Browser hijack? Virus? Halp!

There are no Mac viruses.
What you have may be DNS hijacking or some malware installed on your system.
Internet Explorer on a Mac? Not for years.
Are you running Windows? If so, then you may have a virus, but only on the Windows installation.
You need to better describe your problem.

Your profile is a blank. You need to fill it out so we know what you are running.

Message was edited by: nerowolfe

JHchambjos wrote:
IE is still available, just not the recent versions. I have 5.2.3.
Not running Windows, just Mac.

OK, just wondering. I also have the last version of IE on my MBP. I don't know if it still runs.

I'm on an iBook G4, OS X 10.5.6.

And in Finder, it says there's a disc in the drive, when I know there isn't. If that's useful.

Are you running WiFi? If so are you using WPA2? If not do so immediately.
Are you connected directly to the internet or through a router?

In the Network Preference pane, check your DNS.
For many systems it will be the router address aka gateway - 192.168.1.1
It may also be assigned by your ISP.
And it may also be that your router or computer has had its DNS changed by malware
A typical "bad" DNS was 85.255. .
I don't know if that is still the case.
If you are not sure what your DNS should be, then change them to OpenDNS from here:
http://www.opendns.com/
They include instructions for Macs and routers.

I would also install LittleSnitch
http://www.obdev.at/products/littlesnitch/download.html
which will alert you to potential intruders and much more.

Be sure your firewall is turned on.
Don't run the computer as an administrator unless actually administrating - this is an Apple recommendation which some follow.
And lastly do you have a TM backup just in case you need to set your computer back a bit in time?

Sounds more like a seriously misconfigured browser. I've never, ever heard of Hickory Farms having anything to do with any browser hijack, and they are most definitely a well known and reputable company. If the hosts file has been tampered with, all pages would point to that. If you can create a whole new user on the computer, see if that resolves the issue. If not, you may wish to perform a backup of your files and reinstall the OS (considering you have other very peculiar issues).

Euchre wrote:
Sounds more like a seriously misconfigured browser.

The OP lists 3 browsers with this problem. I doubt that they all would be misconfigured in the identical way.

I've never, ever heard of Hickory Farms having anything to do with any browser hijack,

I agree. But I prefer to be suspicious and wrong than blase and wrong. 🙂

If the hosts file has been tampered with, all pages would point to that. If you can create a whole new user on the computer, see if that resolves the issue.

The hosts file is a system file - read by all browsers, all users and all things that use IP addresses.
The hosts file will even redirect a ping from any user.

I do not think this is an attack, but again I prefer to be cautious. It certainly points to a misconfiguration somewhere; cause, at present, unknown.

Message was edited by: nerowolfe

JHchambjos wrote:
Hokazies...
I made a new account... Everything's fine on the new account. I'm far from being an expert, but it looks like it's targeted to me.

It may simply be a corrupted file in your preferences directory.
Let's try this:
In your local library->preferences directory drag this file
com.apple.NetworkUtility.plist
onto the desktop and reboot.
You may have to reset some network items after doing so.
See if that fixes things.
If not there is always a next 🙂

Also... Why do they recommend not using Administrator unless actually Administrating?

The administrator account can do things that are not allowed in a standard account. It's possible to accidentally delete files when using an administrator account without warning, and if you go to a website that does contain malware, it makes it easier for the malware to install itself if you are an administrator. In general there are few reasons to casually use the admin account and many reasons not to, unless, as Apple points out, you are actually administrating. Browsing the web, reading/sending emails, etc. are not administrative actions and do not require such a powerful account. One reason Windows systems are easily infected is that most Windows users run as administrators and don't even know that they are doing so. Yes, Windows does have a standard account, and it is recommended but hardly anyone knows about it.

Many of the problems you read about in these forums would not have happened had the user been running a standard account. "Oops, accidentally deleted my user account" or "changed permissions on all accounts to nobody and now I can't log in anymore," and such, do not occur without admin permissions.
It's not a requirement, but I would say that until one knows his computer very very well and has a full updated backup, it can lead to trouble on occasion - and it only takes one of these occasions to ruin a day.

Here is Apple's security doc. Yes, it's for servers, but it also applies to non-servers, and actually Leopard has a server in it.
http://images.apple.com/support/security/guides/docs/LeopardSecurity_Config_2ndEd.pdf
The accounts section is section 5, Securing Accounts.
It's a document everyone running Leopard should be familiar with.

Message was edited by: nerowolfe

nerowolfe wrote:
There are no Mac viruses.

