Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Resolved Need help with redirect virus
- Thread starter Loa
- Start date
- Sort by reaction score
Sounds like malvertising to me, where a bad ad is redirecting you. Try using an ad blocker. Sometimes clearing the browser's cache and cookies can help as well.
It’s possible that malicious software has modified your network configuration, causing these redirects. You should check your DNS and proxy settings.
For DNS settings:
- On macOS, go to System Preferences > Network > Advanced > DNS and make sure you're using a trusted DNS like Google (8.8.8.8) or Cloudflare (1.1.1.1) or your ISP.
- On Windows, open Control Panel > Network and Internet > Network Connections, right-click your connection, select Properties, then IPv4, and verify the DNS settings.
- On macOS, go to System Preferences > Network > Advanced > Proxies and check that no unknown proxies are listed.
- On Windows, go to Settings > Network & Internet > Proxy and make sure there’s nothing unusual configured.
Check the following locations for anything sus..
- ~/Library/LaunchAgents and /Library/LaunchAgents
These folders can contain scripts or apps that run at login. Check for sus or unknown files. - ~/Library/LaunchDaemons and /Library/LaunchDaemons
Similar to LaunchAgents, but these run at the system level. Look for anything unfamiliar or that doesn’t match software you’ve installed. - ~/Library/Preferences
Configuration files for apps are stored here. Sometimes malware will drop files with odd names. Be cautious when deleting, as legitimate apps use this folder too. - ~/Library/Application Support
Applications store their supporting files here. Check for unknown folders or files that don’t match your installed apps. - ~/Library/Caches
Cached data from apps and browsers is stored here. Clearing caches for your browser might help if the issue is browser-related.
Thanks for the very detailed information. DNS and proxy were fine, as were the launch agents and deamons. But there are a LOT of files in the last 3 folders and after a cursory look I didn't find anything suspicious.
And yes, it only happens in Chrome. Hasn't happened since yesterday morning though.
And yes, it only happens in Chrome. Hasn't happened since yesterday morning though.
Have you checked the extensions or plug-ins for Chrome, to see if something has been installed there?
See if the problem occurs in a brand new user account -- if not, then the problem is somewhere in your old user Library. If it is still there, the problem is at the root /Library level.
See if the problem occurs in a brand new user account -- if not, then the problem is somewhere in your old user Library. If it is still there, the problem is at the root /Library level.
No one was ever worse off for not using Chrome. 😆 Plenty of other Chromium-based browsers have better security, privacy, and efficiency.