Mac google redirecting virus

[isaiah909]

okay i have a macbook but i go on safari or mozilla fire both have same issue i go on google and search then click on a link and it redirects me to unrelated websites i think its a virus because i tried reseting safari and emptying cache on both browsers and still same

other information
in address bar says stulus.com(extra stuff)
then shows what looks like ip adresses and on the page it is a blank white screen except for a continue button in top left corner after a few seconds it sends me back to google.com

[spinnerlys]

Then that is the first Mac OS X virus you have encountered. Because, currently there are no viruses publicly circulating for Mac OS X.

Have you taken a look at your Preferences (Safari, Firefox and Network) to see if you have some kind of strange setting there?

Can you post a screenshot of what you see?
What Mac OS X version do you use, what Safari and what Firefox version do you use and what specific network settings and set up do you have?

Have you installed anything lately, shortly before that problem started occurring?

Stulus.com seems to be some kind of search engine with lots and lots of ads on it.



Even though some might get annoyed of reading this, the thread title guy strikes again:


A more descriptive and precise thread title will help cater to the right audience and get you more responses.
To edit your thread title, just click on the button on the bottom right of your original post and then click the "Go Advanced" button below your message.


Have you also taken a look at , since that question may have been asked several times?

Example: Get re-directed to another site from Google search results in Safari and Firefox

[JediMeister]

You should also check your Network preferences and go to Advanced in the lower right. Under the DNS tab, see if there are any black/bold entries under DNS Servers. If there are gray ones, leave those there, those are ones your modem/router are providing to your computer. Black ones were either added by someone else with access to the system or by some software you may have installed.

[javacool]

Quote:

Originally Posted by isaiah909

okay i have a macbook but i go on safari or mozilla fire both have same issue i go on google and search then click on a link and it redirects me to unrelated websites i think its a virus because i tried reseting safari and emptying cache on both browsers and still same

JediMeister's suggestion above (checking your DNS server settings) is important, as incorrect settings could indeed be the cause of what you're seeing.

Additionally, here are two other potential causes:

1.) An infection of the *site you're trying to visit* from the Google search results (i.e. not your computer).

Particularly, there have been a rash of compromises of online forum software recently, and those hacked sites redirect users the first time they arrive there from Google or other search engines.

If this is the case, there's nothing you can do except contact the owners of the sites you were trying to visit.

An Easy Way to Tell:
Does this happen on every single Google search result you click on? Or just certain sites?
If you're getting the redirect on every single Google search result, this is likely not the cause.

2.) An incorrectly-modified "HOSTS" file.

The HOSTS file maps domain names to IP addresses (the actual address of a server). If incorrect data is present, it could be redirecting your access of www.google.com from Google's servers to a "copycat" server that gives real-looking but fake results (which have the redirect).

An Easy Way to Tell:

1. Open a Finder window.
2. Under the "Go" menu, select "Go to Folder...".
3. When prompted, type "/etc" (without the quotes). Click OK.
4. Find the "hosts" file by name.
5. Copy the "hosts" file to another folder (your Desktop is fine), to ensure you don't accidentally make any modifications.
6. Double-click the "hosts" file, and it should open in TextEdit.
7. Verify it does not contain any entries for "google.com" or other search engines. (It will normally have some "localhost" entries - those are fine.)

[GGJstudios]

Quote:

Originally Posted by isaiah909

i think its a virus

It's NOT a virus!

Mac Virus/Malware Info

[Gregg2]

If you have a Mac and a virus, the cure is bed rest.
Antibiotics don't work on viruses.

[holligula]

Quote:

Have you taken a look at your Preferences (Safari, Firefox and Network) to see if you have some kind of strange setting there?

What kind of strange settings would cause this to happen?

I am also experiencing this issue and so far Google searches (which must be done by copying and pasting the URL into another tab, else clicking the link takes me to some random location) have yielding nothing useful. The only suggestions I can find are either PC-specific or involve resetting cache/cookies... which helps for about two searches, and then it all starts over again.

