Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Another Safari hijack: "http://undeps.vizvaz.com" ?

Since yesterday I get redirected to this site: http://undeps.vizvaz.com

By searching it in Google I came across some blogs saying that this is a browser hijack, but it doesn't mention how to get rid of if on Safari.

What should I do?

MacBook Pro, Mac OS X (10.7.5)

Posted on Jul 26, 2013 2:46 PM

Reply
23 replies

Jul 26, 2013 2:56 PM in response to elena_ts

Try clearing the cache, history, and web data.


Press Command + Option + E to clear the Safari cache.


From the Safari menu bar click History > Clear History


Now go to Safari > Preferences > Privacy


Click: Remove All Website Data


Qiut Safari.



Use OpenDNS to avoid re directs in the future.


Open System Preferences > Network > Advanced > DNS


Click + and type:


208.67.222.222


Click + again and do the same.


208.67.220.220


Click Ok.



Launch Safari.

Jul 26, 2013 6:06 PM in response to elena_ts

First, I suggest you revert any changes you made to your DNS settings.


From the Safari menu bar, select

Safari Preferences Extensions

Turn all extensions OFF and test. If the problem is resolved, turn extensions back ON and then disable them one or a few at a time until you find the culprit.


If you wish, you may be able to salvage the malfunctioning extension by uninstalling and reinstalling it. Its settings will revert to their defaults. If the extension still causes a problem, remove it permanently or refer to its developer for support.

Jul 27, 2013 2:31 AM in response to Phlac

Linc, the extensions table is empty and in Library there is no such folder (so I guess I don't have any installed)


Phlac, I did what you said. I deleted everything but the problem persists (Databases folder was empty).

It only happens though on this website and on this specific URL (home page and everything else – eg. if I go there step step instead of the google results – it works ok). It might have happened with other websites as well, but I don't remember.

Jul 27, 2013 3:24 AM in response to elena_ts

a quick google of vizvaz.com has the first entry as vizvaz.com a dynamic dns service, followed by several pages of "how to remove vizvaz.com" type sites from domains I've never heard of, including several on wordpress blogs - I didn't click on any of them, because sometimes these sites that claim to have removal instructions are just as bad.


a google of "vizvaz.com site:mcafee.com" list 4 articles from mcafee.com, listing a backdoor and a downloader:

BackDoor-DKI.gen.am and Downloader-CMJ.gen.e!50C0B9ED1E55


Exit Safari and run your favorite anti-virus software. This definitely malware, while a *nix systems like OS X can't replicate a virus, they certainly can run malware, trojans, downloaders and backdoors.


If you are running Windows, it could be hiding in the registry or several other places besides Safari settings. I'm unclear as to your system setup, as you have a macbook pro listed, but also show both the Windows and Mac categories in your original post.


It may be as easy as resetting your homepage to google.com and your default search engine to Google on the General Tab in Safari Preferences, it's hard to tell from here.

Jul 27, 2013 3:43 AM in response to Phlac

i mistyped when I said "definitely malware", as I don't know what your setup is - while you could have accidentally installed some sort of trojan, downloader or backdoor and you are running 10.7.5 as shown, then you would have been prompted for your password to allow installation in most cases. If you're running Windows, I would also check the General tab as below and in my previous post, but also run your windows anti-virus software to clean anything out, as *.vizvaz.com appears to be notorious.


I would first check, as I said, in the General tab in Safari preferences and make sure your default search engine is what it should be, as well as your homepage.

Aug 3, 2013 9:04 AM in response to Linc Davis

Linc Davis wrote:


Please post instructions to reproduce the problem.

The problem came up when I typed "υποδοχέας της κινάσης τυροσίνης ret" in google.gr. It's the 5th result that persents the problem:

φαιοχρωμοκυττωμα - συνδρομα πολλαπλης ενδοκρινικης νεοπλασιας

www.clinical.bioiatriki.gr › Εφαρμογή και Ερμηνεία Αποτελεσμάτων


I hope it helps.

Aug 3, 2013 9:05 AM in response to elena_ts

Please read this whole message before doing anything.

This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
The purpose of the test is to determine whether the problem is caused by third-party software that loads automatically at startup or login, by a peripheral device, or by corruption of certain system caches.


Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode and log in to the account with the problem. Note: If FileVault is enabled, or if a firmware password is set, or if the boot volume is a software RAID, you can’t do this. Ask for further instructions.

Safe mode is much slower to boot and run than normal, and some things won’t work at all, including sound output and Wi-Fi on certain iMacs. The next normal boot may also be somewhat slow.
The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.


Test while in safe mode. Same problem?


After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test.

Another Safari hijack: "http://undeps.vizvaz.com" ?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.