Apple Event: May 7th at 7 am PT
My Macbook Air has some crazy crap going on. When I use safari about half the time it gets hijacked. It will go to some crazy website. I have reloaded Lion all over to no avail. I have also went into DNS and added the numbers that openDNS suggests. It did not help either. I dont know what else to do. What the **** could be doing this?
Thanks
Select
Safari ▹ Preferences ▹ Extensions
from the Safari menu bar. If any extensions are installed, disable them and test.
This did not help. I have tried everything I can think of. It is not doing it on my imac, only the Macbook Air. I have even went so far as to reload Lion on it. It is still doing it and maybe even worse. I dont care if I loose all my info on this Laptop I just want it clean. What are my options???
PLease help.
Please read this whole message before doing anything.
This procedure is a diagnostic test. It won’t solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
Triple-click the line of text below to select it:
kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
Repeat with this line:
sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'
launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'
ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null
osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null
You can then quit Terminal.
com.avast.crashreport
com.adobe.fpsaud
com.hp.help.tocgenerator
com.spotify.webhelper
Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null
/Library/Components:
/Library/Extensions:
/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
Adobe AIR.framework
AudioMixEngine.framework
HPSmartPrint.framework
NyxAudioAnalysis.framework
PluginManager.framework
Snapfish.framework
TSLicense.framework
iLifeFaceRecognition.framework
iLifeKit.framework
iLifePageLayout.framework
iLifeSQLAccess.framework
iLifeSlideshow.framework
iTunesLibrary.framework
/Library/Input Methods:
/Library/Internet Plug-Ins:
Flash Player.plugin
Flip4Mac WMV Plugin.plugin
JavaAppletPlugin.plugin
Quartz Composer.webplugin
QuickTime Plugin.plugin
Silverlight.plugin
flashplayer.xpt
iPhotoPhotocast.plugin
nsIQTScriptablePlugin.xpt
/Library/Keyboard Layouts:
/Library/LaunchAgents:
com.hp.help.tocgenerator.plist
/Library/LaunchDaemons:
com.adobe.fpsaud.plist
com.avast.crashreport.plist
/Library/PreferencePanes:
Flash Player.prefPane
Flip4Mac WMV.prefPane
/Library/PrivilegedHelperTools:
/Library/QuickLook:
GBQLGenerator.qlgenerator
iBooksAuthor.qlgenerator
iWork.qlgenerator
/Library/QuickTime:
AppleIntermediateCodec.component
AppleMPEG2Codec.component
Flip4Mac WMV Advanced.component
Flip4Mac WMV Export.component
Flip4Mac WMV Import.component
/Library/ScriptingAdditions:
/Library/Spotlight:
GBSpotlightImporter.mdimporter
LogicPro.mdimporter
Microsoft Office.mdimporter
iBooksAuthor.mdimporter
iWork.mdimporter
/Library/StartupItems:
HP Trap Monitor
/etc/mach_init.d:
/etc/mach_init_per_login_session.d:
/etc/mach_init_per_user.d:
Library/Address Book Plug-Ins:
Library/Fonts:
Library/Input Methods:
.localized
Library/Internet Plug-Ins:
Google Earth Web Plug-in.plugin
Library/Keyboard Layouts:
Library/LaunchAgents:
com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.-39A6-4574-9B3B-6D84B33CE93 0.plist
com.apple.CSConfigDotMacCert--SharedServices.Agent.plist
com.spotify.webhelper.plist
Library/PreferencePanes:
Library/Services:
ToastIt.service
stevens-MacBook-Air:~ steveinjoel$
iTunesHelper, uTorrent
FYI, now there is this box about 3 inches by 2 inches that will rise up from the bottom of the webpage every so ofter with a link to click on. Like say I look up NBA scores, it will rise up and suggest a link for somewhere to buy jersey or something.....Crazy. No other computer or mac in this house is doing this.....
You seem to have at least a partial installation of "Avast." Although I doubt that it's causing this problem, you should still remove it according to the developer's instructions, after backing up all data. You may have to reinstall it in order to get rid of it. Test after removing Avast and rebooting.
I will try that. Like I said though, I am not opposed to wiping the whole hard drive clean and starting over. There is nothing on this POS that I would miss......
removed avast through the uninstall process. I am still getting the hijacks and the bottom "pop ups" Do you have anymore thoughts? I cant believe I am having this kind of trouble
Read this whole message before doing anything.
