Is this a Virus?

Discussion in 'Mac Basics and Help' started by kirk wilson, Aug 6, 2008.

  1. kirk wilson macrumors member

    May 18, 2008
    I have 2 laptops, while I am here in mexico (the land of internet viruses)..
    The better one is a white iBook 800 mhz with Safari 3.1.1 and decent sdRAM. It's not over-loaded with junk; I only surf the internets with it. But now it's so slow that 30 seconds is actually fast for loading a page. If it loads at all. But mostly I get this:

    "404- Page Not Found. Try Firefox!"
    (also, there's a Google blank in the middle of the Error box!)

    This is in Safari, and I can no longer access pages like the New York Times,
    Yahoo, or any of Apple's forums. It's always "404- Page Not Found-- Try Firefox!" I even clicked on Firefox- and it said ... you guessed it.. Page Not Found, Try Firefox! It also says something wierd at the bottom of the
    page: "All Money Made from this Page Goes to Charity"


    I do have Firefox on the other computer, the old slow PISMO which has about
    25 different things wrong with it, with squealing noise and smoke. It now works better on the Internet than my white iBook. The PISMO has a 300 mhz processor and Firefox, but low sdRAM.

    NOTE: this "404 Page Not Found" Error box is not a typical Safari box (actually it's framed in RED), but it also doesn't look like a regular FIREFOX error box either.

    It's like an ad or something.

    This is how I get my eMail now:
    To get to Yahoo, I have to google YAHOO CANADA or YAHOO IRELAND
    to get to Yahoo (U.S.) to get my mail. Otherwise, the "Page is not FOund."
    I empty the browser and the cookies and reset Safari every few minutes.
    I go make coffee while I am waiting for a site like Amazon or Ebay to load.
    (BUT it goes right to small obscure blogs, quickly)

    I tried to re-load or update my Safari, but those pages are also NOT FOUND on the internet. (And as I said I can't get to the Firefoxsite yet to download THAT through the official site, but I may find a secondary site
    to download it from. I'd rather not use Firefox at all, if they are Spamming
    Safari now.)

    Two days ago,, everything was working so well on the white iBook. I am typing this post on the older PISMO (usinng Firefox) which doesn't have any of these problems. It finds everything.

    I can access MacRUMORS on both computers, but I seem to be unable to 'log in' or register or anything on the iBook.

    Is this a Virus? Or is there something going on all over the internets this week? Is Mozilla trying to block Safari users?

  2. TEG macrumors 604


    Jan 21, 2002
    Langley, Washington
    It sounds more like someone has been messing with the DNS server of your ISP. They are trying to promote Firefox, and will only allow Firefox to access some sites. The problem is that they likely wrote the script to look for Windows and Firefox and likely Linux and Firefox, and anything else gets redirected to the page you found.

    I'd call the ISP and complain.

  3. clevin macrumors G3


    Aug 6, 2006
    I don't know how that can explain OP's second computer which works okay then.

    For OP. Mozilla has no way of blocking you from your safari, you would better off blaming something system related, since it affects every browsers, rather than blaming mozilla for it.

    Did you install anything recently? or did you visited any suspicious website lately? or did you witched ISP recently?

    PS. if there were to be some sort of malicous stuff that autodowload itself, you have better chance of avoiding the attack by using firefox, rather than safari.
  4. merl1n macrumors 65816


    Mar 30, 2008
    New Jersey, USA
    I agree with TEG.

    His 2nd computer is a Pismo and he is running Firefox on it, not Safari.

    The only other thing I can think of is that he has some Internet Plug-In installed that is affecting Safari.

    If this is the case, to the OP:

    In your home folder, under Library/Internet Plug-Ins, remove all of the plug-ins (to your desktop) or somewhere else. Launch Safari and see if you still have the problem. If not, move each (one at a time) plug-in back to the folder and try again. Make sure you quit Safari each time you make a change.
  5. Consultant macrumors G5


    Jun 27, 2007
    Sounds like the OP was tricked into and has downloaded / installed something that is said to be required to play p0rn, but actually takes over the browsers.

