ed.b36
Level 1 (0 points)

Q: Linkbucks, trouble, redirect virus; how to get rid?

I've tried following a few other tips from

http://www.thesafemac.com/eliminating-browser-redirects-and-advertisements/#plug in

and also from

https://discussions.apple.com/thread/3802265?start=15&tstart=0

The problem started in Google Chrome, which I deleated but the problem was also on Safari. All my pluggins look fine, I followed some steps from the website at the top. Although I can follow instructions I don't have a clue what I'm actually doing.

I have also put this code into Apple Script and I got

 

--script begins

property theItems : {"defaults read ~/.MacOSX/environment", "ls -al /Applications/Safari.app/Contents/Resources/*COAA*", "java -version 2>&1"}

on run

          set myClip to ""

          repeat with i in theItems

                    try

  do shell script i

                              set myClip to myClip & result & return & return

                    on error errText

                              set myClip to myClip & i & " -- " & errText & return & return

                              set myClip to result

                    end try

          end repeat

  set the clipboard to myClip

end run

--script ends

 

 

defaults read ~/.MacOSX/environment -- 2013-03-23 23:19:45.377 defaults[64997:60f]

Domain /Users/edward/.MacOSX/environment does not exist

 

ls -al /Applications/Safari.app/Contents/Resources/*COAA* -- ls: /Applications/Safari.app/Contents/Resources/*COAA*: No such file or directory

 

java version "1.6.0_37"

Java(TM) SE Runtime Environment (build 1.6.0_37-b06-434-10M3909)

Java HotSpot(TM) 64-Bit Server VM (build 20.12-b01-434, mixed mode)

 

which i've understood is alright from the other converstation.

LinkBucks is coming up from clicking links but it doesn't happen on facebook. I've been running a virus check but that doesn't seem to have found anything.

 

Any help would be appricated, Should I just see what the apple store can do? My Mac is now longer under any warrenty.

 

Thanks

MacBook, Mac OS X (10.6.8), Safari, Google Chrome

Posted on Mar 23, 2013 4:30 PM

by MadMacs0,Solvedanswer
MadMacs0 MadMacs0
Level 5 (4,801 points)
A:

ed.b36 wrote:

 

defaults read ~/.MacOSX/environment -- 2013-03-23 23:19:45.377 defaults[64997:60f]

Domain /Users/edward/.MacOSX/environment does not exist

 

ls -al /Applications/Safari.app/Contents/Resources/*COAA* -- ls: /Applications/Safari.app/Contents/Resources/*COAA*: No such file or directory

These are checks for a limited number of variants of the Flashback Trojan which has been extinct for close to a year now. As far as I know it was never assocated with LinkBucks, whatever that is.

java version "1.6.0_37"

Java(TM) SE Runtime Environment (build 1.6.0_37-b06-434-10M3909)

Java HotSpot(TM) 64-Bit Server VM (build 20.12-b01-434, mixed mode)

Your Java is both way out-of-date and dangerous. The latest is java version 1.6.0_41. You should always keep your OS fully up-to-date with security and java updates, so run Software Update now until it says there is nothing more to install and make certain it is checking for updates periodically in the future. The latest Security Update 2013-001 includes an option to automatically install important security updates and I would take advantage of this if I were you.

 

That being said, the XProtect system should have prevented you from using Java in your browser by now, but it's doubtful this would be causing your problems either. When you run the above mentioned Security Update, it will automatically check for and remove any common malware that remains on your computer. It will tell you if it removed anything, but not that it didn't find anything.

 

After you have taken care of that then maybe we can address your re-direct issues.

Posted on Mar 23, 2013 5:35 PM

Close
ed.b36

Q: Linkbucks, trouble, redirect virus; how to get rid?

  • All replies
  • Helpful answers

  • by ed.b36,

    ed.b36 ed.b36 Mar 23, 2013 5:33 PM in response to ed.b36
    Level 1 (0 points)
    Mar 23, 2013 5:33 PM in response to ed.b36

    Also tried changing my DNS to 8.8.8.8 and 8.8.4.4 and then reseting Safari but there still the problem. I'm unable to check if the problem is just with my mac at the moment.

    I am endangering my work network if I take it into work to check?

