Mac Spyware from Google?

Discussion in 'MacBook Pro' started by Psychomiko, Mar 20, 2012.

  1. Psychomiko, Mar 20, 2012
    Last edited: Mar 21, 2012

    Psychomiko macrumors newbie

    Joined:
    Mar 20, 2012
    #1
    Hey all I have a puzzling question. I have a Macbook Pro running on Mac OS X that has internet through TWC's Road Runner. A few days ago, I received a message from Road Runner stating that the Bancos virus had been detected on my machine. After looking up the virus, I realized that it's a window's virus so it wouldn't make sense that it would be running on my mac. About a week before receiving this message, however, I noticed something weird with google. Every once in a while when I did a search in google and clicked on a link, I would be redirected to several other sites. I would have to back out of these sites, get back to the original google page, click on the link again, and then I would get to the page I wanted. This wouldn't happen with every search or every link, just every once in a while, but always with google.

    So I scanned my mac using Macscan and Sophos mac AV. Both came back clean. I reset Safari, and deleted all cookies, both of which seemed to help for while but the redirecting would eventually start again. I looked at the DNS IP addresses, both in gray and legit, and I looked at "all processes" in the Activity Monitor. I checked the names of all the processes, and all seem legit. The redirect was still continuing every once in a while though.

    I finally downloaded and installed Glimmerblocker which has helped immensely. The redirect has stopped and the mac's speed has noticeably improved. I did a test run of several searches in google to see if I was redirected, with Glimmerblocker running. I wasn't redirected but I looked at the Glimmerblocker history to see if anything was blocked. There was a huge list of blocks including ad.doubleclick.net, adserver1, ads.adbrite, ad.yieldmanager, images.intellitxt, adlog.com, and bullseye.backbeatmedia.

    So I'm wondering if there's some spyware hiding inside my mac or if there's just something going on with google. Again, this doesn't happen with any other search engine or site. If there is anything in my mac I'd like to kill it, not just block it. Any help or advice would be greatly appreciated. Thanks!
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    Check your DNS settings by reading: Why am I being redirected to other sites?
    Sophos should be avoided, as it could actually increase your Mac's vulnerability, as described here and here.

    You don't need any 3rd party antivirus app to keep your Mac malware-free. Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. You cannot infect your Mac simply by visiting a website, unzipping a file, opening an email attachment or joining a network. The only malware in the wild that can affect Mac OS X is a handful of trojans, which cannot infect your Mac unless you actively install them, and they can be easily avoided with some basic education, common sense and care in what software you install. Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

    There is no Mac OS X spyware in the wild.
     
  3. Psychomiko thread starter macrumors newbie

    Joined:
    Mar 20, 2012
    #3
    GGJ- Thanks for your help! I didn't know that Sophos AV was able to run with elevated privileges. I'm guessing this would allow other things to get past the mac security systems as well? I've since switched to Clamxav.

    I also looked at the resetting the DNS, but it seems as if I'd have to take the further step of disabling the DHCP-specified servers. Little unsure of if I want to start deleting things from that deep inside my mac. Would disabling the server mean that I could still use the Road Runner network I'm currently using? Any thoughts?

    Thanks again for all your help!
     
  4. /user/me macrumors 6502

    Joined:
    Feb 28, 2011
    #4
    I have a couple. You should get rid of all that extra stuff that you installed that won't really help your computer. (i.e. you don't need an antivirus since there are no viruses that affect macs.... I've never had a problem with popups, but all that glimmer blocker does is provide increased pop up blocking.) You should try resetting Safari and seeing if that takes care of your problems. Thirdly, you should get rid of your current internet connection settings and set the connection up like new. That should take care of it.
     
  5. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #5
    Yes, you'd still be able to use your RR network. The DNS servers don't affect your network access.
    That's not accurate. Glimmerblocker blocks all kinds of ads, not just pop-ups.
    Resetting Safari won't resolve problems with wrong DNS servers, and neither will changing internet connection settings. There is no need to do either one. DNS servers are set or changed using the method already posted.
     
  6. Psychomiko thread starter macrumors newbie

    Joined:
    Mar 20, 2012
    #6
    I've already reset Safari. That helps for a while, but the redirecting continues. Glimmerblocker is the only thing that seems to have really helped so I'll leave that running at least for the time being. I'll try resetting the DNS. Just so I'm clear though, it's not my mac that's infected, it's the DNS settings that are? How does that happen if there's not a foreign IP address that shows up under the DNS tab? And how do would I keep that from happening again, if that's the case. I very rarely download anything and if I do, I don't use the administration password to open anything. If it is the DNS settings, why would that just affect google as this is the only site I have problems with but all other search engines work fine? Sorry for the persistent questions, just trying to understand. Converted PC User. Thanks!
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    They're not infected. They just need to be set to known, reliable DNS servers. Some DNS servers work fine most of the time, but not always. You're simply changing them to ones that are known to be reliable all the time.
     
