Random linkbucks redirect issie...please help!

Question

Level 1

1 points

Random linkbucks redirect issie...please help!

Hello,

I've got this strange redirect issie in all my web browsers, and think I may have a trojan or a virus. It's driving me mad, please somone help! I'm running OSX 10.6.8 with Firebox and Chrome.

When I click a link on random sites it redirects me to an irellevant URL + advertising: linkbucks.com... [followed by the adress of the intenended site]

This occures when leaving the page you are on (e.g. changing page on the site you are viewing). It happens on any site and appears to be compeltly random.

Is this a virus/trojan? If so, how can I get rid of it?

Thank you very much.

Ben

MacBook, Mac OS X (10.6.8), Latest Firefox and Chrome

Posted on Mar 14, 2013 2:51 AM

Reply

Answer 1

Best reply

thomas_r.

Level 7

31,989 points

Mar 14, 2013 4:08 AM in response to BertieTBE

This is not malware of any kind. As to what it is, see:

Eliminating browser redirects and advertisements

Reply

Answer 2

BertieTBE Author

Level 1

1 points

Mar 14, 2013 5:06 AM in response to thomas_r.

Thank you very much for replying.

I tried changing the DNS settings to Google Public DNS, which didn't work.

Based on the suggested tests in that article, the problem is with my Mac computer.

It happens any many different sites, on any network. My other computer doesn't have the same problem.

Could it be QHost? I did update what I thought was Flashplayer a few days ago.

Any other suggestions would be greatly aprecated. I'm not an exspert, so as simple as possible would be great.

Thank you again.

Reply

Answer 3

thomas_r.

Level 7

31,989 points

Mar 14, 2013 6:39 AM in response to BertieTBE

QHost is extremely unlikely.

Did you go through that page systematically, checking the three things that it asks you to test and then trying all the suggested fixes? What were your answers to those three questions?

Reply

Answer 4

BertieTBE Author

Level 1

1 points

Mar 14, 2013 7:34 PM in response to thomas_r.

Swithing to OpenDNS has stopped the redirect, but by browser has now stopped displaying all menus on legitimate websites (the ones I would normally click on when I get redirected to linkbucks). This means you can only see the homepage, you can't change page.

I've noticed that the problem occurs only on blogspot.com addresses. Any idea why that might be and how I can fix it?

Should I keep using OpenDNS?

How would someone get into my computer to change my settings?

Many thanks again for you help. Really appreciate it!

Reply

Answer 5

thomas_r.

Level 7

31,989 points

Mar 14, 2013 7:57 PM in response to BertieTBE

What you're describing is not something that would be caused by OpenDNS. At this point, I would recommend that you make an appointment at the Genius Bar at your nearest Apple Store and take the machine for them to look at.

Reply

Answer 6

BertieTBE Author

Level 1

1 points

Mar 14, 2013 8:09 PM in response to thomas_r.

Could be tricky...the nearest proper Apple Store is 900 miles away!

Is it likely that I've got a security problem? Should I change passwords etc? Is it worth checking for maliciouse software or do you think I can rule that out?

Just to clarify, Open DNS has stopped the redirect, but I can no longer click on menu items at blogspot addresses. I just get some squares where the menus were before I switched to OpenDNS. Here’s an example.

Bizzarly, switching back to my original DNS settings does not rectify the problem! How is that possible?

Reply

Answer 7

BertieTBE Author

Level 1

1 points

Mar 15, 2013 2:07 AM in response to thomas_r.

Something / someone is definitely trying to redirect me. Now getting this message while trying to accesses a legitimate site.

Any ideas?

This is is such a pain in the ***, it is making it impossible to work...don't know what's causing it!

Thank you so much for your help. You have been so helpful...rest assured that I'm really grateful.

Reply

Answer 8

thomas_r.

Level 7

31,989 points

Mar 15, 2013 4:22 AM in response to BertieTBE

The problem with trying to troubleshoot this in a forum is that it doesn't seem that you have followed through on all the instructions on the link I gave you. Have you yet tried this section?

Browser plug-in issues

That's the most likely to be causing the problem.

Reply

Answer 9

BertieTBE Author

Level 1

1 points

Mar 15, 2013 7:48 PM in response to thomas_r.

I followed all the steps from beginning to end. Based on the article, DNS poisoning is the only possible explanation. But how could they have accessed my computer?

Noticed that my firewall was off (it's now on). I've also tightened up security all round.

My answers were:

1. Y

2. N

3. ?

