Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Reply
 
Thread Tools Search this Thread Display Modes
Old Jun 5, 2010, 10:43 AM   #1
isaiah909
macrumors newbie
 
Join Date: Jun 2010
Location: canada
Mac google redirecting virus

okay i have a macbook but i go on safari or mozilla fire both have same issue i go on google and search then click on a link and it redirects me to unrelated websites i think its a virus because i tried reseting safari and emptying cache on both browsers and still same

other information
in address bar says stulus.com(extra stuff)
then shows what looks like ip adresses and on the page it is a blank white screen except for a continue button in top left corner after a few seconds it sends me back to google.com
isaiah909 is offline   0 Reply With Quote
Old Jun 5, 2010, 10:47 AM   #2
spinnerlys
Guest
 
Join Date: Sep 2008
Location: forlod bygningen
Then that is the first Mac OS X virus you have encountered. Because, currently there are no viruses publicly circulating for Mac OS X.

Have you taken a look at your Preferences (Safari, Firefox and Network) to see if you have some kind of strange setting there?

Can you post a screenshot of what you see?
What Mac OS X version do you use, what Safari and what Firefox version do you use and what specific network settings and set up do you have?

Have you installed anything lately, shortly before that problem started occurring?

Stulus.com seems to be some kind of search engine with lots and lots of ads on it.



Even though some might get annoyed of reading this, the thread title guy strikes again:


A more descriptive and precise thread title will help cater to the right audience and get you more responses.
To edit your thread title, just click on the button on the bottom right of your original post and then click the "Go Advanced" button below your message.


Have you also taken a look at , since that question may have been asked several times?


Example: Get re-directed to another site from Google search results in Safari and Firefox
spinnerlys is offline   0 Reply With Quote
Old Jun 5, 2010, 11:11 AM   #3
JediMeister
macrumors 68040
 
Join Date: Oct 2008
You should also check your Network preferences and go to Advanced in the lower right. Under the DNS tab, see if there are any black/bold entries under DNS Servers. If there are gray ones, leave those there, those are ones your modem/router are providing to your computer. Black ones were either added by someone else with access to the system or by some software you may have installed.
JediMeister is offline   0 Reply With Quote
Old Jun 5, 2010, 12:09 PM   #4
javacool
macrumors newbie
 
Join Date: Jun 2010
Quote:
Originally Posted by isaiah909 View Post
okay i have a macbook but i go on safari or mozilla fire both have same issue i go on google and search then click on a link and it redirects me to unrelated websites i think its a virus because i tried reseting safari and emptying cache on both browsers and still same
JediMeister's suggestion above (checking your DNS server settings) is important, as incorrect settings could indeed be the cause of what you're seeing.

Additionally, here are two other potential causes:

1.) An infection of the *site you're trying to visit* from the Google search results (i.e. not your computer).
Particularly, there have been a rash of compromises of online forum software recently, and those hacked sites redirect users the first time they arrive there from Google or other search engines.

If this is the case, there's nothing you can do except contact the owners of the sites you were trying to visit.

An Easy Way to Tell:
Does this happen on every single Google search result you click on? Or just certain sites?
If you're getting the redirect on every single Google search result, this is likely not the cause.
2.) An incorrectly-modified "HOSTS" file.
The HOSTS file maps domain names to IP addresses (the actual address of a server). If incorrect data is present, it could be redirecting your access of www.google.com from Google's servers to a "copycat" server that gives real-looking but fake results (which have the redirect).

An Easy Way to Tell:
  1. Open a Finder window.
  2. Under the "Go" menu, select "Go to Folder...".
  3. When prompted, type "/etc" (without the quotes). Click OK.
  4. Find the "hosts" file by name.
  5. Copy the "hosts" file to another folder (your Desktop is fine), to ensure you don't accidentally make any modifications.
  6. Double-click the "hosts" file, and it should open in TextEdit.
  7. Verify it does not contain any entries for "google.com" or other search engines. (It will normally have some "localhost" entries - those are fine.)
javacool is offline   0 Reply With Quote
Old Jun 5, 2010, 12:10 PM   #5
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by isaiah909 View Post
i think its a virus
It's NOT a virus!

Mac Virus/Malware Info
GGJstudios is offline   0 Reply With Quote
Old Jun 5, 2010, 01:24 PM   #6
Gregg2
macrumors 601
 
Join Date: May 2008
Location: Milwaukee, WI
If you have a Mac and a virus, the cure is bed rest.
Antibiotics don't work on viruses.
Gregg2 is offline   0 Reply With Quote
Old Jun 6, 2010, 07:34 PM   #7
holligula
macrumors newbie
 
Join Date: Jun 2010
whatever you call it, it's annoying

Quote:
Have you taken a look at your Preferences (Safari, Firefox and Network) to see if you have some kind of strange setting there?
What kind of strange settings would cause this to happen?

