Dns changer/trojan possibilty? HELP!

Discussion in 'macOS' started by lauramarie, Aug 8, 2010.

  1. lauramarie macrumors newbie

    Joined:
    Aug 8, 2010
    #1
    Ive searched everywhere and done what im sure is all i can to get this sorted and its driving me CRAZY!

    My problem;
    When searching online, on random websites im redirected and some websites i cant get on at all and says 'transfering data from google-analytics.com' on firefox and [random numbers, keeps changing] ' completed 3 of 5 (1 error)' and on both the screen is white.

    Through lots of googling and asking friends we've come to the conclusion my problem is whats called 'dns changer' however no anti virus software is picking anything up.

    Ive used the following programmes;

    http://www.versiontracker.com/dyn/moreinfo/macosx/33696

    ClamXav

    and

    Macscan

    ive also flushed the dns because i was advised to.

    Please help. the main website i want to use is wix.com because I was in the middle of building my professional porfolio, spent weeks and HOURS doing it and now i cant :/

    im aware that they can only get through if i give it permission and i may have done so without realising [thinking it was an ok programme, updating flash or divx ectect]
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #3
    Redirected where?
    http://en.wikipedia.org/wiki/Google_Analytics
    That indicates completed downloading of (3) site elements and how many remain (5). Errors can occur if an element is missing or damaged in some way. That usually has to do with the site itself and nothing on your end.
    The screen would be blank until sufficient site elements have been downloaded to display something. Downloading these elements, which is done by your browser, is dependent on a good connection all the way from your computer to where the site is hosted. Many things can interfere with that path. Also, it could be problems on the site hosting end. None of these factors points to malware of any kind.
    DNS problems would affect your router, not necessarily your computer. What facts do you have that makes you believe you have a DNS hijacking situation?
     
  3. lauramarie thread starter macrumors newbie

    Joined:
    Aug 8, 2010
    #4
    Oh yeah i forgot about iantivirus, i thought it just stopped virus' coming through.. its running now thanks.


    1- redirected to other random websites, like links sites or sometimes just a blank page.

    2- Yeah searched that. Doesnt have anything to do with my problem though.

    3- They work for several other people on both mac and pc, so i know its a problem on my end.

    4- Thats what i thought, but as far as i know the connection hasnt changed. It was working the other week [ive had to take a week off sorting it out due to holiday] one day it was working, next it wasnt. My family pc also started getting [or someone trying to send] several trojans.

    5- My computer is perfectly fine, its just my internet and when i go onto some websites it redirects me or stops me from going on them. My friend advised me that it was purely from this. the connection is not [noticeably] slower then when it was fine.
     
  4. lauramarie thread starter macrumors newbie

    Joined:
    Aug 8, 2010
    #5
    Iantivirus picked nothing up either.

    Anyone please?
     
  5. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #6
    It can't pick up anything because there ARE no viruses that run on current Mac OS X. No AV can detect a virus that doesn't exist. Look at your DNS settings on your router, as I said before.

    Mac Virus/Malware Info
     
  6. lauramarie thread starter macrumors newbie

    Joined:
    Aug 8, 2010
    #7
    Ok, well it was just a theory cos it all sounds about right. Also, from what ive heard there a trojans for mac os? which arent actually a virus'?
    Ive read that link several times, and other people have quoted from it many times.
    But it says, and i quote;
    "your chances of being affected by a virus, trojan or other malware are extremely slim, unless you've been careless about where you get software and when you enter your administrator password."

    WHICH i think i have done, because i was asked to update flashplayer on a website and i stupidly put my password in to install.

    Anyway, how do i go about that? how do i check the router?
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #8
    Do you remember which site it was? If you simply updated flash player from a legitimate site, you don't have to worry about anything. Many sites that contain flash content will pop up a link to update flash player, if you're not running the most current. That, in itself, is not a threat.
    You should know which router you're using and you should have a utility for configuring the router settings, including DNS settings. If you don't know how, you might ask a friend who's more computer literate, to assist you.
     
