,740 points)

    Try clearing the cache, history, and web data.

     

    Press Command + Option + E to clear the Safari cache.

     

    From the Safari menu bar click History > Clear History

     

    Now go to Safari > Preferences > Privacy

     

    Click:  Remove All Website Data

     

    Qiut Safari.

     

     

    Use OpenDNS to avoid re directs in the future.

     

    Open System Preferences > Network > Advanced > DNS

     

    Click + and type:

     

    208.67.222.222

     

    Click + again and do the same.

     

    208.67.220.220

     

    Click Ok.

     

     

    Launch Safari.

  • 2. Re: Another Safari hijack: "http://undeps.vizvaz.com" ?
    elena_ts Level 1 Level 1 (0 points)

    I did that. Doesn't seem to work

     

    Under Details in Cookies & Other website data I find that as well "vizvaz" and removed along with some others that didn't seem ok

  • 3. Re: Another Safari hijack: "http://undeps.vizvaz.com" ?
    Linc Davis Level 10 Level 10 (118,425 points)

    First, I suggest you revert any changes you made to your DNS settings.

     

    From the Safari menu bar, select

            

    Safari Preferences Extensions

         

    Turn all extensions OFF and test. If the problem is resolved, turn extensions back ON and then disable them one or a few at a time until you find the culprit.

     

    If you wish, you may be able to salvage the malfunctioning extension by uninstalling and reinstalling it. Its settings will revert to their defaults. If the extension still causes a problem, remove it permanently or refer to its developer for support.

  • 4. Re: Another Safari hijack: "http://undeps.vizvaz.com" ?
    Phlac Level 1 Level 1 (35 points)

    you may have to go to ~/Library/Safari/LocalStorage ~/Library/Safari/Databases and delete everything manually.  If you still have a problem, the nuclear option would be to go to ~/Library/Safari/Extensions and delete eveything from that as well as the LocalStorage and Databases directories.

  • 5. Re: Another Safari hijack: "http://undeps.vizvaz.com" ?
    elena_ts Level 1 Level 1 (0 points)

    Linc,  the extensions table is empty and in Library there is no such folder (so I guess I don't have any installed)

     

    Phlac, I did what you said. I deleted everything but the problem persists (Databases folder was empty).

    It only happens though on this website and on this specific URL (home page and everything else – eg. if I go there step step instead of the google results – it works ok). It might have happened with other websites as well, but I don't remember.

  • 6. Re: Another Safari hijack: "http://undeps.vizvaz.com" ?
    andyBall_uk Level 7 Level 7 (20,320 points)

    If it happens only when visiting one site, and only if you used google to get there - then it's very likely the website which has been compromised.

  • 7. Re: Another Safari hijack: "http://undeps.vizvaz.com" ?
    Phlac Level 1 Level 1 (35 points)

    a quick google of vizvaz.com has the first entry as vizvaz.com a dynamic dns service, followed by several pages of "how to remove vizvaz.com" type sites from domains I've never heard of, including several on wordpress blogs - I didn't click on any of them, because sometimes these sites that claim to have removal instructions are just as bad.

     

    a google of "vizvaz.com site:mcafee.com" list 4 articles from mcafee.com, listing a backdoor and a downloader:

    BackDoor-DKI.gen.am and Downloader-CMJ.gen.e!50C0B9ED1E55

     

    Exit Safari and run your favorite anti-virus software.  This definitely malware, while a *nix systems like OS X can't replicate a virus, they certainly can run malware, trojans, downloaders and backdoors.

     

    If you are running Windows, it could be hiding in the registry or several other places besides Safari settings.  I'm unclear as to your system setup, as you have a macbook pro listed, but also show both the Windows and Mac categories in your original post.

     

    It may be as easy as resetting your homepage to google.com and your default search engine to Google on the General Tab in Safari Preferences, it's hard to tell from here.

  • 8. Re: Another Safari hijack: "http://undeps.vizvaz.com" ?
    Phlac Level 1 Level 1 (35 points)

    i mistyped when I said "definitely malware", as I don't know what your setup is - while you could have accidentally installed some sort of trojan, downloader or backdoor and you are running 10.7.5 as shown, then you would have been prompted for your password to allow installation in most cases. If you're running Windows, I would also check the General tab as below and in my previous post, but also run your windows anti-virus software to clean anything out, as *.vizvaz.com appears to be notorious.

     

    I would first check, as I said, in the General tab in Safari preferences and make sure your default search engine is what it should be, as well as your homepage.

  • 9. Re: Another Safari hijack: "http://undeps.vizvaz.com" ?
    Linc Davis Level 10 Level 10 (118,425 points)

    Please post instructions to reproduce the problem.

  • 10. Re: Another Safari hijack: "http://undeps.vizvaz.com" ?
    elena_ts Level 1 Level 1 (0 points)

    I checked both Mac and Windows (VMFusion) using ESET Pro but neither virus nor malware was found – all clean.

    And my Homepage is set to Google as it was.

  • 11. Re: Another Safari hijack: "http://undeps.vizvaz.com" ?
    elena_ts Level 1 Level 1 (0 points)

    Linc Davis wrote:

     

    Please post instructions to reproduce the problem.

    The problem came up when I typed "υποδοχέας της κινάσης τυροσίνης ret" in google.gr. It's the 5th result that persents the problem:

    φαιοχρωμοκυττωμα - συνδρομα πολλαπλης ενδοκρινικης νεοπλασιας

    www.clinical.bioiatriki.gr › Εφαρμογή και Ερμηνεία Αποτελεσμάτων

     

    I hope it helps.

  • 12. Re: Another Safari hijack: "http://undeps.vizvaz.com" ?
    elena_ts Level 1 Level 1 (0 points)

    However, when clicking on the URL from here, the website opens perfectly.

  • 13. Re: Another Safari hijack: "http://undeps.vizvaz.com" ?
    Linc Davis Level 10 Level 10 (118,425 points)

    Please read this whole message before doing anything.

    This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.

    The purpose of the test is to determine whether the problem is caused by third-party software that loads automatically at startup or login, by a peripheral device, or by corruption of certain system caches.

     

    Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode and log in to the account with the problem. Note: If FileVault is enabled, or if a firmware password is set, or if the boot volume is a software RAID, you can’t do this. Ask for further instructions.
       
    Safe mode is much slower to boot and run than normal, and some things won’t work at all, including sound output and  Wi-Fi on certain iMacs. The next normal boot may also be somewhat slow.

    The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.

     

    Test while in safe mode. Same problem?

     

    After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test.

  • 14. Re: Another Safari hijack: "http://undeps.vizvaz.com" ?
    andyBall_uk Level 7 Level 7 (20,320 points)

    I see the exact same redirect - the site seems to have been compromised, as I suggested on 27 July, & links from google are sent elsewhere.

1 2 Previous Next