Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mac google redirecting virus

TaylorJ said:
3 things, greyed out. Two ip addresses which both look familiar to me. Under search domain it says phub.net.cable.<MYISPSNAME>.com
Click to expand...
  1. When you first go to System Preferences > Network, click the padlock icon in the lower left and enter your admin password to change settings. Then they won't be greyed out.
  2. Under DNS Servers, make a note of your current settings, so you can change them back in the future, if you choose to.
  3. Select each IP and click the "-" under the list of DNS Servers to remove them all from the list.
  4. Then click the "+" and add two new ones: 8.8.8.8 and 8.8.4.4 (Google Public DNS)
  5. Click OK to change your settings.
Run with those settings for a while and see if you still get redirects.

TitanApe said:
... Not only can malware and other threats attack the Mac OS X platform directly...
Click to expand...
Since there are no viruses in the while that run on current Mac OS X, the only malware that can affect current Mac OS X (Leopard or Snow Leopard) is trojans, which require a user to download, install and enter their admin password. Even those are quite rare and usually found by installing pirated software. Installing anti-virus software will not solve the problem being discussed in this thread.

Mac Virus/Malware Info
 
GGJstudios said:
  1. When you first go to System Preferences > Network, click the padlock icon in the lower left and enter your admin password to change settings. Then they won't be greyed out.
  2. Under DNS Servers, make a note of your current settings, so you can change them back in the future, if you choose to.
  3. Select each IP and click the "-" under the list of DNS Servers to remove them all from the list.
  4. Then click the "+" and add two new ones: 8.8.8.8 and 8.8.4.4 (Google Public DNS)
  5. Click OK to change your settings.
Run with those settings for a while and see if you still get redirects.


Since there are no viruses in the while that run on current Mac OS X, the only malware that can affect current Mac OS X (Leopard or Snow Leopard) is trojans, which require a user to download, install and enter their admin password. Even those are quite rare and usually found by installing pirated software. Installing anti-virus software will not solve the problem being discussed in this thread.

Mac Virus/Malware Info
Click to expand...

I enter the password, still greyed out. I am the admin/only user of this mac.
 
I have also seen this type of problem and the fix for me was to ring my isp and ask the to flush the dns cache for my account. After they did it the problem was gone and hasn't been back since.
 
GGJstudios, telling people to not install protective software is short sighted. Your constant links and statements about no current viruses in the wild misses the point. As valid as those statements are, the Mac owning population is ever increasing, which will eventually lead to a profitable target for unscrupulous coders.

As good intentioned as I believe you are, you are actually hurting the community by trying to pursued people from installing protective software.
 
TitanApe said:
GGJstudios, telling people to not install protective software is short sighted. Your constant links and statements about no current viruses in the wild misses the point. As valid as those statements are, the Mac owning population is ever increasing, which will eventually lead to a profitable target for unscrupulous coders.

As good intentioned as I believe you are, you are actually hurting the community by trying to pursued people from installing protective software.
Click to expand...

I don't post here much but this has to be said....Again.

The lack of viri for OS X is in no way due to the unprofitably of the targets having a lesser market share. This has been proven time and time again. It's down to the way in which OS X was built up from the UNIX base which was designed around multiple users both local and and non-local. People and professionals have been trying for decades to breach various UNIX based systems to very little avail. That's not to say that there will never be viri on OS X, however the person that finally manages that will be, in all manner of the words, a genius who will no likely land him/herself VERY lucrative employment after its release.
 
TitanApe said:
GGJstudios, telling people to not install protective software is short sighted.
Click to expand...
I've never told anyone not to install protective software. I've stated that it's unnecessary on Mac OS X, which is true. People can install whatever they want.
TitanApe said:
Your constant links and statements about no current viruses in the wild misses the point.
Click to expand...
No, it doesn't. Even if you have AV software installed, it won't detect a newly-released Mac virus, because it doesn't know what to look for, since there are no current virus profiles for Mac OS X. If a virus is released in the wild, the first Mac users who encounter it will be infected, whether they're running AV or not. AV software can't detect what doesn't yet exist.
TitanApe said:
As good intentioned as I believe you are, you are actually hurting the community by trying to pursued people from installing protective software.
Click to expand...
I'm not trying to persuade anyone to install or not install anything. I'm simply educating them about the truth about viruses and malware as it relates to current Mac OS X. Have you even taken the time to read all of the post I linked to?

It could be said that those who recommend installing AV software are doing a disservice to the community, because it could give some a false sense of security. Ultimately, it's better to give people facts and let them decide what course of action to take, which is what I do.

