Google look-alikes opening in new window...Mac malware?

Asparagi39

macrumors newbie
Original poster
Jul 22, 2010
17
0
When browsing the web I sometimes click on links that open up a full-screen window behind my current one that takes me to an odd url like "search.gugle.com" or "googlesyndication.com" or something... It then goes to plain old Google. I don't know why it does this, but it has concerned me ever since the issue began. Links open and go to the pages and all, and I always X out of that window. It shouldn't be with preferences (I use Bing) and I was sure that Macs don't get malware...help?
 

GGJstudios

macrumors Westmere
May 16, 2008
44,419
758
When browsing the web I sometimes click on links that open up a full-screen window behind my current one that takes me to an odd url like "search.gugle.com" or "googlesyndication.com" or something... It then goes to plain old Google. I don't know why it does this, but it has concerned me ever since the issue began. Links open and go to the pages and all, and I always X out of that window. It shouldn't be with preferences (I use Bing) and I was sure that Macs don't get malware...help?
Sounds like a simple pop-up or pop-under. It has nothing to do with your computer. Can you post a link where this happens?

Mac Virus/Malware Info
 

Asparagi39

macrumors newbie
Original poster
Jul 22, 2010
17
0
On that thread you linked to javacool worded it perfectly:

An incorrectly-modified "HOSTS" file.
The HOSTS file maps domain names to IP addresses (the actual address of a server). If incorrect data is present, it could be redirecting your access of www.google.com from Google's servers to a "copycat" server that gives real-looking but fake results (which have the redirect).

An Easy Way to Tell:
Open a Finder window.
Under the "Go" menu, select "Go to Folder...".
When prompted, type "/etc" (without the quotes). Click OK.
Find the "hosts" file by name.
Copy the "hosts" file to another folder (your Desktop is fine), to ensure you don't accidentally make any modifications.
Double-click the "hosts" file, and it should open in TextEdit.
Verify it does not contain any entries for "google.com" or other search engines. (It will normally have some "localhost" entries - those are fine.)
and after investigating my HOSTS file I've found a suspicious set of entries:



A bunch of Adobe things, but my problem occurred awhile before my brother got me Photoshop...any more help to remove this "copy cat server" as javacool called it? And I can't find a way to edit my HOSTS file even if I needed to!

PS: This is what the window that opens up behind mine looks like...it is like this until it loads either Yahoo! or Google...
 

Asparagi39

macrumors newbie
Original poster
Jul 22, 2010
17
0
I'm starting to think that as well...So how do I remove these entries? And is this the source of my problems?
 

jamesarm97

macrumors 65816
Sep 29, 2006
1,060
65
I don't see anything there that would cause the problems. I would check your network settings and see if there is a proxy installed or a third party Safari plugin.
 

Asparagi39

macrumors newbie
Original poster
Jul 22, 2010
17
0
It's Ethernet, obviously. Our router has too much traffic...we need an Airport Extreme! Any issues there?
 

Asparagi39

macrumors newbie
Original poster
Jul 22, 2010
17
0
Which one goes the modem connection in to? Can you connect to your router via browser?

Even though the following guide is for wireless routers, it applies to wired ones too: http://compnetworking.about.com/od/wifihomenetworking/ht/access-routers.htm
I dont understand...sorry! Like I said, I can't do networks well. My modem goes into the wireless router, which has a cable that runs into the second wired router that splits into my iMac and the Xbox.

PS: Now it's opening random tabs from the "syndication" website that leads to scam pages...help?
 

Asparagi39

macrumors newbie
Original poster
Jul 22, 2010
17
0
How you figure that?
By the pages it opens. It is redirecting web sites to these look-alikes but instead of Google or Yahoo! it is going to scam pages and sketchy, ad-filled "search engines"...I just think it's my computer, not the network.