Previous 1 2 Next 19 Replies Latest reply: Feb 11, 2013 12:44 AM by softwater Branched to a new discussion.
ponglenis Level 1 (0 points)

My Macbook Air has some crazy crap going on.  When I use safari about half the time it gets hijacked.  It will go to some crazy website.  I have reloaded Lion all over to no avail.  I have also went into DNS and added the numbers that openDNS suggests.  It did not help either.  I dont know what else to do.  What the **** could be doing this?  





  • Linc Davis Level 10 (184,990 points)



    Safari Preferences Extensions


    from the Safari menu bar. If any extensions are installed, disable them and test.

  • ponglenis Level 1 (0 points)

    This did not help.  I have tried everything I can think of.  It is not doing it on my imac, only the Macbook Air.  I have even went so far as to reload Lion on it.  It is still doing it and maybe even worse.  I dont care if I loose all my info on this Laptop I just want it clean.  What are my options???


    PLease help.

  • Linc Davis Level 10 (184,990 points)

    Please read this whole message before doing anything.
    This procedure is a diagnostic test. It won’t solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
    Third-party system modifications are a common cause of usability problems. By a “system modification,” I mean software that affects the operation of other software — potentially for the worse. The following procedure will help identify which such modifications you've installed. Don’t be alarmed by the complexity of these instructions — they’re easy to carry out and won’t change anything on your Mac.


    These steps are to be taken while booted in “normal” mode, not in safe mode. If you’re now running in safe mode, reboot as usual before continuing.


    Below are instructions to enter some UNIX shell commands. The commands are harmless, but they must be entered exactly as given in order to work. If you have doubts about the safety of the procedure suggested here, search this site for other discussions in which it’s been followed without any report of ill effects.


    Some of the commands will line-wrap or scroll in your browser, but each one is really just a single line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, and you can then either copy or drag it. The headings “Step 1” and so on are not part of the commands.


    Note: If you have more than one user account, Step 2 must be taken as an administrator. Ordinarily that would be the user created automatically when you booted the system for the first time. The other steps should be taken as the user who has the problem, if different. Most personal Macs have only one user, and in that case this paragraph doesn’t apply.


    Launch the Terminal application in any of the following ways:


    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)


    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.


    ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.


    When you launch Terminal, a text window will open with a line already in it, ending either in a dollar sign (“$”) or a percent sign (“%”). If you get the percent sign, enter “sh” and press return. You should then get a new line ending in a dollar sign.


    Step 1


    Triple-click the line of text below to select it:
    kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
    Copy (command-C) the selected text to the Clipboard. Then click anywhere in the Terminal window and paste (command-V). Post the lines of output (if any) that appear below what you just entered. You can do that by copy-and-paste as well. Omit the final line ending in “$”. No typing is involved in this step.
    Step 2


    Repeat with this line:
    sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'
    This time you'll be prompted for your login password, which you do have to type. It won't be displayed when you type it. Type it carefully and then press return. You may get a one-time warning not to screw up. You don't need to post the warning. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.


    Note: If you don’t have a login password, you’ll need to set one before taking this step. If that’s not possible, skip to the next step.


    Step 3
    launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'
    Step 4
    ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null
    Important: If you formerly synchronized with a MobileMe account, your email address may appear in the output of the above command. If so, anonymize it before posting.


    Step 5
    osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null
    Remember, steps 1-5 are all copy-and-paste — no typing, except your password. Also remember to post the output.


    You can then quit Terminal.

  • ponglenis Level 1 (0 points)






    Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null








    Adobe AIR.framework














    /Library/Input Methods:


    /Library/Internet Plug-Ins:

    Flash Player.plugin

    Flip4Mac WMV Plugin.plugin


    Quartz Composer.webplugin

    QuickTime Plugin.plugin






    /Library/Keyboard Layouts:









    Flash Player.prefPane

    Flip4Mac WMV.prefPane












    Flip4Mac WMV Advanced.component

    Flip4Mac WMV Export.component

    Flip4Mac WMV Import.component







    Microsoft Office.mdimporter





    HP Trap Monitor








    Library/Address Book Plug-Ins:




    Library/Input Methods:



    Library/Internet Plug-Ins:

    Google Earth Web Plug-in.plugin


    Library/Keyboard Layouts:


    Library/LaunchAgents: 0.plist







    stevens-MacBook-Air:~ steveinjoel$


    iTunesHelper, uTorrent

  • ponglenis Level 1 (0 points)

    FYI, now there is this box about 3 inches by 2 inches that will rise up from the bottom of the webpage every so ofter with a link to click on.  Like say I look up NBA scores, it will rise up and suggest a link for somewhere to buy jersey or something.....Crazy.  No other computer or mac in this house is doing this.....

