Safari redirecting to http://afew.zoyufo.pw?

Tomb01

macrumors 6502
Original poster
Jan 6, 2009
368
20
Colleyville, TX
I think I have been infected. My Catalina Safari regularly redirects to http://afew.zoyufo.pw, which seems to be one of those stupid 'update your adobe' sites. How do I kill that? thanks in advance...

OK, so did the 'developer' clear cache thing, tried to delete all my cookies, still getting redirected to http://afew.zoyufo.pw. How do I stop that?
 

BrianNJ

macrumors newbie
Feb 27, 2020
1
0
Was getting the same on my iPad and was able to get rid of it by clearing website data (different then clearing cookies). On the iPad you go to Settings, select Safari, move to the bottom select Advanced, select Website Data, then select Remove All Website Data. That worked for me but you will need to signin to all of your sites again. Not sure how you do the same on your machine.
 
Last edited:

Thompson Wells

macrumors newbie
Feb 27, 2020
2
0
I am getting the same thing every time I try to open Academia.edu on safari. However, the site works fine on chrome. Very aggravating. What would you recommend doing to fix it. I tried virus scans and it didn't work etc. tried deleting history worked for a second. Weird it only happens on that one webpage
 

dayta

macrumors newbie
Feb 28, 2020
3
1
I just got hit with this same malware today - now I can't use Safari. Malwarebytes isn't working and neither is clearing browser history/extension...can anyone help???
 

FNH15

macrumors 6502
Apr 19, 2011
326
236
I just got hit with this same malware today - now I can't use Safari. Malwarebytes isn't working and neither is clearing browser history/extension...can anyone help???
Go to System Preferences - do you see a Profiles preference pane? If you do, go in and see if you have any profiles in there which you did not explicitly install.
 

mtdhtx

macrumors newbie
Feb 28, 2020
2
1
I just started getting this from cnn.com. Not occurring on other websites I visit.

I blocked afew.zoyufo.pw on my netgear router. probably should completely block palau. they have a reputation for nefarious criminal websites.

Sent a message to cnn they got malware advertising.
 

MJPinSF

macrumors newbie
Feb 29, 2020
4
2
It's happening on the NY Times homepage, tonight (2/28 - early morning 2/29). It happened there Wednesday night, too, as well as on some other sites, but had stopped by Thursday morning. It happened to many people. They thought it was related to ads on those pages, but not a malware infection on their own computers. It occurred then on my iPad as well as on my Mom's MacBook Pro, starting and stopping on both at the very same time. Tonight it's on my iMac desktop.

Wednesday night it was directing to ufye.koofukrev.site rather than this one, but the result was the same.

We are on Mojave and iOS 13.3.

One more thing I'm remembering is that on both my Mom's computer and my iPad the other night, the first message that showed up was that Norton Utility Anti-Virus subscription had expired and needed to be renewed—in other words, a different message than the Flash update that later appeared and is appearing now. Neither of us has/had a Norton subscription of any kind.


More info from tonight, 2/28-2/29: My iPad is redirecting to a different page for the Flash update than the iMac: deej.almeusciu.site

On both my iMac and iPad, the NY Times homepage flips to the Flash Update page when a particular Crate & Barrel banner ad shows up on the screen.

Screen Shot 2020-02-29 at 1.14.16 AM.png


If that ad doesn't show up anywhere on the page, then it doesn't flip over to the Flash update page. And if the ad does happen to be present, it doesn't flip over until I scroll down the page to where the ad loads in the particular banner. It starts to flip as soon as the ad appears, even if it's mid-way down the page.

My Firefox is somehow configured that there are no banner ads, so I can't compare to see if there's a problem there.
 
Last edited:
  • Like
Reactions: Chung123

mtdhtx

macrumors newbie
Feb 28, 2020
2
1
They thought it was related to ads on those pages, but not a malware infection on their own computers.

That is my take on it, News organizations vetting their flood of advertisers has to be a major headache & distraction.
some are intended to fleece views, some are intended to screw with the website.

It is a real problem, then you got these ads sucking up 100% of the cpu, doing who knows what.
CNN is really bad with this kind of advertiser.


,
 
  • Like
Reactions: Riwam

smirking

macrumors 68030
Aug 31, 2003
2,626
2,288
Silicon Valley
This is happening all over the place that is running ads from certain networks. It's not site specific. The compromised ad(s) that is redirecting your browser is traveling through one or more major ad networks. Don't download anything it presents you and you'll be fine. In the past, this usually continues for up to a week before the ad network squashes it for good. I even got it browsing South China Morning Post out of Hong Kong.
 

processexp10

macrumors newbie
Mar 1, 2020
8
0
Most of the times this type of malware infection is caused by a fake profile created on your mac. You can check if your mac profiles and see if there is an entry that you don't recognize.

1. Click on Apple icon
2. Click on System Preferences
3. Click on Users and Groups
4. On the right side check if there's any unfamiliar account.

If it's clean, you may want to check if the redirection happens on all of your browsers. ie. Safari or Chrome or both then from there you can proceed with the manual cleanup.

Let me know if you need help :)
 

dayta

macrumors newbie
Feb 28, 2020
3
1
To your points below:

- I checked this and there are no other profiles on my comp.
- I tried using Chrome on the same pages where the malware came up - no issues that I've seen vs Safari.

