Malware, Trojan, Virus?

[schrautm]

I am struggling with a problem on my MacBook.

Whenever I use either Firefox or Safari, I will have an unwanted advertisement pop up as I click on a link to a new page. When I click on a link the link will take me to the webpage I request and then after briefly stopping at the desired page, I am redirected to an unwanted page or pages. (This happens very frequently in particular with Wikipedia.) I can click back to the desired page with few problems.

I have installed Sophos Anti-Virus, iAntiVirus, MacScan, and SecureMac but all of the scans come back clean. I have read through several forums trying to figure out what else it can be and have followed all of those steps to no avail.

I have no idea what is causing this problem. I am really frustrated and would like to figure this out. If anyone can offer any advice or help, I would greatly appreciate it.

Thanks

 

[simsaladimbamba]

There is a part about redirecting titled "Why am I being redirected to other sites?" in the following FAQ:

Mac Virus/Malware Info by GGJstudios
There are currently no viruses for Mac OS X in public circulation, only a handful of trojans and other malware, which have to be installed manually via entering the administrator password.
The only anti-virus you need to protect your Mac is education and common sense.​

Did that help?

Btw, you alluded to additional steps you have taken after using the useless AV software titles. What were they, so we can avoid guessing games?


To edit your thread title to a descriptive one, just click on the

button on the bottom right of your original post and then click the

button below your message.

 

[schrautm]

I have searched for anything related to Mac Defender, Mac Security, Mac Protector, Mac Shield, and Mac Guard.

I have followed the steps in the terminal program using the commands sudo crontab -l (which comes back saying no crontab for root).

At this point I know I've tried other things, but I've been periodically trying to solve this problem and have forgotten some of the things I've tried.

Have I missed something obvious I need to try?

 

[simsaladimbamba]

However, at this point what I need is actual help. I cannot undo the past. So if you have any help going forward I would greatly appreciate that.

Then the part about "Why am I being redirected to other sites?" does not help I presume?

And what were the additional steps besides the AV applications you have taken?

We can't help you if you don't help us with more information, otherwise we will keep guessing, thus prolonging finding a solution for you.

Do you know, what kind of malware you may have installed?
What Mac OS X version do you use? Have you run the latest updates?

And just because it is not liked:

"How to maximise your MacRumors troubleshooting experience" created by mad jew in 2006​

 

[schrautm]

Ok I have tried the searches that walk me through how to deal with Mac Defender, Mac Security, Mac Guard, Mac Shield, and Mac Protector.

I've also run in terminal sudo crontab -l which comes back saying no crontab for root.

Is there something else obvious I'm missing.

----------

Sorry for my frustrated response.....

I am running OS X 10.5.8 and I last ran my software updates yesterday. No change.

 

[John T]

The first thing to do is remove Sophos, iAntiVirus, MacScan, and SecureMac that you have already installed. As explained above, none of these are necessary and can actually slow down and create problems to the system. Getting rid of them could well solve your problems!

 

[schrautm]

Ok I unistalled all of those programs and I'm still having problems.

 

[simsaladimbamba]

Ok I unistalled all of those programs and I'm still having problems.

What about the part I linked you to?

 

[schrautm]

1. I searched through several threads on MacRumors that may be applicable and have been trying them. Usually they work for me, this time I haven't been as lucky. But yes I tried that.

2. Is there a more appropriate Forum for my problems? Mac Basics and Help seemed the most appropriate of all the forums I encountered.

3. I am not sure if what I'm dealing with is Malware, a Trojan Horse, or Virus. I am assuming that is where the problem lies. If I have mis-categorized my thread, please let me know.

4. Hardware Overview:

Model Name: MacBook
Model Identifier: MacBook5,1
Processor Name: Intel Core 2 Duo
Processor Speed: 2.4 GHz
Number Of Processors: 1
Total Number Of Cores: 2
L2 Cache: 3 MB
Memory: 4 GB
Bus Speed: 1.07 GHz
Boot ROM Version: MB51.007D.B03
SMC Version (system): 1.40f2
Serial Number (system):
Hardware UUID: BDB61675-B3C1-5EE2-BBED-AA52CFFC8E57
Sudden Motion Sensor:
State: Enabled

AirPort:

