Skip navigation

Another Safari hijack: "http://undeps.vizvaz.com" ?

1425 Views 23 Replies Latest reply: Aug 3, 2013 12:18 PM by andyBall_uk RSS
1 2 Previous Next
elena_ts Calculating status...
Currently Being Moderated
Jul 26, 2013 2:46 PM

Since yesterday I get redirected to this site: http://undeps.vizvaz.com

By searching it in Google I came across some blogs saying that this is a browser hijack, but it doesn't mention how to get rid of if on Safari.

What should I do?

MacBook Pro, Mac OS X (10.7.5)
  • Carolyn Samit Level 10 Level 10 (84,045 points)
    Currently Being Moderated
    Jul 26, 2013 2:56 PM (in response to elena_ts)

    Try clearing the cache, history, and web data.

     

    Press Command + Option + E to clear the Safari cache.

     

    From the Safari menu bar click History > Clear History

     

    Now go to Safari > Preferences > Privacy

     

    Click:  Remove All Website Data

     

    Qiut Safari.

     

     

    Use OpenDNS to avoid re directs in the future.

     

    Open System Preferences > Network > Advanced > DNS

     

    Click + and type:

     

    208.67.222.222

     

    Click + again and do the same.

     

    208.67.220.220

     

    Click Ok.

     

     

    Launch Safari.

  • Linc Davis Level 10 Level 10 (107,465 points)
    Currently Being Moderated
    Jul 26, 2013 6:06 PM (in response to elena_ts)

    First, I suggest you revert any changes you made to your DNS settings.

     

    From the Safari menu bar, select

            

    Safari Preferences Extensions

         

    Turn all extensions OFF and test. If the problem is resolved, turn extensions back ON and then disable them one or a few at a time until you find the culprit.

     

    If you wish, you may be able to salvage the malfunctioning extension by uninstalling and reinstalling it. Its settings will revert to their defaults. If the extension still causes a problem, remove it permanently or refer to its developer for support.

  • Phlac Level 1 Level 1 (35 points)
    Currently Being Moderated
    Jul 26, 2013 9:07 PM (in response to elena_ts)

    you may have to go to ~/Library/Safari/LocalStorage ~/Library/Safari/Databases and delete everything manually.  If you still have a problem, the nuclear option would be to go to ~/Library/Safari/Extensions and delete eveything from that as well as the LocalStorage and Databases directories.

  • andyBall_uk Level 6 Level 6 (17,450 points)
    Currently Being Moderated
    Jul 27, 2013 2:50 AM (in response to elena_ts)

    If it happens only when visiting one site, and only if you used google to get there - then it's very likely the website which has been compromised.

  • Phlac Level 1 Level 1 (35 points)
    Currently Being Moderated
    Jul 27, 2013 3:24 AM (in response to elena_ts)

    a quick google of vizvaz.com has the first entry as vizvaz.com a dynamic dns service, followed by several pages of "how to remove vizvaz.com" type sites from domains I've never heard of, including several on wordpress blogs - I didn't click on any of them, because sometimes these sites that claim to have removal instructions are just as bad.

     

    a google of "vizvaz.com site:mcafee.com" list 4 articles from mcafee.com, listing a backdoor and a downloader:

    BackDoor-DKI.gen.am and Downloader-CMJ.gen.e!50C0B9ED1E55

     

    Exit Safari and run your favorite anti-virus software.  This definitely malware, while a *nix systems like OS X can't replicate a virus, they certainly can run malware, trojans, downloaders and backdoors.

     

    If you are running Windows, it could be hiding in the registry or several other places besides Safari settings.  I'm unclear as to your system setup, as you have a macbook pro listed, but also show both the Windows and Mac categories in your original post.

     

    It may be as easy as resetting your homepage to google.com and your default search engine to Google on the General Tab in Safari Preferences, it's hard to tell from here.

  • Phlac Level 1 Level 1 (35 points)
    Currently Being Moderated
    Jul 27, 2013 3:43 AM (in response to Phlac)

    i mistyped when I said "definitely malware", as I don't know what your setup is - while you could have accidentally installed some sort of trojan, downloader or backdoor and you are running 10.7.5 as shown, then you would have been prompted for your password to allow installation in most cases. If you're running Windows, I would also check the General tab as below and in my previous post, but also run your windows anti-virus software to clean anything out, as *.vizvaz.com appears to be notorious.

     

    I would first check, as I said, in the General tab in Safari preferences and make sure your default search engine is what it should be, as well as your homepage.

  • Linc Davis Level 10 Level 10 (107,465 points)
    Currently Being Moderated
    Jul 27, 2013 6:33 AM (in response to elena_ts)

    Please post instructions to reproduce the problem.

  • Linc Davis Level 10 Level 10 (107,465 points)

    Please read this whole message before doing anything.

    This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.

    The purpose of the test is to determine whether the problem is caused by third-party software that loads automatically at startup or login, by a peripheral device, or by corruption of certain system caches.

     

    Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode and log in to the account with the problem. Note: If FileVault is enabled, or if a firmware password is set, or if the boot volume is a software RAID, you can’t do this. Ask for further instructions.
       
    Safe mode is much slower to boot and run than normal, and some things won’t work at all, including sound output and  Wi-Fi on certain iMacs. The next normal boot may also be somewhat slow.

    The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.

     

    Test while in safe mode. Same problem?

     

    After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test.

  • andyBall_uk Level 6 Level 6 (17,450 points)

    I see the exact same redirect - the site seems to have been compromised, as I suggested on 27 July, & links from google are sent elsewhere.

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.