    Not a virus, but a trojan that REQUIRES user interaction.
  6. clevin macrumors G3


    Aug 6, 2006
    :confused::confused: I thought Mr. TEG think it a ISP DNS problem, and you agree with that? if its a DNS problem, how can it affect one computer, but not the other one on the same network?

    Really confused, you sure about it?
  7. merl1n macrumors 65816


    Mar 30, 2008
    New Jersey, USA
    What I meant was that if the ISP has a script to check for what browser he is using he could be redirected (DNS) to another web page "Error 404 ... use Firefox..." instead of the one he wants.

    A normal "Error 404 Page Not Found" would not have "Use Firefox instead" in the error page.
  8. TEG macrumors 604


    Jan 21, 2002
    Langley, Washington
    Because the script they based the redirect may use a newer version of Javascript that the (likely OS9) version of Firefox/IE can't read.

    If it is a Javascript app, simply turning off Javascript on Safari should allow for Internet access.

  9. NAG macrumors 68030


    Aug 6, 2003
    I'm thinking it is the he installed something he shouldn't have and it messed up his host config file.

    Did you install a quicktime "codec" or something similar from a less than reputable site?
  10. operator207 macrumors 6502

    Jul 24, 2007
    Transparent proxy messed up at isp's end?

    That would explain the big sites not working, and the smaller ones working fine.
  11. clevin macrumors G3


    Aug 6, 2006
    1. Firefox never supported any OS classic, from firefox 1.0, it has only supported OSX. If OP is using Firefox on both machine, then It can't be running OS classic.

    2. On the broken machine, even using firefox will goto that strange page as well, so It unlikely his ISP is checking browser types.

    I still think he probably downloaded some stuff that cause the problem, afterall, the machine runs fine just two days ago.
  12. kirk wilson thread starter macrumors member

    May 18, 2008

    Turn off Java Script?
    I'll do that. Except that I forgot how (is it in Safari Prefs?)

    I have not downloaded any Apps in the two days since this started.
    (actually not for a month)
    I have only Adobe Flash 9, and three other copies of it in my Library
    folder (Adobe Flash never works, so it seems I have been downloaded
    several times).

    I did, last month, download SWF Flash player, which has worked well.

    Yes, I looked at porn. Once. (ok, twice.) But I thought having a Mac
    would protect me. I know, I'm stupid.

    In the event that my local ISP (TeleCable of Mexico) is messing with things,
    they will most certainly ignore my complaints.. because they are in Mexico, and because they can...

    How do I clean up this
    Drop Safari? Install Firefox? Both? Or is it worse than that?

    PS I have been going to (playable search), to download music using
    iTunes format. Maybe that's a problem?

  13. NAG macrumors 68030


    Aug 6, 2003
    Did you do anything like this?

    PS: The more I think about this, it is probably some stupid "white hat" script kiddy messing with the dns server you connect to. Try using OpenDNS (put and into your DNS server settings).
  14. merl1n macrumors 65816


    Mar 30, 2008
    New Jersey, USA
  15. kirk wilson thread starter macrumors member

    May 18, 2008
    This helped..

    I just disabled Java-script, and I can get to most large websites in fifteen seconds, rather than thirty seconds.

    Except when I google 'Apple Forums.' (i get that 404 Not found page again)

    As for Quicktime and codecs, i sort of hate quicktime, and don't think I would ever download some new 'codec' just to play some crappy clip.
    But others have used my laptop..

    I read the link about the trojan virus, and bookmarked it, and
    I will come back to this in three days (I am going to mexico city for the

    Short of wiping my HD clean, is there anything I can do?
    (i'm going to start with the DNS stuff now-- thanks for the numbers)

    PS do you think this has anything to do with a 13-hour brownout
    which included the cable company (I live near it) two days ago?
    All the trouble started afterwards-- except for Windows users
    (90 percent of everyone here).. they're all fine..

    (I don't have a copy of OSX 10.4 on disk here with me, so I'll be screwed)
  16. clevin macrumors G3


    Aug 6, 2006
    woooo, this might be the case.

    There is another point to make

    I heard the case that safari might be tricked to download files w/o telling users. (My impression is this has been patched, but Im not sure and would like further confirmations)

    I know safari will automatically open downloaded files it regards as "safe". This would be a severe problem if above mentioned hidden download were to happen.

