Mac google redirecting virus

Discussion in 'Mac Applications and Mac App Store' started by isaiah909, Jun 5, 2010.

  1. macrumors newbie

    Joined:
    Jun 5, 2010
    Location:
    canada
    #1
    okay i have a macbook but i go on safari or mozilla fire both have same issue i go on google and search then click on a link and it redirects me to unrelated websites i think its a virus because i tried reseting safari and emptying cache on both browsers and still same

    other information
    in address bar says stulus.com(extra stuff)
    then shows what looks like ip adresses and on the page it is a blank white screen except for a continue button in top left corner after a few seconds it sends me back to google.com
     
  2. Guest

    spinnerlys

    Joined:
    Sep 7, 2008
    Location:
    forlod bygningen
    #2
    Then that is the first Mac OS X virus you have encountered. Because, currently there are no viruses publicly circulating for Mac OS X.

    Have you taken a look at your Preferences (Safari, Firefox and Network) to see if you have some kind of strange setting there?

    Can you post a screenshot of what you see?
    What Mac OS X version do you use, what Safari and what Firefox version do you use and what specific network settings and set up do you have?

    Have you installed anything lately, shortly before that problem started occurring?

    Stulus.com seems to be some kind of search engine with lots and lots of ads on it.



    Even though some might get annoyed of reading this, the thread title guy strikes again:


    A more descriptive and precise thread title will help cater to the right audience and get you more responses.
    To edit your thread title, just click on the [​IMG] button on the bottom right of your original post and then click the "Go Advanced" button below your message.


    Have you also taken a look at [​IMG], since that question may have been asked several times?


    Example: Get re-directed to another site from Google search results in Safari and Firefox
     
  3. macrumors 68040

    Joined:
    Oct 9, 2008
    #3
    You should also check your Network preferences and go to Advanced in the lower right. Under the DNS tab, see if there are any black/bold entries under DNS Servers. If there are gray ones, leave those there, those are ones your modem/router are providing to your computer. Black ones were either added by someone else with access to the system or by some software you may have installed.
     
  4. macrumors newbie

    Joined:
    Jun 4, 2010
    #4
    JediMeister's suggestion above (checking your DNS server settings) is important, as incorrect settings could indeed be the cause of what you're seeing.

    Additionally, here are two other potential causes:

    1.) An infection of the *site you're trying to visit* from the Google search results (i.e. not your computer).

    Particularly, there have been a rash of compromises of online forum software recently, and those hacked sites redirect users the first time they arrive there from Google or other search engines.

    If this is the case, there's nothing you can do except contact the owners of the sites you were trying to visit.

    An Easy Way to Tell:
    Does this happen on every single Google search result you click on? Or just certain sites?
    If you're getting the redirect on every single Google search result, this is likely not the cause.​

    2.) An incorrectly-modified "HOSTS" file.

    The HOSTS file maps domain names to IP addresses (the actual address of a server). If incorrect data is present, it could be redirecting your access of www.google.com from Google's servers to a "copycat" server that gives real-looking but fake results (which have the redirect).

    An Easy Way to Tell:
    1. Open a Finder window.
    2. Under the "Go" menu, select "Go to Folder...".
    3. When prompted, type "/etc" (without the quotes). Click OK.
    4. Find the "hosts" file by name.
    5. Copy the "hosts" file to another folder (your Desktop is fine), to ensure you don't accidentally make any modifications.
    6. Double-click the "hosts" file, and it should open in TextEdit.
    7. Verify it does not contain any entries for "google.com" or other search engines. (It will normally have some "localhost" entries - those are fine.)
     
  5. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #5
  6. macrumors 601

    Joined:
    May 22, 2008
    Location:
    Milwaukee, WI
    #6
    If you have a Mac and a virus, the cure is bed rest.
    Antibiotics don't work on viruses. ;)
     
  7. macrumors newbie

    Joined:
    Jun 6, 2010
    #7
    whatever you call it, it's annoying

    What kind of strange settings would cause this to happen?

    I am also experiencing this issue and so far Google searches (which must be done by copying and pasting the URL into another tab, else clicking the link takes me to some random location) have yielding nothing useful. The only suggestions I can find are either PC-specific or involve resetting cache/cookies... which helps for about two searches, and then it all starts over again.

    Once I am able to reach a site (like this one) once, I don't seem to have the same problem again.
     

    Attached Files:

  8. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #8
    Go to System Preferences > Network > yournetwork > Advanced > DNS
    Post a screen shot of the settings you have there.
     
  9. macrumors 6502a

    Detektiv-Pinky

    Joined:
    Feb 25, 2006
    Location:
    Berlin, Germany
    #9
    You might have caught the OSX.RSPlug.A trojan.
    Look for instructions how to detect and remove here
     
  10. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #10
    Before going through the process of trying to detect and remove the trojan, the OP can simply remember if they did the activity required to get it in the first place. You don't "catch" a trojan. You actively install it:
    The only way to get this malware on your computer is to download and install it, and enter in your administrator password.
     
  11. macrumors regular

    Joined:
    Feb 17, 2007
    Location:
    Denver, CO.
  12. macrumors regular

    R.R.Mac

    Joined:
    Sep 16, 2006
    Location:
    Guildford, England
    #12
    Sounds like a change in DNS information, pharming...
     