  8. Psychomiko, Mar 21, 2012
    Last edited: Mar 21, 2012

    Psychomiko thread starter macrumors newbie

    Joined:
    Mar 20, 2012
    #8
    Ok. Thanks. And one more question. When I'm trying to reset my DNS settings, I would have to disable the DHCP-specified server. In doing this, I can get all the way through the folders from System>Library>System Configuration>IPConfiguration Bundle, but when I click IPConfiguration Bundle, the mac says there is no default application assigned to open the bundle and I have no idea what application would be appropriate for that. Any thoughts? Thanks again.
     
  9. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #9
    Right-click on IPConfiguration Bundle in Finder and select "Show Package Contents"
     
  10. Psychomiko thread starter macrumors newbie

    Joined:
    Mar 20, 2012
    #10
    Great! That worked. Now how do I create a new IPConfiguration.xml file? I copied it, but I'm not sure if I should paste it in order to create a new one or if I need to do something else. Sorry, but this just seems like something that if done incorrectly, can really f up my mac. Just want to get it right. Thanks.
     
  11. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #11
    Wait. What are you trying to accomplish? Do you have a greyed-out DNS server? If so, what is it?
     
  12. Psychomiko thread starter macrumors newbie

    Joined:
    Mar 20, 2012
    #12
    I do have grayed out DNS servers. They're:

    209.18.47.61
    209.18.47.62

    According to the link you sent me, the grayed out servers means that they are DHCP-specified so I have to disable the DHCP-specification in order to reset the DNS.

    I'm trying to disable the DHCP using the instructions in the link but it seems like it's pretty tricky.
     
  13. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #13
    Try just adding the OpenDNS servers. Leave the greyed-out ones there for now.
     
  14. Psychomiko thread starter macrumors newbie

    Joined:
    Mar 20, 2012
    #14
    You're a lifesaver! Thanks. I added the OpenDNS and it seems to have replaced the other grayed-out ones. I ran a few searches in google and Glimmerblocker didn't block anything, so I'm hopeful. How can this DNS server be constantly reliable though if the original one I had was not?
     
  15. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #15
    The OpenDNS and Google DNS servers are among the most well-known and reliable servers. I can't vouch for others. Hopefully, that will resolve your problem. It looks like I'm going to have to take a look at those instructions again and see if I can develop some that are easier to follow.
     
  16. Psychomiko thread starter macrumors newbie

    Joined:
    Mar 20, 2012
    #16
    Sweet man I really appreciate all your help and patience!
     
  17. Psychomiko thread starter macrumors newbie

    Joined:
    Mar 20, 2012
    #17
    Ok so I changed the DNS Servers, rebooted the mac, and that seemed to work. After about half an hour of using the internet and google, though, I checked Glimmerblocker and there was another huge list of blocked ad websites. Any other thoughts? Would the safari pop up blockers have caught these websites, I just wouldn't have known about it without Glimmerblocker displaying them? Or do you think the problem isn't resolved? Sorry for the disappointment but I'd appreciate your continued help. Thanks.
     
  18. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #18
    I'm not sure what you're saying the problem is. Glimmerblocker is supposed to block ads, whether they're pop-ups or not. Safari's pop-up blocker won't block ads that aren't pop-ups. It sounds like Glimmerblocker is working as designed. Are you saying you want to see the sites that Glimmerblocker is blocking? If so, disable Glimmerblocker. All of that has nothing to do with your DNS servers, which relate to the redirect issue. Are you still getting unwanted redirects?
     
  19. Psychomiko thread starter macrumors newbie

    Joined:
    Mar 20, 2012
    #19
    No, sorry. When I installed Glimmerblocker, it stopped the redirects, before I changed the DNS servers, but when I checked what sites had been blocked, they were sites from all over the web that I had never been to. After changing the DNS servers and rechecking Glimmerblocker after I replied back to you, I saw that the ads that were blocked all had associations with sites that I visited, not random ones from across the web.

    It seems that everything's working well. Sorry for the confusion. Thanks again for your patience. Hope you have a good night.
     

Share This Page