Sorry, but not true. There are none of major concern, but many worms, trojans, etc exist for various versions of the Macintosh OS. For example, Lamzev-A* exists for Leopard. Now, are these a concern for a user who exercises even the most basic bit of common sense? Not really. But to say there are none is misleading at best and inaccurate at worst. It is certainly nowhere near as bad as the Windows situation, but it exists nonetheless.

Of course, some would argue that a "virus" is a very specific type of threat and does not include worms, trojans, etc. Nevertheless, since in common parlance a "virus" is considered to be malicious software (i.e. "Anti virus software" which protects against, viruses, worms, trojans, keyloggers, etc), it is disingenuous to maintain this distinction outside of technical circles without first acknowledging the debate.

Still, this is a bit of a side argument. I'm not suggesting the OP should ignore your quite helpful advice. 🙂

* http://news.zdnet.com/2100-9595_22-251586.html

Xian Rinpoche wrote:

nerowolfe wrote:
There are no Mac viruses.

Sorry, but not true. There are none of major concern, but many worms, trojans, etc exist for various versions of the Macintosh OS.

Sorry but not true. We try to keep FUD out of these forums.

Unless your "etc" means virus, you are confused. Worms and trojans are not viruses. And there are no viruses for Macs.

For example, Lamzev-A* exists for Leopard.

This is malware, NOT a virus. When I say "virus" that's what I mean. Virus. Is that clear enough?

If you are going to try to get technical, please be very careful.

I repeat - -
There are no viruses for Macs. I cannot make it any clearer.
This applies to Macs running OS X.
Last century there was one for OS9, but that was before my time and it was killed last millennium as well.

Message was edited by: nerowolfe

nerowolfe wrote:

Xian Rinpoche wrote:

nerowolfe wrote:
There are no Mac viruses.

Sorry, but not true.

Sorry but not true.
there are no viruses for Macs.
There are no viruses for Macs. I cannot make it any clearer.

Except OS 9, of course. I mean, if OS 9 had a virus, that would mean there WERE viruses for Macs, right?

This applies to Macs running OS X. ... Last century there was one for OS9, but that was before my time and it was killed last millennium as well.

Oh, thanks for making that clear. For a second there, I thought you were saying "There are no viruses for Macs."

On a less sarcastic note, I gather you didn't read my second paragraph. So, I'll go ahead and reiterate and clarify the important part. You are replying to a user who may or may not understand the distinction between a "virus" and a "trojan" and a "worm" and so forth. You are, of course, quite in your rights to use the word "virus" in its purest form without explaining the possible interpretations, but that may not be helpful to one who is not versed in the intricacies of the situation. You would also be ignoring the fact that the phrase "computer virus" (and therefore the root word "virus") may now include a larger corpus of threats than "real" viruses; having been extended through common usage to include some of the malware programs that can "infect" computers. The OP might very well consider a "worm" or a "trojan" to be a "virus." I think it is worth a little elucidation to be sure.

As for "FUD": There IS a point in remembering OS 9. Macs really are incredibly safe with respect to viruses, but many users take that to mean they are impervious (not saying you are, but many do). Remembering OS 9 is an important "lesson" and even Apple acknowledges that the increased popularity of OS X makes a "real" virus a distinct possibility in the future. You say we try to avoid FUD in the forums, and I agree. At the same time, we also try to avoid ignoring past realities for the sake of "marketing hype." When replying to the average user, it never hurts to take the time to point some of the "footnotes" to maintain a clear picture.

Unless your "etc" means virus, you are confused.

Yes, by "etc" I did mean "viruses," but since they're only for OS 9 (so far), they fall under the "etc" category in my mind since they're not really a threat for OS X. Nevertheless, I'll remain on guard for that "error" in the future.

Message was edited by: Xian Rinpoche
+Edits for readability and clarification. Some "half-deleted" or redundant sentences removed.+

I read these back and forth discussions on a regular basis. I can tell when people get their information from online rumor sites or news releases by security companies on PC magazines. I read those journals also, and then read the re-release or restated headline, where "it really isn't a Virus, but it got you to look".

Many of the people who come here don't care what it's called, and they just want their problem fixed. You can get assistance here, but you will have to learn how to describe problems and learn the proper terms for 'thingys'. If you hang out here long enough, you'll learn to look for solved solutions, just to learn.

If you go to "Ask Yahoo" with a question, you may get answers just as dingy as the questions. That can't happen here too often because the 'Sages' in the forums would tend to rip me apart for sloppy inaccurate information. People who leave here, do so with a better understanding of the technology in front of them, the proper terms or jargon, and they can learn to understand BS hype (especially coming from security companies looking to boost sales).