Once I am able to reach a site (like this one) once, I don't seem to have the same problem again.

[GGJstudios]

Quote:

Originally Posted by holligula

Once I am able to reach a site (like this one) once, I don't seem to have the same problem again.

Go to System Preferences > Network > yournetwork > Advanced > DNS
Post a screen shot of the settings you have there.

[Detektiv-Pinky]

Quote:

Originally Posted by isaiah909

okay i have a macbook but i go on safari or mozilla fire both have same issue i go on google and search then click on a link and it redirects me to unrelated websites i think its a virus because i tried reseting safari and emptying cache on both browsers and still same

other information
in address bar says stulus.com(extra stuff)
then shows what looks like ip adresses and on the page it is a blank white screen except for a continue button in top left corner after a few seconds it sends me back to google.com

You might have caught the OSX.RSPlug.A trojan.
Look for instructions how to detect and remove here

[GGJstudios]

Quote:

Originally Posted by Detektiv-Pinky

You might have caught the OSX.RSPlug.A trojan.

Before going through the process of trying to detect and remove the trojan, the OP can simply remember if they did the activity required to get it in the first place. You don't "catch" a trojan. You actively install it:

Quote:

Your machine could be infected if you’ve recently gone looking for some, um, less-than-flattering pictures of Britney Spears. Thinking you’ve found what you’re looking for, you click a video to watch it, only to see a message stating that your machine lacks the necessary codec. A disk image will then start downloading, and (depending on the settings on your machine) may then mount and launch an installer which asks for your admin password.

The only way to get this malware on your computer is to download and install it, and enter in your administrator password.

[AL2TEACH]

http://www.dnschanger.com/

[R.R.Mac]

Sounds like a change in DNS information, pharming...

[Detektiv-Pinky]

Quote:

Originally Posted by GGJstudios

Before going through the process of trying to detect and remove the trojan, the OP can simply remember if they did the activity required to get it in the first place. You don't "catch" a trojan. You actively install it:

The only way to get this malware on your computer is to download and install it, and enter in your administrator password.

Hhm, this forum is getting annoying.
I sure hope that this post sticks even if GGJstudios continues to remove posts.

Yes, there are no viruses for OSX, however there is some dangerous Malware about, it is unfortunately not labeled as MALWARE - DO NOT INSTALL.

People install all kind of software and tools. A trojan is malware that is posing as some innocent program, but does something altogether different. I seriously doubt that the OP consciously knows what program has lead to this infestation.

The constant reiteration that this is no virus entirely misses the point. There is malware around and it finds its way on peoples computer. A breach is a breach. It does not matter how, if you bribed the porter or dug a tunnel to break into the bank - once the money it's gone, it's gone...

[GGJstudios]

Quote:

Originally Posted by Detektiv-Pinky

Hhm, this forum is getting annoying.
I sure hope that this post sticks even if GGJstudios continues to remove posts.

I didn't remove posts. The moderators did.

Quote:

Originally Posted by Detektiv-Pinky

I seriously doubt that the OP consciously knows what program has lead to this infestation.

The quote that stated how the trojan is found and installed came from the link you posted. It's from installing a "codec" from a porn site. Surely, the OP would remember that.

Quote:

Originally Posted by Detektiv-Pinky

The constant reiteration that this is no virus entirely misses the point.

It doesn't miss the point. There is a significant difference between a virus, which can propagate itself without user intervention, and a trojan, which can be avoided with some common sense and care on the part of the user. It is misleading to claim that this is a virus.

[Detektiv-Pinky]

Quote:

Originally Posted by GGJstudios

I didn't remove posts. The moderators did.

Oh, sorry. It still is irritating...

Quote:

Originally Posted by GGJstudios

The quote that stated how the trojan is found and installed came from the link you posted. It's from installing a "codec" from a porn site. Surely, the OP would remember that.

We both don't know if this is the only way of propagation. The article is from 2007. There might be other release vectors by now...
Some might be pirated software, but there was some recent talk about infested screensavers and the like on MacUpdate...