Also, you've missed the entire point of this thread, which is about a DNS problem and has nothing to do with malware, despite the poorly chosen thread title.
 
GGJstudios said:
Are you saying the IP addresses are greyed out, or the ability to add new ones is greyed out? If you can't remove the ones that are there, simply add the two new ones I posted. If you can't even add new ones, you have a bigger problem.

http://macs.about.com/od/networking/qt/configure-your-macs-dns.htm
Click to expand...

I didnt add a subscription to this thread so I completley forgot about it. Also, the problem stopped since last time I posted. However today it came back. Trying to view a youtube video and it keeps redirecting to myspace.

I am able to add dns servers but they are still greyed out. I added the two you gave me, click apply and refreshed the youtube video and its still goes to myspace. Its so funny, the address bar still says youtube.com but its clearly myspace

Very, very annoying.
 
Willdta said:
he made the claim first so i would like to see his evidence first
Click to expand...

Are you running Windows on your Mac?

I have met people that think Macs can't get viruses because of "something" related to the hardware and believe that they are immune from Window's viruses and worms by running Windows on a Mac.

Sometimes I think people that say their Mac got a viruses are running Windows in such a manner. Then, upon the realization that the "something" is Mac OS X, do not not state that it was Windows running on their Mac that got infected.
 
GGJstudios said:
The discussion (which was 4 months ago) was about malware on Mac OS X, not Windows on the Mac.
Click to expand...

Sorry, forgot to check the time stamp, thanks.

TaylorJ said:
I didnt add a subscription to this thread so I completley forgot about it. Also, the problem stopped since last time I posted. However today it came back. Trying to view a youtube video and it keeps redirecting to myspace.

I am able to add dns servers but they are still greyed out. I added the two you gave me, click apply and refreshed the youtube video and its still goes to myspace. Its so funny, the address bar still says youtube.com but its clearly myspace

Very, very annoying.
Click to expand...

What kind of wireless network are you connected to? Is it unencrypted, WEP, or WPA with a weak password? Is it a large public network that you don't administrate?

It is possible for an attacker to produce that browser behaviour via MITM attacks in combination with DNS spoofing and etc using a program such as Ettercap. Maybe your just being pranked by someone.

Install Mocha. It will give you a notification at the bottom left corner of your screen in the event that someone is doing MITM attacks via ARP poisoning.
 
I'm 99.9% sure I'm not being hacked. I have WPA personal security on my network, I am the administrator. I usually keep everything in check. The password is very strong, as strong as a password can be with letters and numbers.

Also, I am running windows on my mac, but I JUST installed it, this problem has been occurring ever since I got my new router, in the summer. It didnt start as soon as I got the router, but it didn't happen when I had my old router. Its a linksys n gigabit router

Any other suggestions on what I can do? I'm still running on the google public dns, I will see if the problem returns.
 
TaylorJ said:
I'm 99.9% sure I'm not being hacked. I have WPA personal security on my network, I am the administrator. I usually keep everything in check. The password is very strong, as strong as a password can be with letters and numbers.
Click to expand...
While your password may be very strong, and I agree your chances of being hacked are remote, be aware that your password can be upper and lower case letters, numbers and special characters. Something like $2jIh^(Vt2#h&%Shs0.1 would be much harder to guess.
 
I believe the issue is with your router.

I found this article related to such problems, hopefully you find it helpful.

the-redirect-virus-was-in-my-router/ EDIT: different link as other one is broken -> http://andrewodendaal.com/google-redirect-virus/

From what I gather, reset the router and reconfigure your network settings on the router after reset. Make sure your router requires a password (this is different than the wireless network password) to login/change settings and make sure not to use the default password that the router comes with. It seems like the password acts much like the admin password on a Mac and prevents malware install on the router.
 
Last edited:
isx said:
I don't post here much but this has to be said....Again.

The lack of viri for OS X is in no way due to the unprofitably of the targets having a lesser market share. This has been proven time and time again. It's down to the way in which OS X was built up from the UNIX base which was designed around multiple users both local and and non-local. People and professionals have been trying for decades to breach various UNIX based systems to very little avail. That's not to say that there will never be viri on OS X, however the person that finally manages that will be, in all manner of the words, a genius who will no likely land him/herself VERY lucrative employment after its release.
Click to expand...

http://news.cnet.com/8301-27080_3-10444561-245.html
 
Hey TitanApe,

I somewhat agree with you but you sometimes have to take CNET articles with a grain of salt.

