Q: Browser Hijack - malware (toseeka)

If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.

You can read more about how, for example, the OSX/DNSChanger Trojan works here:

http://www.f-secure.com/v-descs/trojanosxdnschanger.shtml

SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:

http://macscan.securemac.com/

The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.

(Note that a 30 day trial version of MacScan can be downloaded free of charge from:

http://macscan.securemac.com/buy/

and this can perform a complete scan of your entire hard disk. After 30 days the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)

Delete all cookies as well as URLs for the sites in question, i.e. the ones you are trying to get to and the ones you are redirected to.

Restart Safari.

What are your DNS?
Check both your computer and your router.
Find out what sites your "friend" visited and determine what malware they "offer"
Your console logs may be useful here.

Never never use your computer with an administrator account unless you are actually performing administration activity. Casual browsing does not fall into this category.
Never never let anyone use your account. Always create a standard account for other users or let them use the guest account.

Create a new user account and see if that one works properly.

No idea what you might do now other than an Archive and Install.

But in the future, use a non-admin account for guest access.

Try flushing the DNS cache. In Terminal, type this command:

dscacheutil -flushcache

If that doesn't work, check the hosts file. In the Finder, type cmdshiftg and enter /etc in the path.
In that folder is a file called hosts. Open it with a text editor and make sure there is nothing else but:

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost 
fe80::1%lo0 localhost

Archive and install didn't work either?

You can use a text editor to edit the file; however as it is a system file, you need a text editor that can authenticate as an admin user. There are other ways to move the file, edit it, and then move it back.

However, I just use Bare Bones' TextWrangler. It's free and will let you Unlock the file for editing.

Regardless, that line just redirects the Adobe activation site back to your computer, thus causing it to fail to connect to the server. It is not the cause of your problems.