Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MartianEconomic

macrumors newbie
Original poster
Feb 21, 2012
3
0
Hi,

I'm not sure if this is the exactly the correct form to post this in, as normally in a PC message board it would go under security or virus removal, but I understand that these are anomalies amongst Mac users.

Nonetheless, yesterday I seem to have somehow picked up what I recognized as a redirect exploit within my browser (Firefox). After doing a Google search I was sent to a different site, this happened three times in a row, and then never again.

Regardless, I went into panic mode and began a cleanout of everything. I deleted all files relating to Firefox (including all plugins), reset Safari, used Lion Cache Cleaner to kill anything available , and went about deleting any Macromedia and Java cache files that might have been left behind. I also downloaded a program I believe was called DNSChanger removal, and it came up negative for that specific Trojan. My host files are also clean.

Reading the few posts made on the subject across various internet forums, most of the people hit by this problem knowingly gave access to a malicious program. This was not the case, as the only thing I authorized in the last few months had been Minecraft (which I installed today, oddly minutes before my first encounter with the redirect).

As I stand now, I have not had an encounter again with the redirect. MacScan came up negative and I am in the process of scanning with ClamXAV. I'm coming from a PC background having to deal with the problems of Spyware and Malware all the time, so I was wondering if I missed any precautions, or if anyone has knowledge to if the redirect exploit could still be lurking somewhere on my Mac.

Hopefully the problem was with a cookie or file that got wiped out, but I would like some feedback as I am unfamiliar with the ways that a redirect of such manipulates the DNS files on a a Mac, an area I've read may be the root of the problem.

Thanks again for any help that can be offered.

(Also: the only symptoms I've experience since is minor slowdown (?), but I'm aware it may be from poor campus wifi connection)
 
After doing a Google search I was sent to a different site, this happened three times in a row, and then never again.
You don't have malware. Check your DNS settings by reading: Why am I being redirected to other sites?

You don't need any 3rd party antivirus app to keep your Mac malware-free. Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. You cannot infect your Mac simply by visiting a website, unzipping a file, opening an email attachment or joining a network. The only malware in the wild that can affect Mac OS X is a handful of trojans, which cannot infect your Mac unless you actively install them, and they can be easily avoided with some basic education, common sense and care in what software you install. Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.
 
Thank you for that lightning fast response. Now, I took a look at your response, and had read about the greyed out DNS selections. I know absolutely nothing about this, and was a bit intimidated by the part of the guide on how to remove these saying that "Be aware that this is a GLOBAL change. If you do this, your machine will not use the DNS servers specified by any DHCP server"

It seems you're knowledgeable about this, so I'll attach an image of exactly what appears on my screen when I go to DNS under network settings. If you could please break this down for me and just confirm that this is the issue, I'd be super grateful.
 

Attachments

  • Screen shot 2012-02-22 at 1.00.13 AM.png
    Screen shot 2012-02-22 at 1.00.13 AM.png
    512 KB · Views: 605
Thank you for that lightning fast response. Now, I took a look at your response, and had read about the greyed out DNS selections. I know absolutely nothing about this, and was a bit intimidated by the part of the guide on how to remove these saying that "Be aware that this is a GLOBAL change. If you do this, your machine will not use the DNS servers specified by any DHCP server"

It seems you're knowledgeable about this, so I'll attach an image of exactly what appears on my screen when I go to DNS under network settings. If you could please break this down for me and just confirm that this is the issue, I'd be super grateful.
Keep a copy of any file you modify and you should be fine. As that link indicates:
This may affect your machine's ability to easily work with corporate networks (especially those using Windows Active Directory) or other networks which use private DNS namespaces.
So do you connect your Mac to corporate networks or any networks other than your local network? If not, there's nothing to worry about. It looks like your DNS servers are coming from RR-RC-Ohio University-Columbus, which appears to be associated with Road Runner service. I don't know if those servers have been compromised or if they can be trusted. The ones in the link I posted can be trusted, so I'd proceed with removing the greyed out ones and adding either the OpenDNS or Google DNS servers.
 
Hello again,

I don't have the power to remove the servers for some reason, so I went through with the guide I had referenced to before, and have gotten a boosted performance, and no problems.

However, the DNS servers in my previous image are still there. I'm not sure technically what exactly I did by following the steps to remove the three integers from the IPConfiguration file, but does that just stop the servers from redirecting me even if they're still there?

Sorry if that wasn't too clear, and thanks again for your help.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.