How to clean a browser hijack from my iMac?

Linc can you help me? I think you had solved a problem similair to mine and I can't find the discussion feed. heres my discussion title

why does it take my computer so long to boot login

sorry to barge into another discussion

pandu7 wrote:

I reset the Movistar PE router to factory settings, reconfigured the network, and most importantly changed all the admin passwords I could find. I left its default DNS settings alone, pointing to the defaults it received from its own DHCP/PPPOE connection from the ISP. On the Airport Extreme, I changed it from bridging mode to DHCP & NAT, creating an isolated network, and I set the DNS to OpenDNS for that network.

If the Movistar PE is also using NAT then you will be warned by an amber dot that you're network is double NAT'd which is a minor deficiency but may cause issues. NAT provides your incoming firewall, so you need to have at least one in operation, but as long as nothing else is on the Movistar network, the AEBS will provide all the protection you need. I think if it were me I would simply bridge out the Movistar and let the AEBS do all the router duties.

My conclusion is that it had to have been a hijack of the Movistar router, rather than something on the computers themselves.

I would certainly agree with you. Hopefully you're new setup will protect against however that happened.

Look for a setting that allows the router to be setup over the WAN or network. It should also have an administrator password set up to prevent changes to the settings. This is not the same as a password setup for the wireless network but one you would enter to access the settings on the router.

As I can see there are a few common factors at issue: I'm an Movistar Perú user too !!!.

I don't see any solution to trying to scan each Mac (or PC) at home. The problem is at borders routers at Movistar Perú, or his Nominum servers where poisoned. I know they got some claims from users with same behaviour.

I changed the xDSL CPE by another one (I got it from other anterior "live"), different vendor, model, etc. And the issue persists.

Again, I'm sure the issue is at carrier level.

Any suggestion is welcome.

hugardo.

pandu7 wrote:

After uninstalling Firefox and reinstalling it, the same redirect continued to happen. I suspect that Firefox leaves certain config files on the computer even after uninstall, and the bug must be buried in there somewhere.

A couple of ideas on this one:

- DNS Flusher add-on.

- Hold down your option key and select "Library" from the Finder's Go menu.

Now navigate to /Application Support/Firefox/Profiles/<randomnalphanumerics>.default/

If you find a "Users.js" file:

• drag it to the desktop and restart Firefox to test
• open Users.js with TextEdit then copy and paste the contents here.

can you help another?

Your best bet is to start a new discussion with a more descriptive subject and an description of your setup and what you are seeing. Linc may no longer be monitoring this conversation and you'll attract a lot more current users to give you a hand that way.

It's just the way this forum is designed to work.

Boot Mode: Normal

Pageouts (MiB): 1074

Loaded extrinsic user agents:

com.google.GoogleTalkPluginD.42976.48D09D41-8845-4781-A4E6-CDA884661A35

com.sony.PMBPortable.AutoRun

com.google.keystone.system.agent

com.cisco.anyconnect.gui

com.adobe.CS5ServiceManager

com.akamai.client.plist

com.adobe.ARM.925793fb327152fd34795896fa1fb9ffa268b2a852256fe56609efa3

Per-user login items:

Citations

Citations

iTunesHelper

Skype.app

VMware Fusion Helper

Google Drive

Dropbox

Safari extensions:

torrenthandler

Restricted user files: 3574

Extrinsic loadable bundles:

/System/Library/Extensions/CiscoVPN.kext

(com.cisco.nke.ipsec)

/System/Library/Extensions/hp_qc_io_enabler.kext

(com.hp.hpio.hp_psa530_630_io_enabler)

Library/Address Book Plug-Ins/SkypeABDialer.bundle

(com.skype.skypeabdialer)

Library/Address Book Plug-Ins/SkypeABSMS.bundle

(com.skype.skypeabsms)

Library/Internet Plug-Ins/fbplugin_1_0_3.plugin

(com.facebook.plugin)

Library/Internet Plug-Ins/Picasa.plugin

(com.google.PicasaPlugin)

Library/PreferencePanes/AkamaiNetSession.prefPane

(com.yourcompany.AkamaiNetSession)

/Library/Audio/MIDI Drivers/EmagicUSBMIDIDriver.plugin

(info.emagic.driver.unitor)

/Library/Internet Plug-Ins/AdobePDFViewer.plugin

(com.adobe.acrobat.pdfviewer)

/Library/Internet Plug-Ins/DirectorShockwave.plugin

(com.adobe.shockwave.pluginshim)

/Library/Internet Plug-Ins/eMusicRemote.plugin

(com.emusic.plugins.emp.mac)

/Library/Internet Plug-Ins/Flash Player.plugin

(com.macromedia.Flash Player.plugin)

/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin

(net.telestream.wmv.plugin)

/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.webplugin

(net.telestream.wmv.webplugin)

/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin

(com.google.googletalkbrowserplugin)

/Library/Internet Plug-Ins/o1dbrowserplugin.plugin

(com.google.o1dbrowserplugin)

/Library/Internet Plug-Ins/Silverlight.plugin

(com.microsoft.SilverlightPlugin)

/Library/Internet Plug-Ins (Disabled)/Flash Player.plugin

(com.macromedia.Flash Player.plugin)

/Library/PreferencePanes/Flash Player.prefPane

(com.adobe.flashplayerpreferences)

/Library/PreferencePanes/Flip4Mac WMV.prefPane

(net.telestream.wmv.prefpane)

/Library/QuickLook/VMware Fusion QuickLook.qlgenerator

(com.vmware.fusion.quicklook)

Font problems: 8

Library/LaunchAgents:

com.adobe.ARM.925793fb327152fd34795896fa1fb9ffa268b2a852256fe56609efa3.plist

com.akamai.client.plist

com.apple.CSConfigDotMacCert-kate.stonge@me.com-SharedServices.Agent.plist

/Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.CS5ServiceManager.plist

com.cisco.anyconnect.gui.plist

com.google.keystone.agent.plist

com.sony.PMBPortable.AutoRun.plist

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.bombich.ccc.plist

com.cisco.anyconnect.vpnagentd.plist

com.google.keystone.daemon.plist

com.vmware.launchd.vmware.plist

/Library/PrivilegedHelperTools:

com.bombich.ccc

Loaded extrinsic daemons:

com.vmware.launchd.vmware

com.google.keystone.daemon

com.cisco.anyconnect.vpnagentd

com.bombich.ccc

com.adobe.fpsaud

Log check:

Jul 29 22:52:03 kernel[0] <Debug>: PM notification timeout (pid 3075, Google Chrome He)

Linc hardly ever accepts requests from other users and may not even be following it any more.

This forum works best when you start a new discussion topic and clearly explain your problem before posting what you have. That way you will get the best set of eyes on your problem more quickly and Linc is far more likely to contribute.

At this point I have no idea what problem you are having and what you are seeing that prompted you to join this conversation.