Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: sdej91
sdej91 Author
User level: Level 1
0 points

redirecting virus

my apologies in advanced if this has already been talked about. i am just so frustrated with this problem i am having. the whole reason why i bought my mac OSx 10.6.4 was because it would run great and i would not have to worry about virus because apparently macs dont get virus'

well i have i believe the "google redirecting virus" i have done some research on other forums with people having the same problem, however they are mostly on PC's. whenever i click on a google search link i get taken to all sorts of sites, from another google page, to ebay, to an obvious scam, to even adult commercials. normally it will open these in a new window also. i can get to my site only after exiting the window and trying again and sometimes this takes a few goes.

i only bought this mac about 2 months ago and i can't believe its got problems already. if anyone could give me any assistance that would be so greatly appreciated.

thankyou
sdej91

macbook pro 15 inch, Mac OS X (10.6.4)

Posted on Nov 17, 2010 3:34 AM

Reply
16 replies
User profile for user: Barney-15E
Barney-15E
User level: Level 10
112,614 points

Nov 17, 2010 3:45 AM in response to sdej91

You have either downloaded and installed a DNS changer-type trojan horse or your router has been compromised and is redirecting your searches. There are no viruses and only a handful of Trojan Horses. One that does redirect DNS queries is identified by the OS, so it is not likely that problem.

The normal vectors for such things is trying to install pirated software or install adult video codecs. There is also a new one on Facebook that tries to install, but fails. It comes as a request from a friend to 'view these videos of you…'

If you haven't done any of that, then try hard resetting your router to factory settings and then reconfigure it. This time, change the default password for the setup. Most default to admin and password or something trivial like that.
Reply
User profile for user: Cbeat
Cbeat
User level: Level 1
0 points

Nov 28, 2010 6:34 PM in response to sdej91

I was having the same problem, and changing to the Google DNS seems to have solved the issue. My question is that my girlfriend who also has a macbook still has the previous DNS address on her computer with no problems whatsoever. WIth us previously both having the same DNS, what could cause my computer to redirect, with her's being fine? Keeping in mind that me changing to the Google DNS has solved the problem.
Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,989 points

Dec 1, 2010 5:31 AM in response to joblard

You seem to be infected with the RSPlug malware, aka DNSChanger.


The question has already been answered, and although that was one of the possibilities, the original poster's responses do not indicate that this was the case. A simple change of DNS servers solved the problem, and if RSPlug were responsible, that change would not have lasted long.

This threat seems to have variants not recognized by the Mac OS X built-in XProtect anti-malware.


So you have said before. I still have not been able to find a credible report stating this, and you did not respond to my request for one the last time this came up. If you have a source for this information, please provide it.
Reply
User profile for user: etresoft
etresoft
User level: Level 8
46,290 points

Dec 1, 2010 5:39 AM in response to sdej91

sdej91 wrote:
the whole reason why i bought my mac OSx 10.6.4 was because it would run great and i would not have to worry about virus because apparently macs dont get virus'


Macs do not "get" viruses. However, there is nothing the operating system can do if you enter your admin password and install one.

Remember, every time you enter your admin password, you give that program full and complete control over your entire machine and all of your data. Be stingy with your password.
Reply
User profile for user: joblard
joblard
User level: Level 1
0 points

Dec 1, 2010 6:14 AM in response to thomas_r.

Thomas A Reed wrote:
You seem to be infected with the RSPlug malware, aka DNSChanger.


So you have said before. I still have not been able to find a credible report stating this, and you did not respond to my request for one the last time this came up. If you have a source for this information, please provide it.


I have tested my os x 10.6.5 with samples I downloaded from a well known virus collection site. I can't give you the URL here.

This threat is also known as Trojan-Downloader.OSX.Jahlav. That may help you to get on the site.

I have downloaded zip files and extracted them, there's no detection by mac os x. No detection though when I have launched the malware.

The 4 AV software I installed have detected the trojan in the zip files.

In the zip files there's no more installer package asking for admin password (whence the term variant)
Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,989 points

Dec 1, 2010 9:07 AM in response to joblard

I have tested my os x 10.6.5 with samples I downloaded from a well known virus collection site. I can't give you the URL here.


It would be enormously helpful for my malware guide if I knew where such a site was. I've searched several times in vain. It certainly would not be a good idea to post it here, and that would undoubtedly result in getting the post removed. However, the industrious can find my contact info from my [Mac Virus guide|http://www.reedcorner.net/thomas/guides/macvirus>... I beg you to be industrious, and e-mail me about that!

This threat is also known as Trojan-Downloader.OSX.Jahlav.


Jahlav is just another name for RSPlug... AV companies always seem to claim first discovery and give the same malware their own name.

I have downloaded zip files and extracted them, there's no detection by mac os x. No detection though when I have launched the malware.


Hmm, that's definitely concerning. I'd be very, very interested to learn more about that specific variant!
Reply
User profile for user: Said
Said
User level: Level 1
0 points

Dec 6, 2010 11:48 PM in response to thomas_r.

from Mac Virus guide... I beg you to be industrious, and e-mail me about that!

Thomas A Reed wrote:
The first method is called DNS poisoning, and it involves compromising an existing domain name server. Your internet service provider's DNS servers may have been hacked. This is the easiest problem to fix, as you can simply change your DNS servers in the Network section of System Preferences. You can use the Google DNS servers or the OpenDNS DNS servers.


Thanks Thomas. After a few hours chasing my tail with searches whose links redirect... I found this posting and read your Guide. Immediately signed up for the free OpenDNS, changed my settings and... Presto: no more redirects. In another thread, someone tossed up the same DNS numbers but with no explanation. The last thing I was going to do is plug in any numbers just because someone tells me to do so, especially with all the phishing associated with these redirects. So your posts and Guide conferred an important credibility to your suggestions.

Again, thank you.

-Said
Reply

redirecting virus

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up