User profile for user: Nalls
Nalls Author
User level: Level 1
1 points

Corrupt routing table reported by Network Utility: netstat. How do I fix?

My netstat routing table looks like this:
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.0.1 UGSc 72 0 en0
127 movies.spacash.com UCS 0 0 lo0
movies.spacash.com movies.spacash.com UH 0 121 lo0
169.254 link#4 UCS 0 0 en0
192.168.0 link#4 UCS 2 0 en0
192.168.0.1 0:17:9a:29:69:9c UHLWI 93 580 en0 742
192.168.0.102 movies.spacash.com UHS 0 0 lo0
192.168.0.103 0:26:8:33:3a:8 UHLWI 0 0 en0 43

I'm thinking the movies.spacsh.com is a corruption from a piece of malicious software I've stumbled across.

My question is how can I fix my routing table? Or should I just backup, format and reinstall OS X because it has been infected?

Macbook Pro 15" Late 2008, Mac OS X (10.6.3)

Posted on May 19, 2010 10:06 PM

Reply
5 replies
User profile for user: rack0 tack0
rack0 tack0
User level: Level 4
2,610 points

May 20, 2010 11:12 AM in response to Nalls

You could check the networks file in the /etc directory, mine just has this in it. My Mac is just plugged into an ADSL router with no network routing required, if you setup is similar this is all you probably need.

##
#Networks Database
##
loopback 127 loopback-net

If your file is different and you have not altered it, save a copy of your old file and use the above to modify your networks file, then reboot. See if the corruption returns. As for other problems that could be due to malware check your hosts file /etc/hosts just in case that has been altered also. After that its use your last known good backup or rebuild.

Make sure your data is backed up before trying anything.
Reply
User profile for user: rack0 tack0
rack0 tack0
User level: Level 4
2,610 points

May 21, 2010 10:58 AM in response to Nalls

Did you have a look at the hosts file in /etc/hosts? Mine looks like this, I think but not sure that the fe80 is to do with IPv6. Unless you have modified it I would not expect to see anything else in this file.

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost

other than that I am out of ideas for now.
Reply
User profile for user: Nalls
Nalls Author
User level: Level 1
1 points

May 21, 2010 9:18 PM in response to rack0 tack0

Hello rack0 tack0,

Okay, so I checked my hosts file, it had a bunch of garbage in the top, sorry I didn't save that out. I'm not that great with pico. When I restarted I then had an entry www.lookde5.com, which was another entry in my hosts file.

I read at http://forums.macosxhints.com/showthread.php?t=80593 a similar discussion. They commented that Netif expire was lo0, which is loopback and that essentially local host had just become known as the apparent corrupt entry and that because it was in the hosts file when pinging www.lookde5.com it only comes back as home (127.0.0.1).

So.. I went and made my hosts file only contain basic entries.

So it seems that somehow my hosts file was being misinterpreted somewhere resulting in the apparent corruption.

Do you think I have this right? Are there other tables or references that are used that may conflict with a large hosts file?

Thanks again for your help and ideas by the way!

- Nalls
Reply
User profile for user: rack0 tack0
rack0 tack0
User level: Level 4
2,610 points

May 22, 2010 10:52 AM in response to Nalls

If I understand correctly, now you have only a basic hosts file the routing table is correct?

I think you have the picture, its a few years since I stopped work as network support, so I am a bit rusty on it all myself.
Not sure what malware you picked up but you may want to check this item out for DNS changer,
http://www.macworld.com/article/60823/2007/10/trojanhorse.html it gives details to confirm if the trojan has been removed, even if it was different malware it will confirm that your DNS is using the DNS server you expect.

Just to make sure you have removed all the problems, you can also download iAntvirus from PC tools, you should find it on the Apple downloads pages, and scan you system disk with that.

After all that if you are still not sure of the state of your system disk it may be time to rebuild.

Have fun.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Corrupt routing table reported by Network Utility: netstat. How do I fix?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up