Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mac Spyware?

kingshrubb

kingshrubb

macrumors regular
Original poster
Mar 3, 2008
154
0
My internet browser (whether I use chrome or safari) keeps redirecting me to random sites. Sometimes this happens automatically and sometimes it happens when I enter a new URL in. It will even sometimes open a new tab in my browser and an ad pops up. The internet is extremely slow (I have a friend on the same network with the same macbook pro as mine and his is considerably faster). What can I do to stop this? Thank you for your help. :)
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,545
943
Check your DNS settings:
System Preferences > Network > yournetwork > Advanced > DNS

Unless you've been installing pirated software or software from seedy sites, it's not malware.
Mac Virus/Malware Info
 
kingshrubb

kingshrubb

macrumors regular
Original poster
Mar 3, 2008
154
0
GGJstudios said:
Check your DNS settings:
System Preferences > Network > yournetwork > Advanced > DNS

Unless you've been installing pirated software or software from seedy sites, it's not malware.
Mac Virus/Malware Info
Click to expand...

The DNS settings have 2 different servers:
85.255.114.36
and
85.255.112.95
Is this right?


Also the sites / ads are sometimes the same, like similar ones pop up each times sometimes not all the time though.
 
4

416049

macrumors 68000
Mar 14, 2010
1,844
2
kingshrubb said:
The DNS settings have 2 different servers:
85.255.114.36
and
85.255.112.95
Is this right?


Also the sites / ads are sometimes the same, like similar ones pop up each times sometimes not all the time though.
Click to expand...

doesn't seem like it at least according to this link:

http://gabrielharrison.co.uk/consultancy/dns_spam_porn_search_hijack/

Clear your dns settings using the black minus on button and i am curious have you been downloading illegal stuff?

darn it GGJstudios you were faster :D
 
kingshrubb

kingshrubb

macrumors regular
Original poster
Mar 3, 2008
154
0
GGJstudios said:
No, change them to 208.67.222.222 and 208.67.220.220
Click to expand...

I can't change them. The black "-" is gray so I can't click it :(
edit: I can't even click on the DNS server. I can't click it the number is even grayed out.
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,545
943
kingshrubb said:
I can't change them. The black "-" is gray so I can't click it :(
edit: I can't even click on the DNS server. I can't click it the number is even grayed out.
Click to expand...

On the Network window, did you unlock?
ScreenCap 2.PNG
 
M

markgixxer750

macrumors newbie
Dec 31, 2010
20
1
The desert
Trojans/Spyware?

One of my customers has brought his macbook in for me to have a look at, the DNS address is 85.255.114.89 and 85.255.112.196, the mac is (needs to be) set to DHCP to get all its info from the network, static addresses are not an option.

A bit of noseying around seems to point that these adresses belong to a dodgy ISP that allows "questionable" activity on its servers.

How do you find and remove a trojan from a mac? Will installing Sophos help?

Its a Macbook 4,1 running OS X 10.5.8
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,545
943
markgixxer750 said:
How do you find and remove a trojan from a mac?
Click to expand...
First, you have to find a Mac trojan. Currently, there are only a handful out there and you usually find them while installing pirated software or installing codecs or plug-ins from porn sites. If you haven't done this and you've been careful about what you install, your chances of having a Mac trojan are ridiculously remote.

There's more information here: Mac Virus/Malware Info
 
M

markgixxer750

macrumors newbie
Dec 31, 2010
20
1
The desert
GGJstudios said:
First, you have to find a Mac trojan. Currently, there are only a handful out there and you usually find them while installing pirated software or installing codecs or plug-ins from porn sites. If you haven't done this and you've been careful about what you install, your chances of having a Mac trojan are ridiculously remote.

There's more information here: Mac Virus/Malware Info
Click to expand...

Ok thanks for the info, like I say this mac-book belongs to a "customer" so Ive no idea what he has or has not clicked on and not being particularly up 2 speed with macs having only owned one myself for 2 weeks I'm not too sure how to go about sorting it out for him. I'm more of a Windows person myself and just recently came over to the darkside (sic).

The problem is his DNS address settings as I stated above which need to be obtained from the network automatically but instead are "greyed" out and are seemingly un-deletable. They appear to belong to a nameserver company in Ukraine called inhoster and a bit of googling shows that they are a pretty dubious bunch.
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,545
943
markgixxer750 said:
The problem is his DNS address settings as I stated above which need to be obtained from the network automatically but instead are "greyed" out and are seemingly un-deletable. They appear to belong to a nameserver company in Ukraine called inhoster and a bit of googling shows that they are a pretty dubious bunch.
Click to expand...
The DNS settings are greyed out because you haven't unlocked them. When you go to System Preferences > Network, you will see a padlock icon in the lower left corner and the note "Click the lock to make changes". You need to click the lock, enter the admin password, and then you'll be able to change DNS servers. Remove the existing ones and use OpenDNS or Google servers:

OpenDNS:
Primary DNS Server: 208.67.222.222
Secondary DNS Server: 208.67.220.220

Google:
Primary DNS Server: 8.8.8.8
Secondary DNS Server: 8.8.4.4
 
M

markgixxer750

macrumors newbie
Dec 31, 2010
20
1
The desert
GGJstudios said:
The DNS settings are greyed out because you haven't unlocked them. When you go to System Preferences > Network, you will see a padlock icon in the lower left corner and the note "Click the lock to make changes". You need to click the lock, enter the admin password, and then you'll be able to change DNS servers. Remove the existing ones and use OpenDNS or Google servers:

OpenDNS:
Primary DNS Server: 208.67.222.222
Secondary DNS Server: 208.67.220.220

Google:
Primary DNS Server: 8.8.8.8
Secondary DNS Server: 8.8.4.4
Click to expand...

No, I checked that, it is unlocked but they DNS settings are still greyed out.
 
M

markgixxer750

macrumors newbie
Dec 31, 2010
20
1
The desert
Ok after a bit more googling it appears there may be a "cron job" which is apparently some sort of scheduled task which re-writes the dodgy dns settings, which would explain why when I gave the PC a static IP and DNS it was over-written after about 30 seconds.

I will need to have a closer look at his macbook when i get back into work tomorrow I think.

aristobrat said:
You might try this:
http://www.macupdate.com/app/mac/26652/dnschanger-removal-tool
Click to expand...

Thanks, that looks promising, I'll give it a try when I get back into work tomorrow.
 
Last edited by a moderator:
M

markgixxer750

macrumors newbie
Dec 31, 2010
20
1
The desert
As Im trying to learn more about macs I decided to follow the instructions in this LINK and deleted it manually. Seemed pretty straightforward and was easy enough.

Thanks for all your help.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom