Previous 1 2 Next 23 Replies Latest reply: Aug 3, 2013 12:18 PM by andyBall_uk
elena_ts Level 1 Level 1

Since yesterday I get redirected to this site:

By searching it in Google I came across some blogs saying that this is a browser hijack, but it doesn't mention how to get rid of if on Safari.

What should I do?

MacBook Pro, Mac OS X (10.7.5)
  • Carolyn Samit Level 10 Level 10

    Try clearing the cache, history, and web data.


    Press Command + Option + E to clear the Safari cache.


    From the Safari menu bar click History > Clear History


    Now go to Safari > Preferences > Privacy


    Click:  Remove All Website Data


    Qiut Safari.



    Use OpenDNS to avoid re directs in the future.


    Open System Preferences > Network > Advanced > DNS


    Click + and type:



    Click + again and do the same.



    Click Ok.



    Launch Safari.

  • elena_ts Level 1 Level 1

    I did that. Doesn't seem to work


    Under Details in Cookies & Other website data I find that as well "vizvaz" and removed along with some others that didn't seem ok

  • Linc Davis Level 10 Level 10

    First, I suggest you revert any changes you made to your DNS settings.


    From the Safari menu bar, select


    Safari Preferences Extensions


    Turn all extensions OFF and test. If the problem is resolved, turn extensions back ON and then disable them one or a few at a time until you find the culprit.


    If you wish, you may be able to salvage the malfunctioning extension by uninstalling and reinstalling it. Its settings will revert to their defaults. If the extension still causes a problem, remove it permanently or refer to its developer for support.

  • Phlac Level 1 Level 1

    you may have to go to ~/Library/Safari/LocalStorage ~/Library/Safari/Databases and delete everything manually.  If you still have a problem, the nuclear option would be to go to ~/Library/Safari/Extensions and delete eveything from that as well as the LocalStorage and Databases directories.

  • elena_ts Level 1 Level 1

    Linc,  the extensions table is empty and in Library there is no such folder (so I guess I don't have any installed)


    Phlac, I did what you said. I deleted everything but the problem persists (Databases folder was empty).

    It only happens though on this website and on this specific URL (home page and everything else – eg. if I go there step step instead of the google results – it works ok). It might have happened with other websites as well, but I don't remember.

  • andyBall_uk Level 7 Level 7

    If it happens only when visiting one site, and only if you used google to get there - then it's very likely the website which has been compromised.

  • Phlac Level 1 Level 1

    a quick google of has the first entry as a dynamic dns service, followed by several pages of "how to remove" type sites from domains I've never heard of, including several on wordpress blogs - I didn't click on any of them, because sometimes these sites that claim to have removal instructions are just as bad.


    a google of "" list 4 articles from, listing a backdoor and a downloader: and Downloader-CMJ.gen.e!50C0B9ED1E55


    Exit Safari and run your favorite anti-virus software.  This definitely malware, while a *nix systems like OS X can't replicate a virus, they certainly can run malware, trojans, downloaders and backdoors.


    If you are running Windows, it could be hiding in the registry or several other places besides Safari settings.  I'm unclear as to your system setup, as you have a macbook pro listed, but also show both the Windows and Mac categories in your original post.


    It may be as easy as resetting your homepage to and your default search engine to Google on the General Tab in Safari Preferences, it's hard to tell from here.

  • Phlac Level 1 Level 1

    i mistyped when I said "definitely malware", as I don't know what your setup is - while you could have accidentally installed some sort of trojan, downloader or backdoor and you are running 10.7.5 as shown, then you would have been prompted for your password to allow installation in most cases. If you're running Windows, I would also check the General tab as below and in my previous post, but also run your windows anti-virus software to clean anything out, as * appears to be notorious.


    I would first check, as I said, in the General tab in Safari preferences and make sure your default search engine is what it should be, as well as your homepage.

  • Linc Davis Level 10 Level 10

    Please post instructions to reproduce the problem.

  • elena_ts Level 1 Level 1

    I checked both Mac and Windows (VMFusion) using ESET Pro but neither virus nor malware was found – all clean.

    And my Homepage is set to Google as it was.

  • elena_ts Level 1 Level 1

    Linc Davis wrote:


    Please post instructions to reproduce the problem.

    The problem came up when I typed "υποδοχέας της κινάσης τυροσίνης ret" in It's the 5th result that persents the problem:

    φαιοχρωμοκυττωμα - συνδρομα πολλαπλης ενδοκρινικης νεοπλασιας › Εφαρμογή και Ερμηνεία Αποτελεσμάτων


    I hope it helps.

  • elena_ts Level 1 Level 1

    However, when clicking on the URL from here, the website opens perfectly.

  • Linc Davis Level 10 Level 10

    Please read this whole message before doing anything.

    This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.

    The purpose of the test is to determine whether the problem is caused by third-party software that loads automatically at startup or login, by a peripheral device, or by corruption of certain system caches.


    Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode and log in to the account with the problem. Note: If FileVault is enabled, or if a firmware password is set, or if the boot volume is a software RAID, you can’t do this. Ask for further instructions.
    Safe mode is much slower to boot and run than normal, and some things won’t work at all, including sound output and  Wi-Fi on certain iMacs. The next normal boot may also be somewhat slow.

    The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.


    Test while in safe mode. Same problem?


    After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test.

  • andyBall_uk Level 7 Level 7

    I see the exact same redirect - the site seems to have been compromised, as I suggested on 27 July, & links from google are sent elsewhere.

Previous 1 2 Next