  • by MadMacs0,Solvedanswer

    MadMacs0 MadMacs0 Mar 23, 2013 5:35 PM in response to ed.b36
    Level 5 (4,801 points)
    Mar 23, 2013 5:35 PM in response to ed.b36

    ed.b36 wrote:

     

    defaults read ~/.MacOSX/environment -- 2013-03-23 23:19:45.377 defaults[64997:60f]

    Domain /Users/edward/.MacOSX/environment does not exist

     

    ls -al /Applications/Safari.app/Contents/Resources/*COAA* -- ls: /Applications/Safari.app/Contents/Resources/*COAA*: No such file or directory

    These are checks for a limited number of variants of the Flashback Trojan which has been extinct for close to a year now. As far as I know it was never assocated with LinkBucks, whatever that is.

    java version "1.6.0_37"

    Java(TM) SE Runtime Environment (build 1.6.0_37-b06-434-10M3909)

    Java HotSpot(TM) 64-Bit Server VM (build 20.12-b01-434, mixed mode)

    Your Java is both way out-of-date and dangerous. The latest is java version 1.6.0_41. You should always keep your OS fully up-to-date with security and java updates, so run Software Update now until it says there is nothing more to install and make certain it is checking for updates periodically in the future. The latest Security Update 2013-001 includes an option to automatically install important security updates and I would take advantage of this if I were you.

     

    That being said, the XProtect system should have prevented you from using Java in your browser by now, but it's doubtful this would be causing your problems either. When you run the above mentioned Security Update, it will automatically check for and remove any common malware that remains on your computer. It will tell you if it removed anything, but not that it didn't find anything.

     

    After you have taken care of that then maybe we can address your re-direct issues.

  • by ed.b36,

    ed.b36 ed.b36 Mar 23, 2013 5:56 PM in response to MadMacs0
    Level 1 (0 points)
    Mar 23, 2013 5:56 PM in response to MadMacs0

    Thanks for your help I'l try and sort out the points you rised and get back to you with results, Thanks again

  • by ed.b36,

    ed.b36 ed.b36 Mar 23, 2013 6:23 PM in response to MadMacs0
    Level 1 (0 points)
    Mar 23, 2013 6:23 PM in response to MadMacs0

    cheers this seems to have cleared it up, thanks for your help you've been ace. Aploigise for not reading your advice proply in the other disscussion. I greatly apricate the time you've given to help us out

  • by MadMacs0,

    MadMacs0 MadMacs0 Mar 23, 2013 10:54 PM in response to ed.b36
    Level 5 (4,801 points)
    Mar 23, 2013 10:54 PM in response to ed.b36

    Glad everything seems to be back to normal again.

     

    Out of curiosity, did any of the updates indicate the removal of malware of any kind?

  • by ed.b36,

    ed.b36 ed.b36 Mar 24, 2013 6:28 AM in response to MadMacs0
    Level 1 (0 points)
    Mar 24, 2013 6:28 AM in response to MadMacs0

    No, the updates didn't find anything. After I posted my last comment I re-installed chrome and the problem is in there but seems fine in Safari, do I need to follow http://www.thesafemac.com/eliminating-browser-redirects-and-advertisements/#plug in again?

  • by MadMacs0,

    MadMacs0 MadMacs0 Mar 24, 2013 9:20 PM in response to ed.b36
    Level 5 (4,801 points)
    Mar 24, 2013 9:20 PM in response to ed.b36

    ed.b36 wrote:

     

    After I posted my last comment I re-installed chrome and the problem is in there but seems fine in Safari, do I need to follow http://www.thesafemac.com/eliminating-browser-redirects-and-advertisements/#plug in again?

    I would check back with Thomas, since he wrote the instructions and I have never used Chrome.

     

    I see a handful of references to this problem. The older ones are all Windows, but it looks like there has been a small outbreak recently on the OS X side of the house. Several referred to browser extensions that purport to improve things, but actually cause this problem. Looks like somebody has written Chrome extensions to skip or block linkbucks, but I don't know how reliable or effective they might be. It's more important to solve the root problem, so I would only use these as a last resort.

     

    I was surprised to read the other day an estimate that 25% of all web sites are compromised in some fashion. I suspect many are re-directs these days as that seems to be where the money is. But there is obviously more to this or there would be a lot more reports similar to yours.