  • Linc Davis Level 10 (184,990 points)

    You seem to have at least a partial installation of "Avast." Although I doubt that it's causing this problem, you should still remove it according to the developer's instructions, after backing up all data. You may have to reinstall it in order to get rid of it. Test after removing Avast and rebooting.

  • ponglenis Level 1 (0 points)

    I will try that.  Like I said though, I am not opposed to wiping the whole hard drive clean and starting over.  There is nothing on this POS that I would miss......

  • ponglenis Level 1 (0 points)

    removed avast through the uninstall process.  I am still getting the hijacks and the bottom "pop ups"  Do you have anymore thoughts?  I cant believe I am having this kind of trouble

  • Linc Davis Level 10 (184,990 points)

    Read this whole message before doing anything.


    Back up all data.


    Quit Safari if it’s running. Then select


    Force Quit…


    from the menu bar. A small window will open with a list of running applications. Safari may appear in that list, even though you quit it. If so, select it and press return. Close the window.


    Step 1


    In the Finder, press the key combination shift-command-A to open the Applications folder. Select the Safari icon in that folder and press the key combination command-I to open the Info window. There’s a checkbox in the Info window labeled Open in 32-bit mode. Uncheck it, if checked. Close the Info window and the Applications folder.


    If Adobe Flash Player is installed, select


     ▹ System Preferences ▹ Flash Player Advanced


    and click Delete All. Close the preference pane.


    Hold down the option key and select


    Go Library


    from the Finder menu bar. Delete the following items from the Library folder (some may not exist):


    • Caches/
    • Caches/
    • Caches/Metadata/Safari
    • Preferences/
    • Preferences/
    • Saved Application State/


    Leave the Library folder open. Try Safari again. If it works now, stop here. Close the Library folder. If you still have problems, continue.


    Step 2


    Triple-click anywhere in the line below to select it:


    rm -fr $TMPDIR../C/


    Copy the selected text to the Clipboard (command-C).


    Quit Safari again. Launch the Terminal application in any of the following ways:


    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)


    ☞ In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.


    ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.


    Paste into the Terminal window (command-V). Wait for a new line ending in a dollar sign (“$”) to appear, then quit Terminal. Launch Safari and test.


    Step 3


    If Safari still doesn’t work right, quit, go back to the Finder and move the following items from the open Library folder to the Desktop (some may not exist):


    • Cookies/Cookies.binarycookies
    • Internet Plug-Ins
    • Preferences/
    • Preferences/
    • Preferences/
    • Preferences/
    • PubSub/Database
    • Safari


    (Note: you are not moving the Safari application. You’re moving a folder named “Safari.”)


    Try again. This time Safari should perform normally, but your settings and bookmarks will be lost. The default set of bookmarks will be restored. Delete them all.


    If the issue is still not resolved, quit Safari again and put all the items you moved to the Desktop back where they were, overwriting the newer ones that may have been created in their place. You don’t need to replace the files you deleted in step 1. Stop here and post again.


    If Safari is now working normally (apart from the lost settings), look inside the “Safari” folder on the Desktop for a file named “Bookmarks.plist”. Select


    File Import Bookmarks


    from the Safari menu bar. Import from that file. Recreate the rest of your Safari settings. You can then delete the items you moved to the Desktop.


    Note: This step will remove your Safari Extensions, if any, and their settings. If you choose to restore them, do so one at a time, testing after each step to make sure you haven’t restored the problem.


    If you don’t like the results of step 3, you can undo it completely by quitting Safari and restoring the items you moved or deleted in that step from your backup, overwriting any that were created in their place.

  • ponglenis Level 1 (0 points)

    Nope.  Still same.  By the way thank you for all your help.  Is there anything else I can try?

  • Linc Davis Level 10 (184,990 points)

    What are the websites you're being redirected to, and from where?

  • ponglenis Level 1 (0 points)

    There are so many. that is from

    plus on almost every site I go to there is like a box that pops up on the bottom half of the page suggesting another webpage i.e. if I go to it will pop up and recomend a site called


    I think I am at the point of needing to wipe it clean and basically start over.  I have already tried to reload Lion.  That didnt work.  How do I go about erasing everything and reloading it back up?

  • Linc Davis Level 10 (184,990 points)

    If you erase and restore everything the way it is now, you'll have the same problem. However, if you want to erase the boot volume, you can do that by booting into Recovery (command-R at startup) and launching Disk Utility. After erasing the volume, reinstall OS X. You may need your AppleID and password to do that.

  • softwater Level 5 (5,370 points)

    It may be that something has hijacked your hosts file and is redirecting your browser. To check, paste this in Terminal:


    cat /etc/hosts | open -f


    then press 'return' on your keyboard.


    Select and copy the entire contents of the TextEdit window that opens and paste that into a reply here.

Previous 1 2 Next