How do I get rid of the phony Flash Update malware on my Mac?
This bug won't let me access the internet normally. Google won't work. Links in emails don't work. It looks like this:
Any suggestions?
iMac, Mac OS X (10.4.10)
Thanks for your suggestions, Rudegar. The first method did not work. The second link takes me to search results, which I am starting to work my way through. Nothing yet.
I've looked in my extensions at both Chrome and Safari and there's nothing in there that shouldn't be.
Check your DNS server settings in System Preferences - Network - Advanced - DNS.
If they're as expected, check that they haven't been altered in your router & if so, look into changing security on it, or replacing it with a different model.
There are two lines in the DNS field. On the first is a string of numbers xxx.xxx.xxx.xx, and on the second: 8.8.8.8
Does that mean anything to you?
Yes. The first one...
If it's the same as ...Advanced - TCP/IP - Router Address, then check your router settings.
If it's not, and it doesn't belong to your ISP, or Opendns (it would be 208.67... etc)
then remove it & test.
None of the numbers I see in the TCP/IP field (and there are several) match the first number in the DNS field.
It is ok to post the numbers, but if you prefer not to, you'll need to search yourself to find out if they belong to your ISP or could be responsible for this.
They're evidently not from your router, or they would match that in ...Advanced - TCP/IP - Router.
If you select that entry in DNS servers, copy it, then remove & click Apply, you can always test without it then revert later.
8.8.8.8 belongs to Google Public DNS. and presumably was added manually at some point.
There are three numbers displayed in the TCP/IP field: an IPv4 address, a subnet mask and a router.
None of the numbers displayed there match the number in the DNS field, which beings with 128.
Is this where the problem is?
Clearly I dont know what I'm doing.
Thanks for your time.
If the number in DNS servers matched the Router number : that could be normal.
Since it doesn't, the number may be for some rogue DNS that is causing this; or it could be a legitimate one from your own, or some other, ISP.
You can either post the number here, or search yourself, to see who it might belong to.
My advice is to select it, then click the + button to remove it. You might need to authenticate before doing that, by clicking the padlock at bottom left of the main Network preference window.
The update alerts are fake, and are intended to mislead you into installing malware and/or to steal your identity.
You might get the alerts when visiting a website that has been hacked. Don't visit the site again. If applicable, notify the site administrator of the problem, but don't send email to an unknown party.
If you get the alerts when visiting well-known websites such as Google, YouTube, or Facebook, then they're the result of an attack on your router that has caused you to get false results from looking up the addresses of Internet servers. Requests sent to those sites are redirected to a server controlled by the attacker.
The router's documentation should tell you how to reset it to the factory default state. Usually there's a pinhole switch somewhere in the back. It may be labeled "RESET." Insert a paper clip and press the button inside for perhaps 15 seconds, or as long as the instructions specify.
Then go through the initial setup procedure. I can't be specific, because it's different for every model. The key points are these:
1. Don't allow the router to be administered from the WAN (Internet) port, if it has that option.
2. Set a strong password to protect the router's settings: at least ten random upper- and lower-case letters and digits. Don't use the default password or any other that could be guessed.
3. If the router is wireless, or if you have a wireless access point on the network, use "WPA 2 Personal" security and set another strong password to protect the network. If the router or access point doesn't support WPA 2, it's obsolete and must be replaced.
During the time the router was compromised, you were redirected to bogus websites. If you ever connected to a secure site and got a warning from your browser that the identity of the server could not be verified, and you dismissed that warning in order to log in, assume that your credentials for the site have been stolen and that the attacker has control of the account. This warning also applies to all websites on which you saw the fake update alerts.
If you downloaded and installed what you thought was a software update, ask for instructions.
Thank you. I will try this procedure a little later today.
I wanted to report back that resetting my Linksys router seems to have solved the problem--thanks very much for the suggestion.
I'd also say the process can be more complicated than you'd like. The configuration CD that came with the router would not work with my Mavericks operating systsm, and the router was out of warranty. I had to pay the company $30 as a one-time fee so they would walk me through resettting the router manually. In all, it took several hours.
Newer routers, I'm told, have some auto wi-fi capability that makes this problem go away.
Anyhow, major PIA but the fix worked. Thanks again for all your help.
How do I get rid of the phony Flash Update malware on my Mac?