Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Titusmac
Titusmac Author
User level: Level 1
0 points

LinkBucks.com malware?

All links on Safari v. 5.1.10 web pages have today been usurped by ultrafiles.net - as with, e.g., this link (for information only!):


http://www.ultrafiles.net/7cc02b3a/url/http://uk.advfn.com/cmn/fbb/thread.php3?i d=29793328


LinkBucks - in beta - brings up an ad via the above link. Clicking on "Skip this ad" brings up


We are unable to install this application because it’s not compatible with your OS

Instead we recommend you try

Best personalized homepage - A Newspaper Styled Homepage


[needless to say, I've not clicked on anything there...]


I found (and have now lost) a possible answer, IF this is "Adware" infestation, and checked Safari prefs > Extensions but found an empty pane, so that hasn't helped. The lost article listed other things to test, but it was all rather beyond this octogenarian's technical capability.


My setup is Snow Leopard in MacBook Pro. My ISP at this Cape Town location is now transmitting to a dish on my house by wireless, using an Ethernet cable direct fromthe dish but without an intermediate modem.


Had no problem with that until today nor previously via modem/ethernet here or at home in the Isle of Man on a wireless connection.


I need to be trading online all of every working day, so desperation is imminent and any informed help would be very much appreciated.

Mac OS X (10.6.1), MacBook Pro

Posted on Jan 24, 2014 2:00 AM

Reply
Question marked as Best reply
User profile for user: seventy one
seventy one
User level: Level 7
27,430 points

Posted on Jan 24, 2014 2:14 AM

Very much looks like malware on the basis of this document.


Linkbucks.com browser hijacker removal instructions | malwareremovalguides


But before you download anything from the above document double check to make sure it, too, is not malware.

View in context
26 replies
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,989 points

Jan 26, 2014 1:34 PM in response to tpwilson

The ISPs may not be the same, but somewhere there has to be something in common. Perhaps both use the same local DNS server that has been compromised. Heck, it's even possible that someone has managed to compromise multiple local DNS servers in your area.


Bottom line, it's gotta be something to do with the network in your case. There's simply no other explanation when both a Mac and an iPad are affected, on major sites like Google that are unlikely to have been hacked without that making national news, at the same time.

Reply
User profile for user: seventy one
seventy one
User level: Level 7
27,430 points

Jan 26, 2014 2:42 PM in response to Titusmac

Hello Titusmac,


Having read Thomas r's last comment, I'm feeling that there may be light at the end of the tunnel. It was fortuitous that he joined in. If Thomas is so confident about something, you can be pretty sure he's heading in the right direction.


I won't go to into Easy Find but I am sure you will be glad of its' acquisition in time. For some reason I could not raise a response from the 'Info' link, otherwise I would have checked it out for you. I haven't used it for ages but I seem to recall going to top menu bar 'help' then Easy Find help and there you will find a screen with lots of info. Try it, you have nothing to lose.

Reply
User profile for user: Titusmac
Titusmac Author
User level: Level 1
0 points

Jan 28, 2014 12:20 PM in response to tpwilson

tpwilson - thanks.


This thing remains an enigma to me. I lost all access to the internet at the week-end and took my MacBook to a specialist (administrator?) who ran deep search tests overnight and told me this morning that he could find nothing wrong whatsoever.


Got it home. No internet. But this is South Africa. My ISP had cut me off without warning because I'd "exceeded my cap". Jeez, what a game IT has become!


Access restored - and EVERYTHING WORKS! Dare not ask out loud what happened to LinkBucks, but it's good to be alive online once more, whatever......


Thanks to everyone for their help and advice.


Titus

Reply
User profile for user: parkr
parkr
User level: Level 1
0 points

May 16, 2014 4:04 AM in response to Titusmac

We have gone round and round with this and finally think we know the source- it seems to be the modem


If we restart the modem and clear cache on computer or iPad, the problem goes away


the bad news is that the problem reoccurs on the modem after a few days


we updated firmware on modem but the issue persists


next step is working with ISP to see if there anythign they can do


we use a series of ADSL lines and one Leased Line- the problem only occors on ADSL for us


R

Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,989 points

May 16, 2014 5:10 AM in response to parkr

I mentioned hacked wireless routers as a possibility back in January. At this point, LinkBucks has been pretty strongly associated with wireless router hacks. If your wireless router is vulnerable, you need to talk to the manufacturer of your router about how to solve the problem. If the modem is also a router, and is provided by your ISP, they would be the proper folks to contact for help.


If you have a wireless router that is vulnerable and does not have any available fixes, you will need to either buy a new router or install the free DD-WRT firmware on your router.

Reply
User profile for user: WZZZ
WZZZ
User level: Level 6
13,226 points

May 16, 2014 5:18 AM in response to thomas_r.

If you have a wireless router that is vulnerable and does not have any available fixes, you will need to either buy a new router or install the free DD-WRT firmware on your router.

An other option is to install the Tomato firmware, which will not only prevent this vulnerability, but will also increase the stability and performance of any router which is capable of running it.


http://www.linksysinfo.org/index.php?forums/tomato-firmware.33/


http://tomato.groov.pl/?page_id=164


http://en.wikibooks.org/wiki/Tomato_Firmware/Supported_Devices


http://www.polarcloud.com/tomato

Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,989 points

May 19, 2014 3:26 AM in response to parkr

the D-Link modem/router runs via cable directly to my computer and wireless is disactivated


Being connected by a wire to your wireless router makes absolutely no difference. If it has been hacked, it has been hacked, and how you connect to it is irrelevant.


i got some info from China saying this is common there, the guy recommended

http://www.opendns.com/about/innovations/dnscrypt/

as a way to encrypt dns traffic- he claims this will resolve the issue


Using OpenDNS as your domain name server (DNS) would solve the problem if the problem is caused by a compromised DNS at your internet service provider (ISP). It will not help at all if the problem is a hacked router.


Installing DNSCrypt really wouldn't be a solution to this problem in either case.

Reply

LinkBucks.com malware?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up