Malware reappearing in apple.safari.com cache.db
I recently got caught in a "onbeforeunload" trap that ended up with multiple windows loading. I tried to force quite Safari but when it was all over I had a fake Google page producing fake "blackhat" results.
I was quite suprized because I am new to MAC having just purchased a MacBook Pro. Everyone told me how secure they were and there was no wild malware that could infect it. With some research I was able to find a cookie 66.223.50.126 in the Safari Cache.
Using SQLite I discovered the cookie in cache.db is http://66.223.50.126/ph_md5.txt
The contents are;
39da1df7fb9fd5c9347b85eec4c730cb ./unstable/aph/ph_sign.slf
da813c755e0fa52e86b8844894179c71 ./unstable/aph/ph_white.txt
38092109754b7942c6a688b46ef77f13 ./unstable/aph/ph_trackers.slf
98b3894929fc051c963030db66babc4f ./unstable/aph/ph_trackers_assoc.txt
Later I was able to find the cookie in cache.db is http://66.223.50.126/ph_self.slf and there is the code for the goole page forgery.
Not sure what the next step are or how badly this machine is compromised. It seemd like everything is set up to attack a windows machine but whatever I do the 66.223.50.126 cookie comes back.
Please let me know what steps I can take to fix the problem or if necessary completely rebuid and prevent this from happening again.
Let me know if you want the code or any other files to see what I am talking about.
Thanks
MacBook Pro, Mac OS X (10.7.2)