Safari redirected

Eric,

Unfortunately this didn't work. The highjacking of a web site happens spontaneously without any input from me. Meaning, I don't need to click on anything nor touch the keyboard for it to happen. For instance, I had a web site open and stepped away for a moment. Upon returning I found that https://dynamic2pixel.com had grabbed the site and farmed it to another URL which said my flash player needs updating. I've talked with Apple support twice previously on this matter and they've walked me through cleaning out plug-ins, extensions, odd-apps, history, emptying trash, installing Malwarebytes, etc, etc, doing much of the same steps you pointed out. Then, almost as a taunt, https://dynamic2pixel.com will strike again moments after I've completed my session with Apple support.

I did a little research on dynamic2pixel.com. I believe they are a recent group working on a server out of San Francisco. Server IP: 104.27.186.144; Server Location: San Francisco,CA,United States; ISP: CloudFlare; Phone: +1 5163872248

If you have any further info or suggestions, please keep me posted. Thanks again for your concern and follow-up.

This is the report:

EtreCheck version: 4.3.3 (4D036)

Report generated: 2018-07-03 14:06:41

Download EtreCheck from https://etrecheck.com

Runtime: 3:28

Performance: Good

Problem: Other problem

Description:

https://dynamic2pixel.com is highjacking websites and re-directing to virus warning or flash player update websites

Major Issues: None

Minor Issues:

These issues do not need immediate attention but they may indicate future problems.

Upgradeable hard drive- This machine’s hard drive could be replaced with an SSD. This would dramatically improve your machine’s performance.

High battery cycle count- Your battery may be losing capacity.

Apps with heavy CPU usage- There have been numerous cases of apps with heavy CPU usage.

Clean up- There are orphan files that could be removed.

Unsigned files- There is unsigned software installed. They appear to be legitimate but should be reviewed.

32-bit Apps- This machine has 32-bits apps that may have problems in the future.

Hardware Information:

MacBook Pro (13-inch, Mid 2012)

MacBook Pro Model: MacBookPro9,2

1 2.5 GHz Intel Core i5 (i5-3210M) CPU: 2-core

8 GB RAM - At maximum

BANK 0/DIMM0 - 4 GB DDR3 1600 ok

BANK 1/DIMM0 - 4 GB DDR3 1600 ok

Battery: Health = Normal - Cycle count = 798

Video Information:

Intel HD Graphics 4000 - VRAM: 1536 MB

Color LCD 1280 x 800

Drives:

disk0 - APPLE HDD HTS545050A7E362 500.11 GB (Mechanical)

Internal SATA 3 Gigabit Serial ATA

disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB

disk0s2 [Core Storage Container] 499.25 GB

disk1 - Macintosh HD (Journaled HFS+) 498.89 GB

disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB

Mounted Volumes:

disk1 - Macintosh HD 498.89 GB (419.25 GB free)

Journaled HFS+

Mount point: /

Network:

Interface Bluetooth-Modem: Bluetooth DUN

Interface en0: Ethernet

Interface fw0: FireWire

Interface en1: Wi-Fi

802.11 a/b/g/n

One IPv4 address

Interface en3: Bluetooth PAN

Interface bridge0: Thunderbolt Bridge

iCloud Quota: 2.80 GB available

System Software:

macOS High Sierra 10.13.4 (17E199)

Time since boot: About 2 hours

System Load: 1.50 (1 min ago) 1.57 (5 min ago) 1.57 (15 min ago)

Security:

Unsigned Files:

Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper

Details: Exact match found in the whitelist - probably OK

Launchd: ~/Library/LaunchAgents/com.dtv.vgconnect.uninstall.plist

Executable: /bin/sh -c /tmp/vgconnect.DTV/condUninstall.sh

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool

Details: Exact match found in the whitelist - probably OK

Launchd: ~/Library/LaunchAgents/com.dtv.vgconnect.plist

Executable: /bin/sh -c $HOME/Library/NDSPCShowServer.DTV/NDSPCShowServer.DTV.bundle/Contents/Resources /launch.sh

Details: Exact match found in the whitelist - probably OK

Launchd: ~/Library/LaunchAgents/com.skype.skype.shareagent.plist

Executable: /Applications/Skype.app/Contents/Library/LaunchServices/com.skype.skype.shareag ent.bundle/Contents/MacOS/com.skype.skype.shareagent

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck

Details: Exact match found in the whitelist - probably OK

32-bit Applications:

34 32-bit apps

Kernel Extensions:

/Library/Extensions

[Loaded] MB_MBAM_Protection.kext (Malwarebytes Corporation, 3.3 - SDK 10.13)

System Launch Agents:

System Launch Daemons:

Launch Agents:

Launch Daemons:

User Launch Agents:

User Login Items:

LoginHelper SMLoginItem (Mac App Store - installed 2018-05-06)

(/Applications/Memory Clean 2.app/Contents/Library/LoginItems/LoginHelper.app)