As of Mac OS X 10.5, both the stack and heap use the NX bit for ALL 64 bit processes and most of what is accessible for exploitation in 10.6 is running as 64 bit. 64 bit processes have not been exploited on 10.6 AFAIK but they have on 64 bit Linux that also uses stack and heap NX protection. http://www.exploit-db.com/exploits/15024/(Only processes related to 32-bit emulation and compatibility are being exploited on x86_64 Linux.)

Both ASLR and DEP were defeated on 64 bit Windows 7 at the last PWN2OWN but DEP in Windows may be optional at the discretion of the developer as its wiki suggests. This article outlines the issues with Windows ASLR/DEP in depth.

Full ASLR for 64 bit processes on 10.6 may not be necessary given that the 64 bit dyld file is located in the same folder as the 32 bit dyld file. The 32 bit dyld file is accessed during exploitation of 32 bit processes but 64 bit processes are not being exploited even though the file is equally accessible. (EDIT: in remote exploitation, the dyld information is acquired via an executable located at usr/lib/dyld that equally provides information for x86 and x86_64 processes). This makes me believe that, for now, NX bit is enough to protect these processes with partial ASLR.

ASLR is necessary to help protect 32 bit processes and Apple should improve its ASLR or move everything over to 64 bit. Apple appears to be focusing on migrating over to 64 bit which is most likely the more reliable option. Apple is also working on developing a split process model for WebKit2 (underpinnings of Safari and Mail) to help improve security as well. Split process model style of sandboxing seems effective given that Google Chrome survived PWN2OWN.

Safari was exploited at PWN2OWN via libraries from Preview. The Preview app is largely built on top of Adobe Reader which has not had the greatest security record. I believe the exploit only included arbitrary code execution but did not include privilege escalation.

Mac OS X 10.5 and 10.6 seem to be secure as neither has had a report of a remote privilege escalation exploit. Both have not had an arbitrary code execution paired with local privilege escalation as well. Either of these two conditions are typically required for viruses and worms to be installed without user intervention.
 
Last edited:
Is it just me, or does every post related to viruses on a mac turn into a flame war?
 
Hastings101 said:
Is it just me, or does every post related to viruses on a mac turn into a flame war?
Click to expand...
It's just you! :D

Seriously, it's because so many post misinformation by saying things like:
"Macs are immune to viruses"
"You can get a virus on your Mac by clicking on a web site"
"There have never been any viruses on Macs"
"The only reason Macs don't get viruses is market share"​
....or many other misstatements of facts.
 
In addition to what I posted earlier, another factor that makes Linux and Mac OS X more secure than Windows is the number of bugs per lines of code.

I only know of empirical evidence for that fact for Linux. But anecdotal evidence for Mac OS X is substantiated via comparing the number of bugs per OS platform on an exploit database website such as http://www.exploit-db.com/. (A another source for relevant vulnerabilities is ZDI)

I think using such anecdotal evidence for Mac OS X is valid as Linux has more entries in the database than Mac OS X and Linux has a smaller market share.

The number of bugs per lines of code is important because it influences the likelihood of finding critical holes that allow viruses and worms to be installed.

EDIT: 64 bit Flash player is now available for Mac.
 
Last edited:
If you would like to disable PDF viewing within Safari and enable downloading of PDFs when clicked, then type the following into Terminal:

defaults write com.apple.Safari WebKitOmitPDFSupport -bool YES

If you like to switch your default PDF viewer to something other than Preview, download a third party PDF viewer (such as Skim) and set it as your default PDF viewer.

Change the default PDF viewer by finding a PDF file, selecting "Get Info" for the file (secondary click to see drop down menu), finding the default app selection field in Get Info, selecting a new default app and clicking "Change All."
 
Let me borrow this thread real quick to ask a question: are there any potential risks using custom DNS Servers, such as the two I am using? -》208.67.222.222, 208.67.220.220
 
Just be aware that the security benefits of OpenDNS are not a substitute for user knowledge.

Anti-phishing databases, such as PhishTank, really only contain definitions for known phishing sites. There are some url formats that these databases will flag as a whole but these only represent the most simple types of phishing sites. There are tools, such as Sitesucker, that make it really easy to spoof a website.

Also, most of the phishing databases rely on knowledgable users to build the database. These knowledgable users are familiar with and understand digital certificates, such as SSL, to make judgements about the security of websites.

So, a better line of defence against phishing is to develop an understanding of digital certificates for your own protection.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back