Hi,
Earlier this evening I noticed that Facebook on my macbook pro began redirecting to an unknown internet advertising site. I fixed this by rebooting the machine, but then noticed that YouTube was redirecting me to another unknown site.
Needless to say my suspicions were aroused. Trying the same sites on my PC showed no problems. Bad news.
I've done some searching around the net and these forums, and apparently there is such a thing as a DNS redirecting trojan which causes behaviour similar to what I am seeing.
However, I have run the Clamxav scan, and followed other directions available on the net for detecting this trojan and it has come up clean.
I checked my /etc/hosts file, and found the following:
That last entry looks odd to me, is it normal?
Anyway, I removed it and for the last hour have not noticed any strange behaviour. Sadly, I don't think this means I am off the hook yet.
Any thoughts or suggestions on the above would be greatly appreciated. Particularly with regards to the /etc/hosts file and the last entry, or other ways to detect this malware.
Thanks.
Earlier this evening I noticed that Facebook on my macbook pro began redirecting to an unknown internet advertising site. I fixed this by rebooting the machine, but then noticed that YouTube was redirecting me to another unknown site.
Needless to say my suspicions were aroused. Trying the same sites on my PC showed no problems. Bad news.
I've done some searching around the net and these forums, and apparently there is such a thing as a DNS redirecting trojan which causes behaviour similar to what I am seeing.
However, I have run the Clamxav scan, and followed other directions available on the net for detecting this trojan and it has come up clean.
I checked my /etc/hosts file, and found the following:
Code:
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
That last entry looks odd to me, is it normal?
Anyway, I removed it and for the last hour have not noticed any strange behaviour. Sadly, I don't think this means I am off the hook yet.
Any thoughts or suggestions on the above would be greatly appreciated. Particularly with regards to the /etc/hosts file and the last entry, or other ways to detect this malware.
Thanks.