Mac Spyware?

Discussion in 'Mac Basics and Help' started by kingshrubb, Oct 23, 2010.

  1. kingshrubb macrumors regular

    kingshrubb

    Joined:
    Mar 3, 2008
    #1
    My internet browser (whether I use chrome or safari) keeps redirecting me to random sites. Sometimes this happens automatically and sometimes it happens when I enter a new URL in. It will even sometimes open a new tab in my browser and an ad pops up. The internet is extremely slow (I have a friend on the same network with the same macbook pro as mine and his is considerably faster). What can I do to stop this? Thank you for your help. :)
     
  2. MacDawg macrumors P6

    MacDawg

    Joined:
    Mar 20, 2004
    Location:
    "Between the Hedges"
    #2
    Always try clearing your caches first if possible
    Reset Safari
     
  3. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #3
    Are the sites actually random? Do you have popup blocking on? Have you installed anything that you weren't sure of the source or what it was?
     
  4. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #4
    Check your DNS settings:
    System Preferences > Network > yournetwork > Advanced > DNS

    Unless you've been installing pirated software or software from seedy sites, it's not malware.
    Mac Virus/Malware Info
     
  5. kingshrubb thread starter macrumors regular

    kingshrubb

    Joined:
    Mar 3, 2008
    #5
    The DNS settings have 2 different servers:
    85.255.114.36
    and
    85.255.112.95
    Is this right?


    Also the sites / ads are sometimes the same, like similar ones pop up each times sometimes not all the time though.
     
  6. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #6
    No, change them to 208.67.222.222 and 208.67.220.220
     
  7. maril1111 macrumors 68000

    maril1111

    Joined:
    Mar 14, 2010
    Location:
    Denmark
    #7
    doesn't seem like it at least according to this link:

    http://gabrielharrison.co.uk/consultancy/dns_spam_porn_search_hijack/

    Clear your dns settings using the black minus on button and i am curious have you been downloading illegal stuff?

    darn it GGJstudios you were faster :D
     
  8. kingshrubb thread starter macrumors regular

    kingshrubb

    Joined:
    Mar 3, 2008
    #8
    I can't change them. The black "-" is gray so I can't click it :(
    edit: I can't even click on the DNS server. I can't click it the number is even grayed out.
     
  9. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #9
    On the Network window, did you unlock?
    ScreenCap 2.PNG
     
  10. markgixxer750 macrumors newbie

    Joined:
    Dec 31, 2010
    Location:
    The desert
    #10
    Trojans/Spyware?

    One of my customers has brought his macbook in for me to have a look at, the DNS address is 85.255.114.89 and 85.255.112.196, the mac is (needs to be) set to DHCP to get all its info from the network, static addresses are not an option.

    A bit of noseying around seems to point that these adresses belong to a dodgy ISP that allows "questionable" activity on its servers.

    How do you find and remove a trojan from a mac? Will installing Sophos help?

    Its a Macbook 4,1 running OS X 10.5.8
     
  11. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #11
    First, you have to find a Mac trojan. Currently, there are only a handful out there and you usually find them while installing pirated software or installing codecs or plug-ins from porn sites. If you haven't done this and you've been careful about what you install, your chances of having a Mac trojan are ridiculously remote.

    There's more information here: Mac Virus/Malware Info
     
  12. markgixxer750 macrumors newbie

    Joined:
    Dec 31, 2010
    Location:
    The desert
    #12
    Ok thanks for the info, like I say this mac-book belongs to a "customer" so Ive no idea what he has or has not clicked on and not being particularly up 2 speed with macs having only owned one myself for 2 weeks I'm not too sure how to go about sorting it out for him. I'm more of a Windows person myself and just recently came over to the darkside (sic).

    The problem is his DNS address settings as I stated above which need to be obtained from the network automatically but instead are "greyed" out and are seemingly un-deletable. They appear to belong to a nameserver company in Ukraine called inhoster and a bit of googling shows that they are a pretty dubious bunch.
     
  13. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #13
    The DNS settings are greyed out because you haven't unlocked them. When you go to System Preferences > Network, you will see a padlock icon in the lower left corner and the note "Click the lock to make changes". You need to click the lock, enter the admin password, and then you'll be able to change DNS servers. Remove the existing ones and use OpenDNS or Google servers:

    OpenDNS:
    Primary DNS Server: 208.67.222.222
    Secondary DNS Server: 208.67.220.220

    Google:
    Primary DNS Server: 8.8.8.8
    Secondary DNS Server: 8.8.4.4
     
  14. markgixxer750 macrumors newbie

    Joined:
    Dec 31, 2010
    Location:
    The desert
    #14
    No, I checked that, it is unlocked but they DNS settings are still greyed out.
     
  15. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #15
  16. markgixxer750, Jan 12, 2011
    Last edited by a moderator: Jan 13, 2011

    markgixxer750 macrumors newbie

    Joined:
    Dec 31, 2010
    Location:
    The desert
    #17
    Ok after a bit more googling it appears there may be a "cron job" which is apparently some sort of scheduled task which re-writes the dodgy dns settings, which would explain why when I gave the PC a static IP and DNS it was over-written after about 30 seconds.

    I will need to have a closer look at his macbook when i get back into work tomorrow I think.

    Thanks, that looks promising, I'll give it a try when I get back into work tomorrow.
     
  17. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #18
  18. markgixxer750, Jan 12, 2011
    Last edited by a moderator: Jan 13, 2011

    markgixxer750 macrumors newbie

    Joined:
    Dec 31, 2010
    Location:
    The desert
    #19
  19. markgixxer750 macrumors newbie

    Joined:
    Dec 31, 2010
    Location:
    The desert
    #20
    As Im trying to learn more about macs I decided to follow the instructions in this LINK and deleted it manually. Seemed pretty straightforward and was easy enough.

    Thanks for all your help.
     

Share This Page