Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: ed.b36
ed.b36 Author
User level: Level 1
0 points

Linkbucks, trouble, redirect virus; how to get rid?

I've tried following a few other tips from

http://www.thesafemac.com/eliminating-browser-redirects-and-advertisements/#plug in

and also from

https://discussions.apple.com/thread/3802265?start=15&tstart=0

The problem started in Google Chrome, which I deleated but the problem was also on Safari. All my pluggins look fine, I followed some steps from the website at the top. Although I can follow instructions I don't have a clue what I'm actually doing.

I have also put this code into Apple Script and I got


--script begins

property theItems : {"defaults read ~/.MacOSX/environment", "ls -al /Applications/Safari.app/Contents/Resources/*COAA*", "java -version 2>&1"}

on run

set myClip to ""

repeat with i in theItems

try

do shell script i

set myClip to myClip & result & return & return

on error errText

set myClip to myClip & i & " -- " & errText & return & return

set myClip to result

end try

end repeat

set the clipboard to myClip

end run

--script ends



defaults read ~/.MacOSX/environment -- 2013-03-23 23:19:45.377 defaults[64997:60f]

Domain /Users/edward/.MacOSX/environment does not exist


ls -al /Applications/Safari.app/Contents/Resources/*COAA* -- ls: /Applications/Safari.app/Contents/Resources/*COAA*: No such file or directory


java version "1.6.0_37"

Java(TM) SE Runtime Environment (build 1.6.0_37-b06-434-10M3909)

Java HotSpot(TM) 64-Bit Server VM (build 20.12-b01-434, mixed mode)


which i've understood is alright from the other converstation.

LinkBucks is coming up from clicking links but it doesn't happen on facebook. I've been running a virus check but that doesn't seem to have found anything.


Any help would be appricated, Should I just see what the apple store can do? My Mac is now longer under any warrenty.


Thanks

MacBook, Mac OS X (10.6.8), Safari, Google Chrome

Posted on Mar 23, 2013 4:30 PM

Reply
7 replies
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,221 points

Mar 23, 2013 5:35 PM in response to ed.b36

ed.b36 wrote:


defaults read ~/.MacOSX/environment -- 2013-03-23 23:19:45.377 defaults[64997:60f]

Domain /Users/edward/.MacOSX/environment does not exist


ls -al /Applications/Safari.app/Contents/Resources/*COAA* -- ls: /Applications/Safari.app/Contents/Resources/*COAA*: No such file or directory

These are checks for a limited number of variants of the Flashback Trojan which has been extinct for close to a year now. As far as I know it was never assocated with LinkBucks, whatever that is.

java version "1.6.0_37"

Java(TM) SE Runtime Environment (build 1.6.0_37-b06-434-10M3909)

Java HotSpot(TM) 64-Bit Server VM (build 20.12-b01-434, mixed mode)

Your Java is both way out-of-date and dangerous. The latest is java version 1.6.0_41. You should always keep your OS fully up-to-date with security and java updates, so run Software Update now until it says there is nothing more to install and make certain it is checking for updates periodically in the future. The latest Security Update 2013-001 includes an option to automatically install important security updates and I would take advantage of this if I were you.


That being said, the XProtect system should have prevented you from using Java in your browser by now, but it's doubtful this would be causing your problems either. When you run the above mentioned Security Update, it will automatically check for and remove any common malware that remains on your computer. It will tell you if it removed anything, but not that it didn't find anything.


After you have taken care of that then maybe we can address your re-direct issues.

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,221 points

Mar 24, 2013 9:20 PM in response to ed.b36

ed.b36 wrote:


After I posted my last comment I re-installed chrome and the problem is in there but seems fine in Safari, do I need to follow http://www.thesafemac.com/eliminating-browser-redirects-and-advertisements/#plug in again?

I would check back with Thomas, since he wrote the instructions and I have never used Chrome.


I see a handful of references to this problem. The older ones are all Windows, but it looks like there has been a small outbreak recently on the OS X side of the house. Several referred to browser extensions that purport to improve things, but actually cause this problem. Looks like somebody has written Chrome extensions to skip or block linkbucks, but I don't know how reliable or effective they might be. It's more important to solve the root problem, so I would only use these as a last resort.


I was surprised to read the other day an estimate that 25% of all web sites are compromised in some fashion. I suspect many are re-directs these days as that seems to be where the money is. But there is obviously more to this or there would be a lot more reports similar to yours.

Reply

Linkbucks, trouble, redirect virus; how to get rid?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up