I am also experiencing this issue and so far Google searches (which must be done by copying and pasting the URL into another tab, else clicking the link takes me to some random location) have yielding nothing useful. The only suggestions I can find are either PC-specific or involve resetting cache/cookies... which helps for about two searches, and then it all starts over again.

Once I am able to reach a site (like this one) once, I don't seem to have the same problem again.
Attached Thumbnails
Click image for larger version

Name:	1_GoogleSearch.png
Views:	308
Size:	162.7 KB
ID:	229306   Click image for larger version

Name:	2_ClickURL.png
Views:	207
Size:	41.4 KB
ID:	229307   Click image for larger version

Name:	3_ClickResults.png
Views:	257
Size:	130.8 KB
ID:	229308  

holligula is offline   0 Reply With Quote
Old Jun 6, 2010, 09:27 PM   #8
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by holligula View Post
Once I am able to reach a site (like this one) once, I don't seem to have the same problem again.
Go to System Preferences > Network > yournetwork > Advanced > DNS
Post a screen shot of the settings you have there.
GGJstudios is offline   0 Reply With Quote
Old Jun 7, 2010, 08:46 AM   #9
Detektiv-Pinky
macrumors 6502a
 
Detektiv-Pinky's Avatar
 
Join Date: Feb 2006
Location: Berlin, Germany
Quote:
Originally Posted by isaiah909 View Post
okay i have a macbook but i go on safari or mozilla fire both have same issue i go on google and search then click on a link and it redirects me to unrelated websites i think its a virus because i tried reseting safari and emptying cache on both browsers and still same

other information
in address bar says stulus.com(extra stuff)
then shows what looks like ip adresses and on the page it is a blank white screen except for a continue button in top left corner after a few seconds it sends me back to google.com
You might have caught the OSX.RSPlug.A trojan.
Look for instructions how to detect and remove here
__________________
Anecdotal evidence is an oxymoron!

Last edited by Mitthrawnuruodo; Jun 7, 2010 at 09:22 AM. Reason: Removed reference to deleted post.
Detektiv-Pinky is offline   0 Reply With Quote
Old Jun 7, 2010, 09:36 AM   #10
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by Detektiv-Pinky View Post
You might have caught the OSX.RSPlug.A trojan.
Before going through the process of trying to detect and remove the trojan, the OP can simply remember if they did the activity required to get it in the first place. You don't "catch" a trojan. You actively install it:
Quote:
Your machine could be infected if you’ve recently gone looking for some, um, less-than-flattering pictures of Britney Spears. Thinking you’ve found what you’re looking for, you click a video to watch it, only to see a message stating that your machine lacks the necessary codec. A disk image will then start downloading, and (depending on the settings on your machine) may then mount and launch an installer which asks for your admin password.
The only way to get this malware on your computer is to download and install it, and enter in your administrator password.
GGJstudios is offline   0 Reply With Quote
Old Jun 7, 2010, 02:59 PM   #11
AL2TEACH
macrumors regular
 
Join Date: Feb 2007
Location: Denver, CO.
http://www.dnschanger.com/
__________________
24' iMac Intel Core 2 Duo 2.8 GHz GeForce 8800 GS
AL2TEACH is offline   0 Reply With Quote
Old Jun 7, 2010, 03:25 PM   #12
R.R.Mac
macrumors regular
 
Join Date: Sep 2006
Location: Guildford, England
Sounds like a change in DNS information, pharming...
__________________
Don't argue with idiots. They will lower you to their level, then beat you with experience!
R.R.Mac is offline   0 Reply With Quote
Old Jun 7, 2010, 03:34 PM   #13
Detektiv-Pinky
macrumors 6502a
 
Detektiv-Pinky's Avatar
 
Join Date: Feb 2006
Location: Berlin, Germany
Quote:
Originally Posted by GGJstudios View Post
Before going through the process of trying to detect and remove the trojan, the OP can simply remember if they did the activity required to get it in the first place. You don't "catch" a trojan. You actively install it:

The only way to get this malware on your computer is to download and install it, and enter in your administrator password.
Hhm, this forum is getting annoying.
I sure hope that this post sticks even if GGJstudios continues to remove posts.

Yes, there are no viruses for OSX, however there is some dangerous Malware about, it is unfortunately not labeled as MALWARE - DO NOT INSTALL.

People install all kind of software and tools. A trojan is malware that is posing as some innocent program, but does something altogether different. I seriously doubt that the OP consciously knows what program has lead to this infestation.