Linking or associating every kind of unintended software issue, etc, with a virus is inaccurate, and you should know that. There are over 150,000 virii in the wild. None of them will run on a Mac that run's any version of OS X. None yet this century. When that changes, we will be able to use any number of tools or control methods including clone backups, Time Machine, and utilities designed to remove or repair the damage.

You are trying to use semantics to confuse and muddle the issue. Symantec (Norton) does a far better job of that.

People who leave here, do so with a better understanding of ... the proper terms or jargon

This is part of my issue. The reason why Macs (OS X) don't have viruses was never explained. The OP did not leave with a better understanding of the jargon that I saw. That's what I was taking exception to.

Linking or associating every kind of unintended software issue, etc, with a virus is inaccurate, and you should know that.

Agreed. Still, it doesn't change that fact that the average user does so. Not taking time to correct this linkage goes back to not providing "a better understanding of ... the proper terms or jargon."

You are trying to use semantics to confuse and muddle the issue.

Assuming this was aimed at me, my problem was with another semantic (+"Relating to signification or meaning" -OED+) statement: "There are no viruses for Macs." Semantically speaking, yes. Of course, the user is thinking of "malware," which does exist for Macs. So, using his language, "there are viruses for Mac OS X." At least until I choose to educate him as to the use of the word "virus."

+In the end, none of this matters. OP appears to be having his problem addressed and that's the most important point. I took exception to a statement that I should have just let go, since it didn't have a significant impact on the issue at hand. I should have just clarified the "virus" issue much quicker and with far fewer words. My mistake for making this into a full-blown debate. apologies to all.+

It is important to use correct terminology, but Xian Rinpoche's point is clear -- to pedantically insist that there are no Mac viruses (which may technically be true) as proof of OS X's security is a feeble argument that nobody with the best interest of Mac users in mind would make.

Currently, with the six+ months old Java arbitrary code execution vulnerabilities (proof of concept in circulation) and various privilege escalation vulnerabilities (years old), an OS X Mac in the default configuration can be rooted just by visiting a malicious web site.

So sure, no viruses this millenium. Technically. Meanwhile, the crooks could have your credit card and banking information from redirecting your browsers' requests, and all the TimeMachine backups in your backup disk aren't going to make them unlearn your personal information.

Apologists should learn to acknowledge flaws rather than blindly defending a corporation just because they happen to like some of their products. It does a disservice to the community.

Having said that, the OP's case is perplexing - browser redirection affecting multiple browsers but only one account? I agree with nerowolfe - I'm inclined to think it's not an attack, especially given where the browsers are being redirected too (assuming that site hasn't itself been hacked to host malicious content). If I were to take a wild guess, I might suspect "parental controls" and something awry with the proxy server - that would at least fit the "one account" part of the symptoms and does involve a part of the system that acts as a middle-man between the account's browsers and the internet...

biovizier wrote:
It is important to use correct terminology, but Xian Rinpoche's point is clear -- to pedantically insist that there are no Mac viruses (which may technically be true) as proof of OS X's security is a feeble argument that nobody with the best interest of Mac users in mind would make.

It's not being pedantic. Words have meanings. We don't toss out words randomly. A virus is a virus. It has a very specific definition. Blurring the definition for the purposes of creating FUD does nobody any good. Once people start mixing up words we enter the state of chaos in which any word means anything we choose it to mean. Computing is a very highly technical field and it is important not to start changing the language until it has no meaning.
While Wiki is not the best of sources, they say,

"A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.[1][2]..."
REF: http://en.wikipedia.org/wiki/Computer_virus

People often refer to HD space as memory, and such other faux pas, and it is important not to let such erroneous concepts become the norm or nobody will understand what someone else is talking about.
It's not being pedantic, it's simply using the language properly. It's important not to be sloppy with words, otherwise what good are they? A hacker knows the difference between a root-kit and a virus and we should know at least as much as the enemy or they will win.

Message was edited by: nerowolfe

Message was edited by: nerowolfe

All very true, and I honestly agree with you. At the same time, one does not prevent " erroneous concepts becom[ing] the norm" without explaining what the correct usage is. If a person sees a virus as all things malware and you reply "there are no viruses for Macs," nothing has been done to prevent future misuse of the word. The still thinks "There are no (trojans, worms, keyloggers, viruses, etc) for the Mac" since they will continue to be under the mistaken impression that anything that behaves maliciously on their Mac is a virus.

Again, I was too "sharp" in my criticism and I'm sorry. I saw you use the word "virus" in a different sense than the OP, without explaining why yours was the correct usage. As such, I felt you were compounding the misuse of the word (without meaning to, of course). My response obviously wasn't the best approach to correct what I saw as a mistake in your post, but we'll just chalk that up to getting home after a 12-hour day :P

Message was edited by: Xian Rinpoche