  13. macrumors 6502a

    Detektiv-Pinky

    Joined:
    Feb 25, 2006
    Location:
    Berlin, Germany
    #13
    Hhm, this forum is getting annoying.
    I sure hope that this post sticks even if GGJstudios continues to remove posts.

    Yes, there are no viruses for OSX, however there is some dangerous Malware about, it is unfortunately not labeled as MALWARE - DO NOT INSTALL.

    People install all kind of software and tools. A trojan is malware that is posing as some innocent program, but does something altogether different. I seriously doubt that the OP consciously knows what program has lead to this infestation.

    The constant reiteration that this is no virus entirely misses the point. There is malware around and it finds its way on peoples computer. A breach is a breach. It does not matter how, if you bribed the porter or dug a tunnel to break into the bank - once the money it's gone, it's gone...
     
  14. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #14
    I didn't remove posts. The moderators did.
    The quote that stated how the trojan is found and installed came from the link you posted. It's from installing a "codec" from a porn site. Surely, the OP would remember that.
    It doesn't miss the point. There is a significant difference between a virus, which can propagate itself without user intervention, and a trojan, which can be avoided with some common sense and care on the part of the user. It is misleading to claim that this is a virus.
     
  15. macrumors 6502a

    Detektiv-Pinky

    Joined:
    Feb 25, 2006
    Location:
    Berlin, Germany
    #15
    Oh, sorry. It still is irritating...


    We both don't know if this is the only way of propagation. The article is from 2007. There might be other release vectors by now...
    Some might be pirated software, but there was some recent talk about infested screensavers and the like on MacUpdate...

    I never claimed that this is a virus, but I seriously doubt that common sense is enough to keep your computer malware free.
     
  16. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #16
    Well, I've been running over 2 years with no AV protection, online more than 14 hours a day, 6-7 days a week, and I've never had one instance of malware appear on my Mac. The same experience is shared by millions of Mac users.
     
  17. macrumors 6502a

    Detektiv-Pinky

    Joined:
    Feb 25, 2006
    Location:
    Berlin, Germany
    #17
    One question for the sake of the argument: ;)

    How do you know?
     
  18. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #18
    How does anyone know?
     
  19. macrumors 6502a

    Detektiv-Pinky

    Joined:
    Feb 25, 2006
    Location:
    Berlin, Germany
    #19
    Thank you :)
     
  20. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #20
    Your welcome (for whatever that was), but my point is, I installed AV, ran a scan with zero threats found, then removed the AV.
     
  21. macrumors newbie

    Joined:
    Jun 6, 2010
    #21
    But enough about you...

    Okay, back to me.

    Pretty benign my-own-router-thingie kind of stuff. That's a big dead end.

    Oh, and I'm getting this Malware alert lately too. This showed up on Amazon yesterday and this site when I went to reply to the thread just now.

    Also, for the record, I'm not downloading and/or installing porn on my Mac.
     

    Attached Files:

  22. macrumors 6502a

    Detektiv-Pinky

    Joined:
    Feb 25, 2006
    Location:
    Berlin, Germany
    #22
    Could have somebody hacked into your Router/Network?

    Do an arp -an in Terminal. You see the IP Address of your router and the corresponding MAC address. Do you have other entries showing up? Is anyone showing the same MAC address as the router? Are there unaccounted entries?
    Do you also have other Windows/Linux machines in your network?

    Do you have a non-standard password on the router? What type is it? Did you update the router-firmware recently? Can you factory reset the router?

    Do you run WPA-2 encryption on your wireless network, do you have set a strong password?

    Many questions...
     
  23. macrumors newbie

    Joined:
    Oct 17, 2008
    #23
    Google redirect

    I'm also having this issue. It started yesterday, and I also checked my network settings and tried the DNS Changer removal tool posted above. I do not remember having installed ANYTHING in the last few days.

    I do have a wireless router, but my iPhone shares that connection and is not having any redirect issues.

    Any further suggestions would be greatly appreciated! This is hugely annoying. :(

    Thanks,
    Shayna
     
  24. macrumors member

    Slux

    Joined:
    Apr 27, 2010
    #24
    "Me too" - I also have this problem. I posted a separate thread as I was not certain that it was the same issue described here:

    http://forums.macrumors.com/showthread.php?t=932303

    It doesn't seem to be happening for me anymore, at least for now. I don't trust it though.
     
  25. macrumors newbie

    Joined:
    Jun 16, 2010
    #25
    Quick Fix?

    I was having the same problem with google. I deleted all my cookies, changed the settings to never allow, and calibrated my firewall settings. No more problems so far so this may be a quick fix for some. Hope it helps.

    PS: cookies with a "com" extension are advertiser websites that google redirects to.

    Ignore the quick fix....problem came back!!!!

    Is anyone else with this problem getting redirected to wellaction and google-search-analytics as well? I am and I'm thinking it's not my Mac that's the problem it's a sorry *** router :( Time to check DNS update if I figure it out. (Heard a rumor about a new router virus called the chuck norris virus that changes DNS Servers)
     

Share This Page