Potential trojan/virus problem please help.

Discussion in 'Mac Basics and Help' started by trojan18, Jan 1, 2008.

  1. trojan18 macrumors member

    Joined:
    Mar 4, 2005
    #1
    Before anyone says it, yes, I know my name is trojan18 and I'm posting about possibly having a trojan on my computer. Oh, the irony.

    While surfing the web tonight, I accidentally typed the wrong address into Safari.

    I typed preview.cnn.com instead of just cnn.com because the previous site I was surfing did have a preview in the address and I just wasn't thinking straight.

    But instead of the standard page telling me that the address did not exist, I was redirected to a very shady looking site:

    http://wwwm.help-yield.net/search?qo=preview.cnn.com&rn=wAnOwJ1zkvwXV2J

    The page says it's "powered by Yahoo Search" and has some pretty random links on it related to CNN. Pretty standard search page.

    So I tried again, intentionally putting in a wrong address:

    trojan.macrumors.com leads to http://wwwm.help-yield.net/search?qo=trojan.macrumors.com&rn=7kKcagOmqvCtzRa

    Basically, any completely wrong address with a prefix before the main site will lead me to this help-yield.net search page.

    For example, CNN.com/preview leads me to CNN's standard 401 error. It's only when I do preview.cnn.com or anything.cnn.com that I am taken to help-yield.net

    This is also happening in Firefox as well, same exact story, so it's not just a Safari issue.

    Most shady and/or alarming of all is the following link at the bottom of this "search" page, titled "About this Page"... clicking on it takes you to this:

    About the Search Results Page

    The search results on the prior page were provided to you because you entered keywords or an improperly formatted, currently unavailable, or nonexistent domain name into the address bar. This service is designed to enhance your web surfing experience.

    No software was installed on your computer for this service to work.


    It then features an "opt-out" box where you can stop this site from coming up, but says that in order for it to work, the site will download a cookie to a computer and you must keep this cookie installed or the search page will pop back up again.

    http://wwwm.help-yield.net/options

    Obviously, I'm not downloading anything right now until I figure out what is going on.

    I never installed this, never asked for it, it just started happening.

    Any ideas?

    I'm using an ibook G4 with the latest version of Tiger installed. This is not happening on my newer intel iMac, just this computer.
     
  2. WildCowboy Administrator/Editor

    WildCowboy

    Staff Member

    Joined:
    Jan 20, 2005
    #2
    My understanding is that it's something your ISP has set up to work with their DNS servers.
     
  3. synth3tik macrumors 68040

    synth3tik

    Joined:
    Oct 11, 2006
    Location:
    Minneapolis, MN
    #3
    You think you get a trojan from a site, so you post the hyperlink????
     
  4. EricNau Moderator emeritus

    EricNau

    Joined:
    Apr 27, 2005
    Location:
    San Francisco, CA
    #4
    Yes, I believe this to be the case as well.

    It should be pointed out that viruses/trojans simply don't exist for Mac OS X, so that's definitely not the problem.
     
  5. Eidorian macrumors Penryn

    Eidorian

    Joined:
    Mar 23, 2005
    Location:
    Indianapolis
  6. trojan18 thread starter macrumors member

    Joined:
    Mar 4, 2005
    #6
    I don't believe the site itself is the problem. Just going to the site doesn't start up any downloads or anything. It's whatever is causing the redirect on my computer.

    I'll try the DNS thing and get back. Thanks.
     
  7. trojan18 thread starter macrumors member

    Joined:
    Mar 4, 2005
    #7
    Ok...

    It appears you guys are right.

    After adding the OpenDNS servers and trying preview.cnn.com I am now redirected instead to:

    http://guide.opendns.com/?url=preview.cnn.com

    which is another search page like the last one.

    My question is why the heck would my ISP just suddenly start doing this? This has never happened before and I've been using them for about 10 years. I suppose I can go download the cookie now to stop it from happening but it's just annoying that I have to go out of my way to stop a page from popping up that I never asked them to give me in the first place.

    Thanks for the help
     
  8. WildCowboy Administrator/Editor

    WildCowboy

    Staff Member

    Joined:
    Jan 20, 2005
    #8
    Well, I assume they make money on it from the search company. They'll claim that it's providing a service for you...you should thank them. :D
     
  9. Mitch1984 macrumors 6502

    Mitch1984

    Joined:
    May 16, 2005
    Location:
    Telford
    #9
    Actually. I was reading a Trojan or virus today on news.bbc.co.uk for the mac.
     

Share This Page