"google-analytics" virus? Malware? Help!

I suddenly started having the same problem when I got a new modem.

Web sites loaded very slowly and would hang connecting to "google-analytics". Sometimes it was say the connection was interrupted.

What caused it, in my case, was the that I had not restarted my computer when I hooked up the new modem.

So the problem seems to be the computer not having a properly registered IP address.

I would unplug and turn turn off your modem, and turn off your computer. If that doesn't work, I would call your ISP and ask them to do a reset for you.

Did you ever get any resolution on your problem? I am going through the same thing.

If this ain't a virus or malware, I don't know what it is. jumps to pages I didn't select. locks screens. I'm also getting these pop ups that tell me I have a security problem. This is similar to something that is going around on the IBMs.

I still can't tell precisely what triggers it. Sometimes I click on a link and I get that google-analytics thing, and sometimes I don't and it just goes to the link.

Should I purge cookies and from what sites?

Sounds like none of the other DNS fixes worked for folks on this thread.

We get the same results with a mac laptop. I haven't yet narrowed down whether it is just while on our wifi/LAN or not.

Why is everyone panicking?

Removal/prevention of Google cookies:

http://www.google.com/privacy_ads.html

haven't panicked yet, but I'm not convinced google or google-analytics is the only thing going on here. If they can be responsible for total new screens with clicking on anything and little drop down dialogue boxes telling me I've got viruses and should authorize a scan then hopefully the cookie fix will work. But the whole affair looks markedly like a virulent bunch of invasive adware that won't let us browse on the IBM.

Might just be gunshy because of this recent experience in IBM world, but none of this was happening to me and I've been using same operating system and google setup for several years and this just started up about the same time as our problems on the IBM which are similar but more disatrous.

thks,

brian

Have you installed anything lately?
http://www.macworld.com/article/155222/2010/10/boonana_trojan.html

Download and run ClamXav 208
http://www.clamxav.com/index.php?page=v2beta

Brian,
Are your IBM and Mac on the same network? There's a very good chance that your PC originally got infected with malware that then modified the DNS settings on your router itself, which would then cause the symptoms to appear on the Mac. The best bet might be to reset your router to factory settings, and then make sure to change the password for it so that malware can't modify it again (make sure your PC is turned off while you're doing this, so that it can't change the settings!). Instructions on resetting your router can usually be found on the vendor's website. If that does not solve the problem, there's a number of things we can look into on the Mac itself, but since the PC is showing the same symptoms I'm leaning toward the idea that the router settings have been modified.

Nicholas Ptacek

Nicholas,

Thank you for your note. Took me a little while to get back to this thread but I appreciate your thought. Yes, they are on the same network. I'll look up the roouter on the web and see if I can find reset instructions. I guess I was vaguely aware that it had some kind of little flash ROM or something that could be addressed although I haven't messed with it since we got it so I have no idea what the current password or anything like that.

Hopefully if I'm able to some kind of hardward reset I can get a clean start. It is a linksys wireless G-it has various numbers on the bottom but none of them concedes to be a model number. But hopefully the linksys site may explain how to tell what model I have.

Thanks,

Brian

Nicholas,

so I got instructions on how to reset my router. Have done it twice but it doesn't seem to have fixed the problem.

I don't know if I can interrogate the router to see what it's up to when this is going on.\

I have noticed that some newspaper and aggregated content sites seem to be more likely jumping off spots for this problem to crop up. I don't know if there is some kind of rollover or self triggered refresh that is getting captured by this 'virus' or 'router infection' or whatever it is.

The IBM is not online, It's so bad, it won't run reliably and I can't download anti-virus and get it to run, so I'm waiting for a bootable CD with anti-virus from a friend and/or I'm going to dig up another Mac and give up on the IBM.

But any help in stopping these problems with the MAc is appreciated.

Brian

Hi Brian

a new thread will likely get more help - start with what dns you have in mac & router +other steps you've taken... what computers are affected etc I'm sure we'll get to the bottom of it.

see https://store.opendns.com/setup/operatingsystem/apple-osx-leopard and https://store.opendns.com/setup/router/ if you're not definitely using opendns or some alternative.

Use https://store.opendns.com/settings/deluxe/ to make find out.

Brian,
Have you rebooted the Mac since you've reset the router? Do you have a modem that you can plug the Mac directly into (bypassing the router) to see if the problems still persist? That would allow us to determine if the problem lies with the Mac or the router. Go ahead and open your Hard Drive, then the Library folder, then the Internet Plug-Ins folder, and let us know what files are listed there.

Nicholas

Firstly, I have also had this problem, on multiple computers. On my Mac, my two Windows, etc.

Here is my "solution:"
I was researching this and while researching it an idea popped into my head: Just block the ip address of results. ___.com. To do this (since the firewall in Snow Leopard doesn't have the option to block individual ip addresses), I downloaded the free firewall NoobProof at http://www.hanynet.com/noobproof/ and added the ip addresses for results. _____.com to the blacklist. To find the ip addresses of the annoying popups, go to Network Utility and select Lookup. Then simply put in the web address of the popup. This will give you all the addresses of that URL.

The ones that I looked up (because these are the popups I receive) are: results.gugle.com, results.googlesyndication.com, and results.google-analytics.com. The three ip addresses that I found and blocked were: 205.234.231.39, 205.234.201.229, and 75.102.23.111. This does not 'sadly' remove the "infection" but it does stop the popups.

Hope this helps! (MacScan, MainMenu, Disk Utility, Hitman Pro, Malwarebytes, and Spybot S&D didn't do anything for me!!!)

--EDIT--
Make sure you save the configuration to startup at boot: In NoobProof go to Tools and select Install Startup Script and Save to startup configuration

On a personal note this is not google. I believe this is someone that does NOT like google at all and whats to ruin there name. There seems to be nothing wrong with anything else other than the popups. My two cents

Message was edited by: TeenAssassin