Safari - spyware or internet problem?

Discussion in 'Mac Basics and Help' started by harveypooka, Jun 25, 2008.

  1. harveypooka macrumors 65816

    Joined:
    Feb 24, 2004
    #1
    A friend of mine has been using Safari on 10.5 and he's having some problems accessing sites.

    If he visits google.com, type in a search and click on a link, the Safari progress bar at the top flickers and takes him to a random site, but sometimes related to his search. Visiting, for example, www.bbc.co.uk, is fine. When he starts Safari there is an IP, something like "//64.28.190.75/click...3c67" and so on. I've tried reseting Safari and the problem remains.

    I can't get the best details as I'm not with him, but what the hell is going on? I told him to disconnect his network and try opening Safari and nothing happens, nothing on the machine is routing him to this IP.

    A bit vague, but I can't figure it out. No other machines on the network display this weirdness.
     
  2. kresh macrumors 6502a

    kresh

    #2
    have you deleted Safari's .plist and cache files in the library folders and restarted?


    edit: Now that I think about it. There was a Trojan going around asking Safari users to download a codec to view media files (usally porn). This trojan reset the dns list. Try looking in network settings and see what dns servers the machine is pointed to. You might want to search this trojan on Google, I know that Macworld had an awesome article about it and a way to fix it. The symptoms you describe match this as best I can remember.

    2nd edit: link to Macworld article on this trojan
     
  3. merl1n macrumors 65816

    merl1n

    Joined:
    Mar 30, 2008
    Location:
    New Jersey, USA
    #3
    Try emptying Safari's cache (under the Safari menu). If that doesn't fix it, try resetting Safari (same menu).
     
  4. motulist macrumors 68040

    motulist

    Joined:
    Dec 2, 2003
    #4
    It sounds like your friend probably has installed a trojan. A trojan requires you, the administrator, to type in your administrator password in order for the OS to confirm that you are giving the software permission to install. If you choose to install a program that comes from an untrustworthy source then there's nothing that any system can do to save you from yourself.

    Most cases I've heard of that successfully trick people into installing a trojan are programs say they are a video codec needed to see a video on some webpage. Never type in your administrator password to run software that doesn't come from a trustworthy source.

    Anyway, run this anti-trojan program and tell us if that was the problem.

    http://macscan.securemac.com/files/DNSChangerRemovalTool.dmg
     

Share This Page