Skip navigation

Another Safari hijack: "" ?

1423 Views 23 Replies Latest reply: Aug 3, 2013 12:18 PM by andyBall_uk RSS
1 2 Previous Next
elena_ts Calculating status...
Currently Being Moderated
Jul 26, 2013 2:46 PM

Since yesterday I get redirected to this site:

By searching it in Google I came across some blogs saying that this is a browser hijack, but it doesn't mention how to get rid of if on Safari.

What should I do?

MacBook Pro, Mac OS X (10.7.5)
  • Carolyn Samit Level 10 Level 10 (84,010 points)
    Currently Being Moderated
    Jul 26, 2013 2:56 PM (in response to elena_ts)

    Try clearing the cache, history, and web data.


    Press Command + Option + E to clear the Safari cache.


    From the Safari menu bar click History > Clear History


    Now go to Safari > Preferences > Privacy


    Click:  Remove All Website Data


    Qiut Safari.



    Use OpenDNS to avoid re directs in the future.


    Open System Preferences > Network > Advanced > DNS


    Click + and type:



    Click + again and do the same.



    Click Ok.



    Launch Safari.

  • Linc Davis Level 10 Level 10 (107,390 points)
    Currently Being Moderated
    Jul 26, 2013 6:06 PM (in response to elena_ts)

    First, I suggest you revert any changes you made to your DNS settings.


    From the Safari menu bar, select


    Safari Preferences Extensions


    Turn all extensions OFF and test. If the problem is resolved, turn extensions back ON and then disable them one or a few at a time until you find the culprit.


    If you wish, you may be able to salvage the malfunctioning extension by uninstalling and reinstalling it. Its settings will revert to their defaults. If the extension still causes a problem, remove it permanently or refer to its developer for support.

  • Phlac Level 1 Level 1 (35 points)
    Currently Being Moderated
    Jul 26, 2013 9:07 PM (in response to elena_ts)

    you may have to go to ~/Library/Safari/LocalStorage ~/Library/Safari/Databases and delete everything manually.  If you still have a problem, the nuclear option would be to go to ~/Library/Safari/Extensions and delete eveything from that as well as the LocalStorage and Databases directories.

  • andyBall_uk Level 6 Level 6 (17,440 points)
    Currently Being Moderated
    Jul 27, 2013 2:50 AM (in response to elena_ts)

    If it happens only when visiting one site, and only if you used google to get there - then it's very likely the website which has been compromised.

  • Phlac Level 1 Level 1 (35 points)
    Currently Being Moderated
    Jul 27, 2013 3:24 AM (in response to elena_ts)

    a quick google of has the first entry as a dynamic dns service, followed by several pages of "how to remove" type sites from domains I've never heard of, including several on wordpress blogs - I didn't click on any of them, because sometimes these sites that claim to have removal instructions are just as bad.


    a google of "" list 4 articles from, listing a backdoor and a downloader: and Downloader-CMJ.gen.e!50C0B9ED1E55


    Exit Safari and run your favorite anti-virus software.  This definitely malware, while a *nix systems like OS X can't replicate a virus, they certainly can run malware, trojans, downloaders and backdoors.


    If you are running Windows, it could be hiding in the registry or several other places besides Safari settings.  I'm unclear as to your system setup, as you have a macbook pro listed, but also show both the Windows and Mac categories in your original post.


    It may be as easy as resetting your homepage to and your default search engine to Google on the General Tab in Safari Preferences, it's hard to tell from here.

  • Phlac Level 1 Level 1 (35 points)
    Currently Being Moderated
    Jul 27, 2013 3:43 AM (in response to Phlac)

    i mistyped when I said "definitely malware", as I don't know what your setup is - while you could have accidentally installed some sort of trojan, downloader or backdoor and you are running 10.7.5 as shown, then you would have been prompted for your password to allow installation in most cases. If you're running Windows, I would also check the General tab as below and in my previous post, but also run your windows anti-virus software to clean anything out, as * appears to be notorious.


    I would first check, as I said, in the General tab in Safari preferences and make sure your default search engine is what it should be, as well as your homepage.

  • Linc Davis Level 10 Level 10 (107,390 points)
    Currently Being Moderated
    Jul 27, 2013 6:33 AM (in response to elena_ts)

    Please post instructions to reproduce the problem.

  • Linc Davis Level 10 Level 10 (107,390 points)

    Please read this whole message before doing anything.

    This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.

    The purpose of the test is to determine whether the problem is caused by third-party software that loads automatically at startup or login, by a peripheral device, or by corruption of certain system caches.


    Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode and log in to the account with the problem. Note: If FileVault is enabled, or if a firmware password is set, or if the boot volume is a software RAID, you can’t do this. Ask for further instructions.
    Safe mode is much slower to boot and run than normal, and some things won’t work at all, including sound output and  Wi-Fi on certain iMacs. The next normal boot may also be somewhat slow.

    The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.


    Test while in safe mode. Same problem?


    After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test.

  • andyBall_uk Level 6 Level 6 (17,440 points)

    I see the exact same redirect - the site seems to have been compromised, as I suggested on 27 July, & links from google are sent elsewhere.

1 2 Previous Next


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.