Mac spyware/adware/malware problem

Discussion in 'Mac Apps and Mac App Store' started by Gee, Aug 26, 2004.

  1. Gee macrumors 65816

    Joined:
    Feb 27, 2004
    Location:
    London, UK
    #1
    OK, I've read loads of other posts where people say there's pretty much no adware/spyware/malware in existence that targets Macs, but just lately, Safari has started doing a strange thing - when I try to open some sites, sites I've been to before and I'm sure exist, I get redirected straight to UltimateSearch.com.

    Could this be some malignant little program somewhere doing this? It's kinda annoying,

    Anyone else have this? Also, can anyone recommend a spyware remover, appart from the POS that Aladdin make?

    Cheers
    G
     
  2. edesignuk Moderator emeritus

    edesignuk

    Joined:
    Mar 25, 2002
    Location:
    London, England
    #2
    Have a look at see if there are any rogue entries in /private/etc/hosts
     
  3. jsw Moderator emeritus

    jsw

    Joined:
    Mar 16, 2004
    Location:
    Andover, MA
    #3
    What are some of the sites... just curious if it happens for others, or if it's isolated to you.
     
  4. Gee thread starter macrumors 65816

    Joined:
    Feb 27, 2004
    Location:
    London, UK
    #4
    Errr. How do I do that then?

    Cheers
     
  5. jsw Moderator emeritus

    jsw

    Joined:
    Mar 16, 2004
    Location:
    Andover, MA
    #5
    No real need to go to /private/etc - that requires root access. Easiest thing is to open up Applications->Utilities->Terminal, and type:
    Code:
    cat /etc/hosts
    and hit 'return'.

    Should look something like:
    Code:
    ##
    # Host Database
    #
    # localhost is used to configure the loopback interface
    # when the system is booting.  Do not change this entry.
    ##
    127.0.0.1       localhost
    255.255.255.255 broadcasthost
    ::1             localhost 
    
    Shouldn't have any weird addresses in it.
     
  6. musicpyrite macrumors 68000

    musicpyrite

    Joined:
    Jan 6, 2004
    Location:
    Cape Cod
    #6
    uhhh, is it bad when I have something that looks like so:
    Code:
    
    #Temp TKA
    24.104.25.103 temptka
    I know that is the code used to get to MTKA, but I'm thinking I edited the wrong file....

    I didn't do it!!! *runs to bomb shelter*
    :D
     
  7. Xapplimatic macrumors 6502

    Xapplimatic

    Joined:
    Oct 23, 2001
    Location:
    California
    #7
    Other weird redirects / site hijackings... Apple.com?

    Well, something really weird happened to me the other day.. I was on a Window's machine at a customer's house (installing broadband) and I hit up Apple.com and it went straight to a site that had a picture of like a rotting apple-core and dead cow parts? I thought... is this a joke? Has Apple.com been hacked and hijacked (some kind of anti-Apple statement with the rotting apple and dead cattle parts)? What is this? It even had the usual characteristic tabs across the top of the page like it was Apple.com... So in disbelief, I looked at the history and surely I had typed it right.. A reload brought up the normal page for Apple.com with the Motion promo... weird!
     
  8. gekko513 macrumors 603

    gekko513

    Joined:
    Oct 16, 2003
    #8
    Sounds more like a DNS problem to me. That is, the problem is not at your end.
     
  9. Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #9
    It's in the right place, although I don't believe it's needed anymore for the new tracker.
     
  10. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #10
    This could be an issue with DNS or temporarily unreachable networks.

    In many cases Safari will attempt adding a .com suffix and www. prefix if an address can't be resolved or reached. The exact behavior depends on the Safari version, the latest Panther interations seem to know enough not too attempt this trick on addresses that already contain dots while older ones were more persistent.

    Things you can try:

    Empty Safari's cache just to make sure there's no corrupt junk in there. You might also want to hit the cookies, but make sure you remember your saved passwords for places like here =)

    From terminal, try lookupd -flushcache (might have to prefix with sudo to have an effect?) to clean out any stupid locally cached DNS entries.

    Get into the habit of typing URLs in full. Use "http://foo.com" instead of "foo" and use bookmarks instead of relying on the autocompletion.
     
  11. darrion macrumors newbie

    Joined:
    Aug 26, 2004
    #11

    I've seen that page as well, although it only happened once and it was on a windows machine. thought it was just me or a freak occurrance or something.
     

Share This Page