Type: AirPort
Hardware: AirPort
BSD Device Name: en1
IPv4 Addresses: 192.168.1.102
IPv4:
Addresses: 192.168.1.102
Configuration Method: DHCP
Interface Name: en1
NetworkSignature: IPv4.Router=192.168.1.1;IPv4.RouterHardwareAddress=00:12:17:33:84:5f
Router: 192.168.1.1
Subnet Masks: 255.255.255.0
IPv6:
Configuration Method: Automatic
AppleTalk:
Configuration Method: Node
Default Zone: *
Interface Name: en1
Network ID: 65431
Node ID: 163
DNS:
Server Addresses: 93.188.161.105, 93.188.166.105, 1.2.3.4
DHCP Server Responses:
Domain Name Servers: 93.188.161.105,93.188.166.105,1.2.3.4
Lease Duration (seconds): 0
DHCP Message Type: 0x05
Routers: 192.168.1.1
Server Identifier: 192.168.1.1
Subnet Mask: 255.255.255.0
Proxies:
Exceptions List: *.local, 169.254/16
FTP Passive Mode: Yes
Ethernet:
MAC Address: 00:25:00:47:4a:da
Media Options:
Media Subtype: Auto Select

System Software Overview:

System Version: Mac OS X 10.5.8 (9L31a)
Kernel Version: Darwin 9.8.0
Boot Volume: Bremen
Boot Mode: Normal
Computer Name:
User Name:
Time since boot: 1:40

5. Unwanted pop ups and redirects while using both Safari and Firefox.

6. I've been having these problems for at least 2 months, possibly 3.

7. I've tried downloading Sophos, iAntiVirus, MacScan, and SecureMac. I have now uninstalled them. I have run sudo crontab -l with it coming back saying no crontab for root. I have searched for plugins.settings with no such file present. I have searched for Mac Defender, Mac Guard, Mac Security, Mac Protector, and Mac Shield with no related files.

Have I answered all of your questions? If I'm missing anything just let me know.

----------

I have been trying to follow the DNS edit. All of my DNS servers are gray, but I am unable to remove any of them. I am only able to add DNS servers, so I am not able to follow through on the DNS update in the previous post.

 

[Mal]

The answer to your question is none of the above. If you have DNS servers listed that are greyed out, then they are being provided by your router and/or ISP. You've probably fallen victim to a security hole in your router allowing someone to insert bad DNS servers into it. Reset your router (following instructions in the manual, usually involving inserting a paper clip into a small hole and holding a button down with it for 10-15 seconds), and see if the problem disappears.

jW

 

[schrautm]

Also running scutil in terminal followed by show State:/Network/Global/DNS it shows that the list of DNS servers is the same as that listed in the DNS tab under Network.

----------

The router belongs to my roommate. By resetting the router will it reset the network password? If so I will need to hold off on this step until I can discuss this with my roommate.

 

[simsaladimbamba]

The router belongs to my roommate. By resetting the router will it reset the network password? If so I will need to hold off on this step until I can discuss this with my roommate.

Yes.

Btw, using Google and the three IPs provided by the DNS section of your System Proiler snippet gets me this:
http://www.google.com/search?client...oe=UTF-8&redir_esc=&ei=A3qHTqqAMovItAaTmfzgAQ
http://www.google.com/search?client...oe=UTF-8&redir_esc=&ei=CXqHTvDfCc3RsgbAgP3gAQ
http://www.google.com/search?client...oe=UTF-8&redir_esc=&ei=D3qHToWxKIbLsgbN5fngAQ

Maybe your roommate is infested?

Can you access the router via its web interface and change the DNS settings?

 

[schrautm]

Unfortunately I am not having any luck gaining web access to the router. I am going to have to wait until my roommate gets back.

I think she has been having issues with her MacBook as well. Would this mean that her computer is infecting mine via the router or is the router simply compromised?

 

[simsaladimbamba]

Unfortunately I am not having any luck gaining web access to the router. I am going to have to wait until my roommate gets back.

I think she has been having issues with her MacBook as well. Would this mean that her computer is infecting mine via the router or is the router simply compromised?

The router is compromised.
Read the malware FAQ to see what a virus, a trojan and malware is.

 

[schrautm]

Thank you for your help. Once I have done a reset on the router, I will provide an update on the effects.

 

[GGJstudios]

Thank you for your help. Once I have done a reset on the router, I will provide an update on the effects.

You should uninstall all antivirus apps that you installed. You don't need any 3rd party antivirus software to protect your Mac from malware, and it's never advisable to run more than one AV app on any system.

The most effective method for complete app removal is manual deletion:

Best way to FULLY DELETE a program​

 

[schrautm]

Update on my issues......

It seems that resetting the router did the trick.

Thanks for all of the help!

 

[GGJstudios]

Update on my issues......

It seems that resetting the router did the trick.

Thanks for all of the help!

FYI, the first response to this thread gave you all the information you needed to resolve this issue.