Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: jompa1010
jompa1010 Author
User level: Level 1
0 points

adware pop ups and redirects to strange websites....

I have the 10.9.3 software on my mac. I recently downloaded the adware removal tool from thesafemac because I had a bunch of pop ups and redirects in safari. Here are a few examples of whats popping up: mackeeperapp2.zeobit.com & unizz.exclusiverewards.dollfield.eu

It also started affecting both my wife’s and my iPhones 5s and ipad air in safari - lots of redirects and taking me to the App Store…

Any idea how to move forward with this?

iMac, OS X Mavericks (10.9.3)

Posted on Jun 4, 2014 7:02 PM

Reply
16 replies
User profile for user: K Shaffer
K Shaffer
User level: Level 7
34,966 points

Jun 5, 2014 2:17 AM in response to jompa1010

There is an 'adware removal guide' among other helpful

tools & additional removal methods in The Safe Mac site...


•Tech Guides:

http://www.thesafemac.com/tech-guides/


•Adware Removal Guide:

http://www.thesafemac.com/arg/


•Adware Removal Tool:

http://www.thesafemac.com/art/


The redirects in Safari are also covered, but are only

symptoms of the actual background bits of badware.


{I'm asking Host to move this from PPC area to Intel.}


Good luck & happy computing! 🙂

Reply
User profile for user: Matt Clifton
Matt Clifton
User level: Level 7
29,975 points

Jun 5, 2014 5:23 AM in response to jompa1010

Just noticed something else on your post, and I can't edit my reply from an iPad...


There is no malware that affects iOS devices, nor can such a problem spread from Mac to IOS or vice versa. If you're getting redirects in web browsers, I suspect that your network DNS is at fault. (Also, do you have any Windows PCs on your network? If so, check them for virus/malware.)


Log into your router (usually http://192.168.1.1 or something similar) and check what DNS servers you have set up. Usually, this sort of thing is left blank for your internet provider to manage, but you may have bad information in there. Try replacing any servers you have with the OpenDNS versions - 208.67.220.220 and 208.67.222.222.


Matt

Reply
User profile for user: jompa1010
jompa1010 Author
User level: Level 1
0 points

Jun 5, 2014 7:28 AM in response to Matt Clifton

Seems like most of the adware has gone away after I used the ART but now I get all these redirects all the time....

It's a complicated situation, we are on a network where we get the password from a store downstairs and that's how we get online. None of thier computers are getting the redirects or seems to have any issues - only my mac, our 2 iphone 5s and out ipad when we are on wifi. If I use 4G on my cell phone, they don't show up. It's strange that the owner of the store downstairs don't have any problems with her computers or phone. Tried changing the password for the wifi today but that didn't help. Any ideas?

Reply
User profile for user: Matt Clifton
Matt Clifton
User level: Level 7
29,975 points

Jun 5, 2014 7:51 AM in response to jompa1010

On your iOS devices, go to Settings - Wifi, and click the "i" symbol next to the network you're on. (Make doubly-sure that you're on the correct network, of course, and haven't strayed into a neighbor's open network by error.)


What values are listed under "DNS"?


Do the same thing for your Mac - System Preferences, Network, Wifi, Advanced, DNS.


If you delete the Mac's DNS values and type in the OpenDNS servers I posted below, does that solve the problem?


Matt

Reply
User profile for user: Matt Clifton
Matt Clifton
User level: Level 7
29,975 points

Jun 5, 2014 8:21 AM in response to jompa1010

Change them both. (ie, replace them with the two OpenDNS ones).


I can't personally verify, but a quick search of those two DNS values only bring up results for "hacked Netgear router".


If you have control over the router (or can persuade the store owner to change it), I strongly advise that you go through its settings, disable remote access, and reset its DNS to values that you trust. Either use the OpenDNS, or your ISP's own DNS servers (you'll have to contact them to see what these should be).


As to the wireless security, make sure you're using WPA2 (not WPA or WEP) with a strong password.


It's best, of course, if you can use your own internet connection and router, so that you can be in control of your network. At the moment, anyone on the store network (do they allow customers to log in, or give out the password?) potentially has access to your internet traffic.


Matt

Reply
User profile for user: jompa1010
jompa1010 Author
User level: Level 1
0 points

Jun 5, 2014 9:04 AM in response to Matt Clifton

Can I change the DNS values on all my devices without the store doing it? Will that work or does the store have to do it as well?

The internet provider here claims that it's an in house problem. They say that one of the computers on the wifi network must be infected and causing the other computers,ipads,iphones to get these issues as well. Could that be it? Can it be transfered from devices on the network?

Reply
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,541 points

Jun 5, 2014 9:21 AM in response to jompa1010

There are two possibilities: either the router has been hacked to direct DNS queries to a malicious server, or it's using the right DNS servers, but those servers have been hacked. The first possibility is more likely.

Follow the manufacturer's instructions to reset the router to the default state. Usually that involves inserting the end of a straightened paper clip or a similar tool into a pinhole somewhere in the back of the device, and pressing a switch inside for about 15 seconds. The pinhole may be marked "RESET."

Repeat the initial setup process. Make sure the router does not allow remote setup from the Internet (WAN port), if it has that feature—most do. The DNS servers should be set automatically by your ISP. If you still have trouble with those servers selected, contact your ISP.

Another option, if your ISP fails to secure its servers promptly, is to use an alternative DNS service such as Google DNS or OpenDNS. I don't recommend either one. Don't believe the marketing hype about OpenDNS, in particular. There are no advantages to using it if your ISP is delivering the service you pay for.

If you have a wireless network, it must be secured with WPA 2 encryption. The passwords for the network and the router must each be a string of at least 10 random upper- and lower-case letters and digits, and they should be different. Any password that you can remember is weak.

Reply
User profile for user: jompa1010
jompa1010 Author
User level: Level 1
0 points

Jun 5, 2014 9:59 AM in response to Linc Davis

The internet provider here claims that it's an in house problem. They say that one of the computers on the wifi network must be infected and causing the other computers,ipads,iphones to get these issues as well. Could that be it? Can it be transfered from devices on the network?

If there's a problem on my imac, could it be transfered on the wifi network to my iphone or ipad if I am connected?

Reply

adware pop ups and redirects to strange websites....

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up