HP Device Monitor SMLoginItem (HP Inc. - installed 2017-11-03)

(/Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpe rs/HP Device Monitor Manager.app/Contents/Library/LoginItems/HP Device Monitor.app)

Internet Plug-ins:

FlashPlayer-10.6: 30.0.0.113 (installed 2018-06-07)

QuickTime Plugin: 7.7.3 (installed 2018-03-27)

AdobePDFViewerNPAPI: 15.010.20056 (installed 2015-12-18)

CouponPrinter-FireFox_v2: 5.4.2 (installed 2016-01-11)

AdobePDFViewer: 15.010.20056 (installed 2015-12-18)

Flash Player: 30.0.0.113 (installed 2018-06-07)

SharePointBrowserPlugin: 14.7.7 (installed 2018-06-10)

DirectorShockwave: 12.1.3r153 (installed 2014-06-24)

JavaAppletPlugin: Java 8 Update 161 build 12 (installed 2018-02-26)

User Internet Plug-ins:

OctoshapeWeb: 1.0 (installed 2018-05-10)

3rd Party Preference Panes:

Flash Player (installed 2018-06-01)

Java (installed 2018-02-26)

Time Machine:

Skip System Files: No

Mobile backups: Yes

Auto backup: Yes

Volumes being backed up:

Macintosh HD: Disk size: 498.89 GB - Disk used: 79.63 GB

Destinations:

M********** [Local] (Last used)

Total size: 1.00 TB

Total number of backups: 139

Oldest backup: 2013-03-18 11:21:46

Last backup: 2018-06-25 13:39:47

Top Processes by CPU:

Top Processes by Memory:

Top Processes by Network Use:

Top Processes by Energy Use:

Virtual Memory Information:

Software Installs (past 30 days):

Clean up:

~/Library/LaunchAgents/com.adobe.ARM.***.plist

/Applications/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper

Executable not found

~/Library/LaunchAgents/com.google.keystone.agent.plist

/Users/***/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Conte nts/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateA gent

Executable not found

Diagnostics Information (past 7 days):

2018-07-02 23:15:04 com.apple.WebKit.WebContent CPU (11 times)

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.Web Kit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

End of report

Eric,

Moving just cache.db to the trash did not solve the problem as dynamic2pixel struck again soon thereafter. I went ahead and moved ALL cache.db files, i.e. cache.db, cache.db-shm, and cache.db-wal to the trash and emptied the trash after making sure Safari still functioned. Just to be sure, I again cleared the history, removed all cookies, closed Safari, opened Finder, removed all cache.db files to the trash, emptied the trash, and restarted Safari.

Time will tell if this does the trick. I'll keep you posted. I should have a pretty good idea soon since I have been hit by this redirection problem daily. BTW, this problem only began about 2-3 months ago. Prior to that it was not even an issue and I've been a Safari user since 2012.

Again, thanks for your assistance. At the very least I've learned a lot about the inner workings of Safari. Hope you have or had a great 4th.

Knock-on-wood I believe the issue has been resolved. At least I haven't been redirected for the last day and one-half. Despite all the deletions and removals to the trash, and even emptying the trash I kept getting hit with re-directions almost at an increasing pace. Reminded me of attempting to cut out a cancer only to get hit 10X harder, as if it were taunting me. What I finally decided to do before contacting site administrators as VikingOSX suggested, was to redo each and every step you outlined in your previous comments, in order. But instead of re-opening Safari as the last step, I did a shut down of my Mac. Upon re-starting and opening Safari, I seem to be free. I'm thinking the re-direction virus had parked itself in RAM and upon seeing that I was deleting all caches where it had squirreled away it's code, started bombarding me with re-direction commands in virtually every web site I went to, at almost a frantic pace.

Anyway, I want to thank you and VikingOSX for your advice and staying with me on this. Hopefully this has totally resolved this issue. If not, I'll have to figure out how to contact site administrators.

Knock-on-wood I believe the issue has been resolved. At least I haven't been redirected for the last day and one-half. Despite all the deletions and removals to the trash, and even emptying the trash I kept getting hit with re-directions almost at an increasing pace. Reminded me of attempting to cut out a cancer only to get hit 10X harder, as if it were taunting me. What I finally decided to do before contacting site administrators as VikingOSX suggested, was to redo each and every step you outlined in your previous comments, in order. But instead of re-opening Safari as the last step, I did a shut down of my Mac. Upon re-starting and opening Safari, I seem to be free. I'm thinking the re-direction virus had parked itself in RAM and upon seeing that I was deleting all caches where it had squirreled away it's code, started bombarding me with re-direction commands in virtually every web site I went to, at almost a frantic pace.

Anyway, I want to thank you and VikingOSX for your advice and staying with me on this. Hopefully this has totally resolved this issue. If not, I'll have to figure out how to contact site administrators.

I just now moved the cache.db to the trash and emptied the trash. I noticed that there were two other files - cache.db-shm and cache.db-wal. Should these be sent to the trash as well?