Malware Virus on Firefox and Safari in Leopard - Help!!!

Discussion in 'macOS' started by ayasinsk, Sep 19, 2008.

  1. ayasinsk macrumors regular

    Joined:
    Apr 29, 2008
    #1
    I got a weird malware somehow on my iMac running Leopard 10.5.5 When ever I try going to www.digg.com it takes to a spsecuritycenterr.com which is a website for PC malware scanning. I don't know what to do. I tried both Firefox and Safari and when I go to digg.com same thing happens. Please help.
     
  2. SilentPanda Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
  3. ayasinsk thread starter macrumors regular

    Joined:
    Apr 29, 2008
    #3
    Can you please be a little more specific? I can ping digg.com just fine, don't know if that helps any.
     
  4. xUKHCx Administrator emeritus

    xUKHCx

    Joined:
    Jan 15, 2006
    Location:
    The Kop
    #4
    Did you recently install a video codec? Or something else like that.

    Go to System Preferences - Network - Choose which one you use to connect e.g. Airport - Advanced - DNS and if there are entries there that you didn't add remove them and perhaps check out this article
     
  5. ayasinsk thread starter macrumors regular

    Joined:
    Apr 29, 2008
    #5
    I don't remember really installing anything lately. Anyways under DNS servers(which I didn't add) there are two entries:

    85.255.113.143
    85.255.112.67

    However I can't even delete them. They are not clickable and the minus button is not either. My search domains box is empty.
     
  6. xUKHCx Administrator emeritus

    xUKHCx

    Joined:
    Jan 15, 2006
    Location:
    The Kop
    #6
    Putting those into google suggest they could well be the cause of the problem. In regards to removing them I am not sure, there are a couple of steps outlined in the proposed article above that may work.
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    Did you click the lock in the lower left corner to make changes? You should be able to delete those two entries. Your ISP should automatically populate the DNS servers.
     
  8. Mal macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #8
    If you can't delete them, they're not being stored on your computer, but on a router or another device providing DNS to your computer. I'd suggest deleting them from your router and then changing all of your passwords on that router (and possibly the computer too). Someone may have hopped on your wifi if it's unsecured or poorly secured and inserted those settings while they were there.

    If you can't get that to work, reset the router to factory defaults (look at the instructions for the router) and start over, again with the strongest security you have available.

    jW
     
  9. ayasinsk thread starter macrumors regular

    Joined:
    Apr 29, 2008
    #9
    The lock button is not locked so that's not the issue. The funny thing is that when I'm using the wifi on my iphone and ibook I can go to digg.com without a problem. My imac is also using same wifi. So I'm sure it's a problem with my imac somewhere.
     
  10. indefatigable macrumors member

    Joined:
    Sep 25, 2008
    #10
    I'm going to add to this briefly.

    After getting a funky system freeze in Firefox, I checked in terminal with the sudo crontab -l command for the aforementioned trojan, and it came back with nada.

    However, I *do* have grayed out DNS entries. I assume this is because I have vonage between my comp. and my cable modem.

    Do you have any similar setup?
     
  11. Sun Baked macrumors G5

    Sun Baked

    Joined:
    May 19, 2002
    #11
    Well those DNS entries are definitely in the Possible Hostile Inhoster Addresses list.

    You have the trojan...

    There was a mention of where the trojan drops its file, so you can delete it directly.

    Edit: May try this... from the do i have a trojan link.

     
  12. ayasinsk thread starter macrumors regular

    Joined:
    Apr 29, 2008
    #12
    I finally got the problem fixed a few days ago. On my iphone I checked the DNS server it was using on my wifi, and simply typed that address in under my network/dns settings. It works liked like a charm ever since.
     

Share This Page