Cannot visit certain websites.

You installed the DNSChanger trojan or something like it, perhaps long ago, which redirected your DNS queries to a rogue server in Ukraine.

ISC Diary | DNS changer Trojan for Mac

If it's the original trojan, then apparently all you have to do is delete the bogus DNS server entries from your settings. Your DHCP server (most likely your router) will supply you with new ones. You may have to renew your DHCP lease to make that happen.

However, since we don't really know how those settings got changed, in my opinion the only sensible course is to wipe your boot volume completely. Back up all data first. After reinstalling the Mac OS, you'll be prompted to set up from a backup or a an existing boot volume. Choose to restore only your user data and settings -- nothing else. Reinstall all your third-party software from known-good copies.

Then you need to learn how to use the Internet safely.

Mac OS X versions 10.6.7 and later have built-in detection of known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.

The most effective defense against malware is your own intelligence. All known Mac malware takes the form of trojans that can only operate if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know a source is untrustworthy?

• Any website that prompts you to install software, such as a “codec” or “plug-in,” that comes from that same site, or an unknown site, is untrustworthy.
• A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim.
• “Cracked” versions of commercial software downloaded from a bittorrent are likely to be infected.
• Software with a corporate brand, such as Adobe Flash, must be downloaded directly from the developer’s website. No intermediary is acceptable.

Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.

Never install any commercial "anti-virus" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use ClamXav -- nothing else.

On second thought, I don't think that merely resetting the DNS addresses is adequate at all, although you do need to do it. You should definitely do a clean reinstallation of the Mac OS and all your software.

The appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.

If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.

You can read more about how, for example, the OSX/DNSChanger Trojan works (by falsely suggesting extra codecs are required for Quicktime) here:

http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml

SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:

http://macscan.securemac.com/

First update the MacScan malware definitions before scanning. You can also contact their support team for any additional support - macsec@securemac.com

The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.

(Note that a 30 day trial version of MacScan can be downloaded free of charge from:

http://macscan.securemac.com/buy/

and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)

You can do this:

Flushing the DNS cache (Leopard) using the terminal command:

dscacheutil -flushcache

I think we need to draft up new guidance on this one.

Reportedly, the perpetrators of this malware are in jail and all their servers confiscated, but converted temporarily to provide legitamate DNS. C|NET posted this article about it. Those servers are scheduled to be taken down on 1 March, which means that anybody still infected will no longer receive DNS using the roque IP's. I'm not sure exactly why this user is having a problem today. Perhaps they shut things down early, but I expect a flood of issues a week from Thursday.

The FBI has instructions here, but they are Windows oriented. Page 5 contains a list of the Roque IP's involved, which includes the OP's.

The easiest way I have found to check settings is at http://www.dns-ok.us/ or http://www.dns-ok.de/ for German.

Thanks Klaus !!! I had been following this thread, because I had the same problem as VRaynelle with some pages loading and other never did, I noticed that my DNS adressed were starting with 85.255.etc... as was the case with VRaynelle and then I saw the article from http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml and I followed the instructions to decontaninate as described by opening Preference---Network--etc...

I set up the dns manually as described in the article using the correct router address and setting it on the advanced DNS screen..... prloblem solved !!!! no more hang ups on Internet pages, now everything opens up I got rid of the 85.255.DNS crap, now everything just works, Thanks for your input and other you provided the solution, I had a similar question on this Forum posted when I upgraded to Lion 10.7.3 but as you can see it turns out you were right, it had nothing to do with Lion's update

Thanks,

I will be more careful next time as to what pages I open

AppleLou

VRaynelle:

You may have the answer for your question by Klaus toward the end of this thread, at least it worked for me.

I had the same problem.

thanks,

AppleLou

Dear Mr/Miss/Mrs most awful person that ever set foot on any planet:

Norton Antivirus (made by Symantec) has a very long and illustrious reputation for mangling Mac OS X systems, sometimes to the point where a complete reinstall is necessary. Among other things, it installs kernel extensions which are known to cause kernel panics and system freezes; it contains known and documented bugs which can silently corrupt Adobe Photoshop and Adobe InDesign files, destroy a user's ability to authenticate as an administrator, and (on PPC systems) can cause Classic to stop functioning; and Symantec has on at least two occasions now released flawed .dat file updates which erroneously report certain critical Mac OS X files as "viruses." (Deleting these "viruses" causes damage to the system that in some cases renders it unbootable.)

Norton Removal Tool (Symantec Uninstaller):

http://www.symantec.com/business/support/index?page=content&id=TECH103489&locale =en_US

And now this, from 11 January 2012:

Lawsuit Claims Symantec "Scareware" Warns Of Fake Threats To Sell Upgrades

http://www.forbes.com/sites/andygreenberg/2012/01/11/lawsuit-claims-symantecscar eware-warns-of-fake-threats-to-sell-upgrades/