It sounds like people are saying it's site-specific based on ad systems, but I'm seeing the issue strictly when using Safari. Any ideas on how to get rid of this annoyance?


Most of the times this type of malware infection is caused by a fake profile created on your mac. You can check if your mac profiles and see if there is an entry that you don't recognize.

1. Click on Apple icon
2. Click on System Preferences
3. Click on Users and Groups
4. On the right side check if there's any unfamiliar account.

If it's clean, you may want to check if the redirection happens on all of your browsers. ie. Safari or Chrome or both then from there you can proceed with the manual cleanup.

Let me know if you need help :)
 
  • Like
Reactions: MJPinSF

smirking

macrumors 68030
Aug 31, 2003
2,626
2,288
Silicon Valley
It sounds like people are saying it's site-specific based on ad systems, but I'm seeing the issue strictly when using Safari. Any ideas on how to get rid of this annoyance?
It might be written to only target Safari because the payload is specific to MacOS. This kind of scheme isn't very subtle. It's easily detected and fools few people so it might be that you want to make every exposure count. Only targeting Safari would effectively filter out anyone on a PC.

Since it only affects Safari, you could just use a different browser for a week. You could also use an ad blocker until the problem goes away. I normally don't ad block as I want to support the sites I visit, but if I'm getting pelted by redirect injections, I'll turn on ad blocking for a week. Usually that's about how long it takes the ad network to quash the issue for good.
 

processexp10

macrumors newbie
Mar 1, 2020
8
0
hi @dayta ,

So it means the issue is isolated on your Safari browser only. With this we can easily proceed with the checking and clean up.

1. We need to check for any unwanted Safari Extension installed on the Safari. You may follow the steps below.

a. Open Safari browser
b. Click on Safari on the upper left corner and choose Preferences
c. This will open the window of Safari extensions. Please remove all unwanted extension or unknown extension that you will see on the left side.

2. Can you also take a screenshot if the exact issue that is happening on your Safari?
 

MJPinSF

macrumors newbie
Feb 29, 2020
4
2
hi @dayta ,

So it means the issue is isolated on your Safari browser only. With this we can easily proceed with the checking and clean up.

1. We need to check for any unwanted Safari Extension installed on the Safari. You may follow the steps below.

[SNIP]
As I reported above, the problem happened to me twice last week. I have NO extensions at all for Safari on my iMac. My Mom also has NO Safari extensions on her MacBook, and it happened to her, too.

I also have NO other user accounts, known or unknown, on my iMac, as suggested prior.

I, and quite a few others here, do not think it's a malware problem.

As I also reported above, I was able to trace the problem and isolate it to one banner ad (for Crate & Barrel) that showed up on the NY Times website, part of a rotating series of ads interspersed throughout the articles, down the page.

I also later recalled that I had the same problem many months ago with the San Francisco Chronicle's website. When I contacted their webmaster, he replied that it had to do with the ads and that they had no control over the situation, but that it would be corrected when the ad provider fixed the problem on their end. Just like these occurences, it was very temporary (going away by the next morning).

It's annoying as h•ll, but it's not a problem with anyone's computer. As smirking has said, if it is a problem, you can always use an ad blocker. (My Firefox had no ads, and I don't use Chrome, so I couldn't tell if the problem occurred with either of them.)
 
Last edited:
  • Like
Reactions: Chung123

revmacian

macrumors 68000
Oct 20, 2018
1,745
1,449
USA
As I reported above, the problem happened to me twice last week. I have NO extensions at all for Safari on my iMac. My Mom also has NO Safari extensions on her MacBook, and it happened to her, too.

I also have NO other user accounts, known or unknown, on my iMac, as suggested prior.

I, and quite a few others here, do not think it's a malware problem.

As I also reported above, I was able to trace the problem and isolate it to one banner ad (for Crate & Barrel) that showed up on the NY Times website, part of a rotating series of ads interspersed throughout the articles, down the page.

I also later recalled that I had the same problem many months ago with the San Francisco Chronicle's website. When I contacted their webmaster, he replied that it had to do with the ads and that they had no control over the situation, but that it would be corrected when the ad provider fixed the problem on their end. Just like these occurences, it was very temporary (going away by the next morning).

It's annoying as h•ll, but it's not a problem with anyone's computer. As smirking has said, if it is a problem, you can always use an ad blocker. (My Firefox had no ads, and I don't use Chrome, so I couldn't tell if the problem occurred with either of them.)
Install an adblocker and this problem will disappear.
 
Last edited:

MJPinSF

macrumors newbie
Feb 29, 2020
4
2
Installing adblocker in this problem will disappear.
I already said that in my post: "if it is a problem, you can always use an ad blocker."

So I am aware of that solution. The issue hasn't come up anywhere often enough that it's a real problem for me.

But thanks, anyway.
 

dayta

macrumors newbie
Feb 28, 2020
3
1
One thing that makes me worried it is malware (not the ad-based virus you mentioned) is that when I check "Manage Website Data" in the Privacy tab of Safari, I see there are dozens and dozens of random websites that I've never visited which are apparently storing my data.

I "Remove All" but they still come back after I start using Safari again - that can't be right?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.