Browser plug in issues

The first folder was empty. Tried dragging out a few from the second to desktop, still got the redirect. My browser plugins look legit and are things that have been there a while. The only slight doubt was Java and Flashplayer. I think these have been recently updated. Could that be something to do with it?

Host file issues

Follwed all the advice here. Terminal returned what the article says it should.

The redirect has now stopped using OpenDNS. But I can't view some sites correctly, as in the above example.

Thank you again.

Reply

Answer 10

thomas_r.

Level 7

31,989 points

Mar 16, 2013 4:07 AM in response to BertieTBE

Well, the fact that the problem stopped after you changed DNS settings suggests that was the source of the problem. Of course, it's also entirely possible that the problem is still not entirely fixed, and is being caused by an issue with the wireless router.

As to why some sites are not loading correctly, that's not a problem that would be caused by changing DNS settings. What else have you done? You mention turning on your firewall. (Note that that won't really help with this sort of issue, and is generally not necessary. See Do I need a firewall?) Did you do anything else, like installing some kind of security software?

If you have a separate wireless router and cable/DSL modem, try disconnecting the router and plugging your computer directly into the modem with the Ethernet cable that is currently connected to the router. Do web sites behave differently then?

Reply

Answer 11

May 13, 2013 2:18 PM in response to BertieTBE

Did you ever solve this or did you just decide to kill yourself which is my next course of action in dealing with this virus!

Reply

Answer 12

BertieTBE Author

Level 1

1 points

May 13, 2013 11:56 PM in response to Aaaarrrrgggghhhh

Aaaarrrrgggghhhh wrote:

Did you ever solve this or did you just decide to kill yourself which is my next course of action in dealing with this virus!

Yes, I did. Changing the DNS settings to open DNS in Sytem Preferences worked. I no longer get any redirecrs..and as an aded bonus, I think my conection is slightly faster. Give it a go, it's reversable (providing you take a note of your original settings BEFORE you change them). The browser problems I had afterards have now gone, I think following an upgrade to my browser. That was a sepatae problem.

1. Go into Sytem Preferences / Network and add a new location (for some reason this helps, not sure why!).😕

2. Take a note or screenshot of you current DNS settings under Airport, or whatever type of connection you are useing (Sytem Preferences / Advanced).

3. Change your current DNS settings to use Open DNS settings (on their website).

Reply

Answer 13

May 14, 2013 8:25 AM in response to BertieTBE

Ok, thanks for the reply. I had already tried that and it hasn't worked for me (on Chrome).

Thanks anyway.

Reply

Answer 14

Apr 29, 2014 1:14 PM in response to BertieTBE

THIS IS A BROWSER REDIRECTION INFECTION

No known Malware Protection/detection will help!

How it works: You pick it up on a web site and it then infects your browser.

It rapidly spreads to your wifi hub and the many other items of your network infrastructure

Finding for the hidden/embedded infection files is near impossible

REMOVAL

Close Down WiFi

Remove any RG45/CAT5 Connection

Delete Completely - all traces of: Firefox, Opera and Chrome

Reset Safari using Shift + Alt + Reset

Re-Install Firefox, Opera and Chrome

POWER DOWN every item on your network

Reboot Your Network

Reconnect WiFi and test

IFF it is normal :-)

IFF NOT: Reset & Reinstall your browser + remove and power down every item on your network

Rebuild and reboot form your first hub/router and then test. You Should be clear !!

THEN connect one item at a time testing each one for infection

I DO NOT KNOW if it infects printers + scanners et al+++ but mine are OK

Reply

Answer 15

thomas_r.

Level 7

31,989 points

Apr 29, 2014 1:25 PM in response to StarMan46

First, note that this topic is almost a year old, and a lot has changed in that time with regard to advertisements and redirects.

Second:

How it works: You pick it up on a web site and it then infects your browser.

Nope. There's no known malware capable of infecting your browser simply by visiting a web site... not on a Mac, anyway. There is adware that can cause ads in your browser, if you download and install something you shouldn't. That requires manually opening some download, though.

Third:

It rapidly spreads to your wifi hub and the many other items of your network infrastructure

Nope. There's no known Mac malware capable of infecting other devices on your network. Even other Macs cannot be automatically infected by any current Mac malware. Wireless routers can be hacked remotely, of course, and a number of models are extremely vulnerable to such attacks.

As for your "removal instructions," those don't make a whole lot of sense. Most Mac adware will sit there laughing at your attempts to remove it that way, and be ready to start pestering you again as soon as you open up a browser again.

Reply