Back up all data.
Quit Safari if it’s running. Then select
▹ Force Quit…
from the menu bar. A small window will open with a list of running applications. Safari may appear in that list, even though you quit it. If so, select it and press return. Close the window.
Step 1
In the Finder, press the key combination shift-command-A to open the Applications folder. Select the Safari icon in that folder and press the key combination command-I to open the Info window. There’s a checkbox in the Info window labeled Open in 32-bit mode. Uncheck it, if checked. Close the Info window and the Applications folder.
If Adobe Flash Player is installed, select
▹ System Preferences ▹ Flash Player ▹ Advanced
and click Delete All. Close the preference pane.
Hold down the option key and select
Go ▹ Library
from the Finder menu bar. Delete the following items from the Library folder (some may not exist):
Leave the Library folder open. Try Safari again. If it works now, stop here. Close the Library folder. If you still have problems, continue.
Step 2
Triple-click anywhere in the line below to select it:
rm -fr $TMPDIR../C/com.apple.Safari
Copy the selected text to the Clipboard (command-C).
Quit Safari again. Launch the Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Paste into the Terminal window (command-V). Wait for a new line ending in a dollar sign (“$”) to appear, then quit Terminal. Launch Safari and test.
Step 3
If Safari still doesn’t work right, quit, go back to the Finder and move the following items from the open Library folder to the Desktop (some may not exist):
(Note: you are not moving the Safari application. You’re moving a folder named “Safari.”)
Try again. This time Safari should perform normally, but your settings and bookmarks will be lost. The default set of bookmarks will be restored. Delete them all.
If the issue is still not resolved, quit Safari again and put all the items you moved to the Desktop back where they were, overwriting the newer ones that may have been created in their place. You don’t need to replace the files you deleted in step 1. Stop here and post again.
If Safari is now working normally (apart from the lost settings), look inside the “Safari” folder on the Desktop for a file named “Bookmarks.plist”. Select
File ▹ Import Bookmarks
from the Safari menu bar. Import from that file. Recreate the rest of your Safari settings. You can then delete the items you moved to the Desktop.
Note: This step will remove your Safari Extensions, if any, and their settings. If you choose to restore them, do so one at a time, testing after each step to make sure you haven’t restored the problem.
If you don’t like the results of step 3, you can undo it completely by quitting Safari and restoring the items you moved or deleted in that step from your backup, overwriting any that were created in their place.
Nope. Still same. By the way thank you for all your help. Is there anything else I can try?
What are the websites you're being redirected to, and from where?
There are so many. theclickcheck.com that is from espn.com
plus on almost every site I go to there is like a box that pops up on the bottom half of the page suggesting another webpage i.e. if I go to redmondpie.com it will pop up and recomend a site called wonderwhat.biz
I think I am at the point of needing to wipe it clean and basically start over. I have already tried to reload Lion. That didnt work. How do I go about erasing everything and reloading it back up?
If you erase and restore everything the way it is now, you'll have the same problem. However, if you want to erase the boot volume, you can do that by booting into Recovery (command-R at startup) and launching Disk Utility. After erasing the volume, reinstall OS X. You may need your AppleID and password to do that.
It may be that something has hijacked your hosts file and is redirecting your browser. To check, paste this in Terminal:
cat /etc/hosts | open -f
then press 'return' on your keyboard.
Select and copy the entire contents of the TextEdit window that opens and paste that into a reply here.
Linc Davis wrote:
If you erase and restore everything the way it is now, you'll have the same problem. However, if you want to erase the boot volume, you can do that by booting into Recovery (command-R at startup) and launching Disk Utility. After erasing the volume, reinstall OS X. You may need your AppleID and password to do that.
That is what I would do. I use this "erase and install" method whenever installing an OS, whether the same one after corruption or a new one (like Lion then Mountain Lion). The erasure of the drive scours out all glitches. I have refined the process of setting up a new account and password, copying all my docs and images etc. and resetting my Mail accounts. It takes time, but it works (in my experience, except for the widespread magic mouse cursor disappearing, which has persisted for me during Lion and M. Lion and for which there seems no solution, even from Apple).
safari hijacked...help please