    I strongly suggest that if you were to keep using safari,

    1. turn off auto open function in preference
    2. be SURE not to visit dangerous websites, safari has no anti-phishing measures.
  17. NAG macrumors 68030


    Aug 6, 2003
    Thats FUD. Can you stop being a Firefox fanboy for just one minute if you're going to try to diagnose tech problems? Really.

    First off, the auto open thing relates to things like zip and dmg files. I still recommend it off because it is just annoying.

    Second, what is with the anti-phising crusade from the Firefox guys? You make this weird hand holding feature into the holy grail of security. What does this guys problem have to do with phishing? Here is a hint. Nothing! And last but not least, if you're so worried about phishing, just use OpenDNS. It does that for you, regardless of the browser you're using.
  18. clevin macrumors G3


    Aug 6, 2006
    ha, thats alot .... there.

    didn't you see the link you give indicate the problem is actually just caused by a dmg file? do you care more about users' security? or apple's reputation here?

    and guess what, if OP's problem was caused by some download from some website, and guess what he was using? and I should not give some suggestions regarding that notorious auto-open risk?

    You care way too much about apple's reputation.

    FUD? which sentence I said is untrue? or haven't happen before?
  19. kirk wilson thread starter macrumors member

    May 18, 2008
    Open DNS thing helped

    I changed the DNS settings by putting in the numbers you suggested,
    and that has helped further. I get to sites a little faster,
    I can even go to Yahoo Mail, but this site is now filled with question marks where there should be symbols or 'post' and 'reply' buttons;

    (I have also disabled Java-script)

    I can live with this, but is that the end of the fix?
  20. r.j.s Moderator emeritus


    Mar 7, 2007
    Just because Safari can auto open dmg files, it doesn't mean anything - you still need to enter the password to install an app.

    I think you might try reinstalling safari and firefox- that may reset the obscure setting that now makes it work some of the time.

    Check your DNS too, I think that might be the bigger problem here.
  21. clevin macrumors G3


    Aug 6, 2006
    Nobody is sure about that, have you figured out how it got messed up? I think that would be the place to start and see if current solution solved it completely.
    That may or may not be true.
  22. NAG macrumors 68030


    Aug 6, 2003
    Ah yes, the playing dumb routine. I was hoping you'd get past this Firefox obsession you have but at least you've managed to backtrack and now at least look open to trying to help the person. Don't let me stop you from actually trying to help instead of pushing your Firefox zealotry onto him.

    Anyway, back to the actual problem. Have you reset your caches? You may still have some of the old/erroneous pages in your cache. If resetting your cache as well as switching to OpenDNS ends up fixing it then your ISPs DNS has been compromised. They probably already know this but you should go ahead and report it to them anyway.
  23. kjs862 macrumors 65816


    Jan 21, 2004
    Don't be serious you can't get a virus on a mac
  24. kirk wilson thread starter macrumors member

    May 18, 2008
    Update: it's worse

    I logged onto the internet again, after an hour away from the house, and I went to this page (bookmarked). Couldn't get on. ("404 Error-- No Such Page-- Try Firefox Today!")
    An hour ago, I could get on; that's when I wrote the original post.
    Maybe my bookmarks are screwy. I googled Mac rumors and there is no such page. Same with Yahoo, etc.

    I can't get to any sites now, using Safari.

    (number 3 deleted-- just some whining..)

    A friend just left; he brought over his identical white iBook with Safari.
    He had no problem on the internet, or with my wireless network here
    in the house.

    So, it's all in my laptop,, I guess.

    6)my housemate has admitted to downloading 2 small QUICKTIME clips
    a few days ago (I remember 2 on the desktop, but one was blank.
    I'd rather not say what was on the other one... anyway, I dumped them)
    Usually I have a personal "No-Quicktime" rule because they suck.

    thank you everyone so far, for your suggestions.


    (I might bring it to the Apple Store in Mexico City; but then again it would cost a zillion dollars to fix, because everything Apple cost ten times as much as it does in the U.S.)

Share This Page