Quote:

Originally Posted by GGJstudios

It doesn't miss the point. There is a significant difference between a virus, which can propagate itself without user intervention, and a trojan, which can be avoided with some common sense and care on the part of the user. It is misleading to claim that this is a virus.

I never claimed that this is a virus, but I seriously doubt that common sense is enough to keep your computer malware free.

[GGJstudios]

Quote:

Originally Posted by Detektiv-Pinky

I never claimed that this is a virus, but I seriously doubt that common sense is enough to keep your computer malware free.

Well, I've been running over 2 years with no AV protection, online more than 14 hours a day, 6-7 days a week, and I've never had one instance of malware appear on my Mac. The same experience is shared by millions of Mac users.

[Detektiv-Pinky]

Quote:

Originally Posted by GGJstudios

Well, I've been running over 2 years with no AV protection, online more than 14 hours a day, 6-7 days a week, and I've never had one instance of malware appear on my Mac. The same experience is shared by millions of Mac users.

One question for the sake of the argument:

How do you know?

[GGJstudios]

Quote:

Originally Posted by Detektiv-Pinky

One question for the sake of the argument:

How do you know?

How does anyone know?

[Detektiv-Pinky]

Quote:

Originally Posted by GGJstudios

How does anyone know?

Thank you

[GGJstudios]

Quote:

Originally Posted by Detektiv-Pinky

Thank you

Your welcome (for whatever that was), but my point is, I installed AV, ran a scan with zero threats found, then removed the AV.

[holligula]

Okay, back to me.

Quote:

Go to System Preferences > Network > yournetwork > Advanced > DNS
Post a screen shot of the settings you have there.

Pretty benign my-own-router-thingie kind of stuff. That's a big dead end.

Oh, and I'm getting this Malware alert lately too. This showed up on Amazon yesterday and this site when I went to reply to the thread just now.

Also, for the record, I'm not downloading and/or installing porn on my Mac.

[Detektiv-Pinky]

Quote:

Originally Posted by holligula

Okay, back to me.

Pretty benign my-own-router-thingie kind of stuff. That's a big dead end.

Oh, and I'm getting this Malware alert lately too. This showed up on Amazon yesterday and this site when I went to reply to the thread just now.

Also, for the record, I'm not downloading and/or installing porn on my Mac.

Could have somebody hacked into your Router/Network?

Do an arp -an in Terminal. You see the IP Address of your router and the corresponding MAC address. Do you have other entries showing up? Is anyone showing the same MAC address as the router? Are there unaccounted entries?
Do you also have other Windows/Linux machines in your network?

Do you have a non-standard password on the router? What type is it? Did you update the router-firmware recently? Can you factory reset the router?

Do you run WPA-2 encryption on your wireless network, do you have set a strong password?

Many questions...

[shaynaleahy]

I'm also having this issue. It started yesterday, and I also checked my network settings and tried the DNS Changer removal tool posted above. I do not remember having installed ANYTHING in the last few days.

I do have a wireless router, but my iPhone shares that connection and is not having any redirect issues.

Any further suggestions would be greatly appreciated! This is hugely annoying.

Thanks,
Shayna

[Slux]

"Me too" - I also have this problem. I posted a separate thread as I was not certain that it was the same issue described here:

http://forums.macrumors.com/showthread.php?t=932303

It doesn't seem to be happening for me anymore, at least for now. I don't trust it though.

[cxdogx07]

I was having the same problem with google. I deleted all my cookies, changed the settings to never allow, and calibrated my firewall settings. No more problems so far so this may be a quick fix for some. Hope it helps.

PS: cookies with a "com" extension are advertiser websites that google redirects to.

Ignore the quick fix....problem came back!!!!

Is anyone else with this problem getting redirected to wellaction and google-search-analytics as well? I am and I'm thinking it's not my Mac that's the problem it's a sorry *** router Time to check DNS update if I figure it out. (Heard a rumor about a new router virus called the chuck norris virus that changes DNS Servers)