The constant reiteration that this is no virus entirely misses the point. There is malware around and it finds its way on peoples computer. A breach is a breach. It does not matter how, if you bribed the porter or dug a tunnel to break into the bank - once the money it's gone, it's gone...
__________________
Anecdotal evidence is an oxymoron!
Detektiv-Pinky is offline   0 Reply With Quote
Old Jun 7, 2010, 03:39 PM   #14
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by Detektiv-Pinky View Post
Hhm, this forum is getting annoying.
I sure hope that this post sticks even if GGJstudios continues to remove posts.
I didn't remove posts. The moderators did.
Quote:
Originally Posted by Detektiv-Pinky View Post
I seriously doubt that the OP consciously knows what program has lead to this infestation.
The quote that stated how the trojan is found and installed came from the link you posted. It's from installing a "codec" from a porn site. Surely, the OP would remember that.
Quote:
Originally Posted by Detektiv-Pinky View Post
The constant reiteration that this is no virus entirely misses the point.
It doesn't miss the point. There is a significant difference between a virus, which can propagate itself without user intervention, and a trojan, which can be avoided with some common sense and care on the part of the user. It is misleading to claim that this is a virus.
GGJstudios is offline   0 Reply With Quote
Old Jun 7, 2010, 04:08 PM   #15
Detektiv-Pinky
macrumors 6502a
 
Detektiv-Pinky's Avatar
 
Join Date: Feb 2006
Location: Berlin, Germany
Quote:
Originally Posted by GGJstudios View Post
I didn't remove posts. The moderators did.
Oh, sorry. It still is irritating...


Quote:
Originally Posted by GGJstudios View Post
The quote that stated how the trojan is found and installed came from the link you posted. It's from installing a "codec" from a porn site. Surely, the OP would remember that.
We both don't know if this is the only way of propagation. The article is from 2007. There might be other release vectors by now...
Some might be pirated software, but there was some recent talk about infested screensavers and the like on MacUpdate...

Quote:
Originally Posted by GGJstudios View Post
It doesn't miss the point. There is a significant difference between a virus, which can propagate itself without user intervention, and a trojan, which can be avoided with some common sense and care on the part of the user. It is misleading to claim that this is a virus.
I never claimed that this is a virus, but I seriously doubt that common sense is enough to keep your computer malware free.
__________________
Anecdotal evidence is an oxymoron!
Detektiv-Pinky is offline   0 Reply With Quote
Old Jun 7, 2010, 04:10 PM   #16
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by Detektiv-Pinky View Post
I never claimed that this is a virus, but I seriously doubt that common sense is enough to keep your computer malware free.
Well, I've been running over 2 years with no AV protection, online more than 14 hours a day, 6-7 days a week, and I've never had one instance of malware appear on my Mac. The same experience is shared by millions of Mac users.
GGJstudios is offline   0 Reply With Quote
Old Jun 7, 2010, 04:20 PM   #17
Detektiv-Pinky
macrumors 6502a
 
Detektiv-Pinky's Avatar
 
Join Date: Feb 2006
Location: Berlin, Germany
Quote:
Originally Posted by GGJstudios View Post
Well, I've been running over 2 years with no AV protection, online more than 14 hours a day, 6-7 days a week, and I've never had one instance of malware appear on my Mac. The same experience is shared by millions of Mac users.
One question for the sake of the argument:

How do you know?
__________________
Anecdotal evidence is an oxymoron!
Detektiv-Pinky is offline   0 Reply With Quote
Old Jun 7, 2010, 04:21 PM   #18
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by Detektiv-Pinky View Post
One question for the sake of the argument:

How do you know?
How does anyone know?
GGJstudios is offline   0 Reply With Quote
Old Jun 7, 2010, 04:24 PM   #19
Detektiv-Pinky
macrumors 6502a
 
Detektiv-Pinky's Avatar
 
Join Date: Feb 2006
Location: Berlin, Germany
Quote:
Originally Posted by GGJstudios View Post
How does anyone know?
Thank you
__________________
Anecdotal evidence is an oxymoron!
Detektiv-Pinky is offline   0 Reply With Quote
Old Jun 7, 2010, 04:26 PM   #20
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by Detektiv-Pinky View Post
Thank you
Your welcome (for whatever that was), but my point is, I installed AV, ran a scan with zero threats found, then removed the AV.
GGJstudios is offline   0 Reply With Quote
Old Jun 8, 2010, 12:35 AM   #21
holligula
macrumors newbie
 
Join Date: Jun 2010
But enough about you...

Okay, back to me.