  8. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #9
    ping the website you want to go to, and see if the IP address works.

    i have come across quite a few locations where the DNS servers have been outdated, using a different DNS server normally rectifies the issue.
     
  9. lauramarie thread starter macrumors newbie

    Joined:
    Aug 8, 2010
    #10
    Really cant remember which site it was to be honest. it looked legitimate but you never know. But im sure i was running the most recent thats why i think it was a bit dodgy?

    I have no idea what the router is to be honest or where to find it. Even if i could, id have no idea what was right or not. I cant reach any of my computer literate friends for a good month, so just trying to sort it out myself before i can see them. :(

    ping? ive tried googling that, and took me a while to get on to any of the websites because it keep redirecting me to a 'no results found' page :/ Does this with a lot of websites. I click the link, the website shows for a second and then goes to a white page, or a white page with small writing saying 'no results found'

    Anyway i found one, it says the website is offline?

    The thing is, i KNOW its my internet/computer because ive asked quite a few people if websites are working them and they are. Just not mine?

    How do i change dns server? Can it be done just for my laptop or will it change the whole internet server.
    I just dont want to meddle around with the whole thing because im on a shared router?

    Its just getting worst now.
     
  10. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #11
    could be massive DNS issues then. not to worry, do this!

    1. open System Preferences
    2. Click "Network"
    3. i presume you are using wireless, so click "airport" on the left hand list
    4. click "advanced"
    5. click "DNS" (its a tab)
    6. click the left hand plus "+" button and add "8.8.8.8" and "8.8.4.4" into it
    7. hit ok, hit "apply".

    check the websites, see how that goes. sorry if i missed a step - i had to remember that off the top of my head :p

    ping is a networking term used to attempt to contact a remote computer. open up Terminal (its in applicaitons->utilities on your computer) and type
    "ping www.google.com" (without the quotation marks) and it will give you a result. hit Ctrl + C to cancel this operation.
     
  11. lauramarie thread starter macrumors newbie

    Joined:
    Aug 8, 2010
    #12
    :(
    I did that, but still no difference.
    There were some numbers in there already? are they supposed to be there and should i get rid of them first?


    Done the ping thing too, and loads of numbers are coming up[and keep coming], so im guessing the website is fine.
     
  12. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #13
    get rid of the other ones first silly! otherwise the ones below it have no effect!

    the numbers that "keep coming" are the "IP addresses" of the websites. try to ping a website that you are unable to get to, and show us the IP Address.
     
  13. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #14
    I think she's referring to the multiple pings to the same IP, showing the times:
    Screenshot  3.PNG
     
  14. lauramarie thread starter macrumors newbie

    Joined:
    Aug 8, 2010
    #15
    Oh it wont let me get rid of them. theyre in a light shade of gray?
    They are;
    213.109.65.69
    213.10977.229
    is that means anything? or are they just generic numbers that need to be there?


    Ok,
    we have..

    64 bytes from 216.139.222.59: icmp_seq=4 ttl=46 time=143.431 ms

    the website is www.wix.com
     
  15. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #16
    The second one is not a valid IP. It should be 213.109.77.229.
     
  16. lauramarie thread starter macrumors newbie

    Joined:
    Aug 8, 2010
  17. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #18
    i know that :) thats why i asked for the IP addresses of a site that she is unable to get to. then we can give it a go and see where the issue lies.

    get rid of them, highlight it - then press the negative button "-" and get rid of them both. leave 8.8.8.8 etc there.

    that is resolving correctly from what i can see.
     
  18. lauramarie thread starter macrumors newbie

    Joined:
    Aug 8, 2010
    #19
    Yeah it wouldnt let me delete them 213. ect numbers, i cant even click on them?..BUT i entered the 8.8 ect numbers in and its working today? :D well its working on firefox not so much on safari for some reason?

    But its still working loads better then before.

    Might have been because ive shut down and reloaded it several times?
    [my trackpad isnt working properly because i spilt a bit of tea on it :( so been using a spare wireless mouse]

    anyway, yeah its working at the moment, so ill see how it goes for now, otherwise i'll be back again! haha :)

    thanks for the help!
     

Share This Page