Quote:
Go to System Preferences > Network > yournetwork > Advanced > DNS
Post a screen shot of the settings you have there.
Pretty benign my-own-router-thingie kind of stuff. That's a big dead end.

Oh, and I'm getting this Malware alert lately too. This showed up on Amazon yesterday and this site when I went to reply to the thread just now.

Also, for the record, I'm not downloading and/or installing porn on my Mac.
Attached Thumbnails
Click image for larger version

Name:	dnsSettings.png
Views:	91
Size:	43.3 KB
ID:	229513   Click image for larger version

Name:	Malware.png
Views:	84
Size:	48.3 KB
ID:	229514  
holligula is offline   0 Reply With Quote
Old Jun 8, 2010, 02:32 AM   #22
Detektiv-Pinky
macrumors 6502a
 
Detektiv-Pinky's Avatar
 
Join Date: Feb 2006
Location: Berlin, Germany
Quote:
Originally Posted by holligula View Post
Okay, back to me.

Pretty benign my-own-router-thingie kind of stuff. That's a big dead end.

Oh, and I'm getting this Malware alert lately too. This showed up on Amazon yesterday and this site when I went to reply to the thread just now.

Also, for the record, I'm not downloading and/or installing porn on my Mac.
Could have somebody hacked into your Router/Network?

Do an arp -an in Terminal. You see the IP Address of your router and the corresponding MAC address. Do you have other entries showing up? Is anyone showing the same MAC address as the router? Are there unaccounted entries?
Do you also have other Windows/Linux machines in your network?

Do you have a non-standard password on the router? What type is it? Did you update the router-firmware recently? Can you factory reset the router?

Do you run WPA-2 encryption on your wireless network, do you have set a strong password?

Many questions...
__________________
Anecdotal evidence is an oxymoron!
Detektiv-Pinky is offline   0 Reply With Quote
Old Jun 8, 2010, 11:34 AM   #23
shaynaleahy
macrumors newbie
 
Join Date: Oct 2008
Google redirect

I'm also having this issue. It started yesterday, and I also checked my network settings and tried the DNS Changer removal tool posted above. I do not remember having installed ANYTHING in the last few days.

I do have a wireless router, but my iPhone shares that connection and is not having any redirect issues.

Any further suggestions would be greatly appreciated! This is hugely annoying.

Thanks,
Shayna
shaynaleahy is offline   0 Reply With Quote
Old Jun 9, 2010, 04:48 PM   #24
Slux
macrumors member
 
Join Date: Apr 2010
"Me too" - I also have this problem. I posted a separate thread as I was not certain that it was the same issue described here:

http://forums.macrumors.com/showthread.php?t=932303

It doesn't seem to be happening for me anymore, at least for now. I don't trust it though.
__________________
15" Macbook Pro i7 2.66 GHz, 4 GB RAM, 500 GB 7200 RPM HDD, Glossy Hi-Res
15" Powerbook G4 1.6 GHz, 1 GB RAM, 80 GB HDD
16 GB iPhone 3GS, 20 GB iPod 4th Gen
Slux is offline   0 Reply With Quote
Old Jun 17, 2010, 01:57 AM   #25
cxdogx07
macrumors newbie
 
Join Date: Jun 2010
Quick Fix?

I was having the same problem with google. I deleted all my cookies, changed the settings to never allow, and calibrated my firewall settings. No more problems so far so this may be a quick fix for some. Hope it helps.

PS: cookies with a "com" extension are advertiser websites that google redirects to.

Ignore the quick fix....problem came back!!!!

Is anyone else with this problem getting redirected to wellaction and google-search-analytics as well? I am and I'm thinking it's not my Mac that's the problem it's a sorry *** router Time to check DNS update if I figure it out. (Heard a rumor about a new router virus called the chuck norris virus that changes DNS Servers)

Last edited by cxdogx07; Jun 17, 2010 at 02:27 AM. Reason: Quick Fix doesn't last :(
cxdogx07 is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Applications > Mac Applications and Mac App Store

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
I think my mac as a virus PLEASE HELP houssein31 Mac Applications and Mac App Store 4 Mar 15, 2014 12:14 PM
The First Mac Virus? What do you think? Traverse OS X 10.8 Mountain Lion 6 Jun 4, 2013 05:02 PM
My homepage keeps redirecting to Google Pakistan kiddk1 OS X 10.8 Mountain Lion 16 Mar 23, 2013 07:57 PM
So my Mac just got a virus... Oral B OS X 4 Mar 10, 2013 06:25 AM
Virus on my Mac statesmire Mac Basics and Help 9 Nov 27, 2012 02:38 PM

Forum Jump

All times are GMT -5. The time now is 07:31 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC