Safari virus!? Can't open some web pages, Ads appear instead.

[kingofkev]

When i open some websites through safari (3.2.1) like youtube. i get sent directly to spam (funnygames.com), and then a link to ebay. I have tried resetting safari including its caches, and still the same thing appears.

Is there a way to get rid of these adds that are blocking my websites?, or what is the cause? I really find this annoying and would appreciate some help.

thanks

 

[r.j.s]

Have you installed any shady software recently?

 

[Sun Baked]

Likely the DNS trojan was installed when you updated the porn download video codec.

Don't remember the name of the trojan, but there are some simple methods to see if you have it and to simply remove the file that is causing the DNS issue.

 

[angelwatt]

Well, as I'm sure others will be shouting, there are no viruses on Mac. It could potentially be a trojan. Does this behavior happen with Firefox or just Safari?

 

[Sun Baked]

The same type of trojan has infected some of the pirated software, along with the porn version.

http://www.securemac.com/

There was a simple check that you could do via a quick check of the DNS servers, can't think of it right now.

Edit: Zlob DNS Changer

Checking for it... http://www.macworld.com/article/60823/2007/10/trojanhorse.html

 

[kingofkev]

So i checked the dns servers and nothing seems to be irregular. I also ran the iservices trojan removal tool and it didn't pick up anything. The last thing i can remember downloading that asked for my admin password was Handbrake. I don't think i downloaded any codecs other than the ones i already have. Eg, divx, flip 4 mac etc.

Is there anything else that could cause this problem?

 

[Sun Baked]

If the scutil followed by show State:/Network/Global/DNS in terminal doesn't return anything on the DNS server watch list, don't know.

Along with nothing in sudo crontab -l

 

[trevpimp]

So in order to not get a trojan for Mac OS X I just can't give my password after installing an app? Do all installed apps ask for a password to run? If yes, then how do we know if it's a legit application?

 

[Sun Baked]

So in order to not get a trojan for Mac OS X I just can't give my password after installing an app? Do all installed apps ask for a password to run? If yes, then how do we know if it's a legit application?

Basically for the Mac, download from legit sites, or take your own risk.

However, this trojan doesn't always reside on the Mac, sometimes your router will get infected.

Don't know the check for that.

 

[Jethryn Freyman]

So in order to not get a trojan for Mac OS X I just can't give my password after installing an app? Do all installed apps ask for a password to run? If yes, then how do we know if it's a legit application?

Only install software from trusted sites.

If you know what you're doing, you can look through the installer package (.pkg file) and search or anything fishy.

I also ran the iservices trojan removal tool and it didn't pick up anything

OP: There are three different trojans you could have:

OSX.DNSChanger
OSX.RSPlug
OSX.iServices

However, this trojan doesn't always reside on the Mac, sometimes your router will get infected.

OS X trojans can't run on routers. It has to be router specific, or the result of a direct attack on the router.

I don't think i downloaded any codecs other than the ones i already have. Eg, divx, flip 4 mac etc.

Install Perian for Quicktime and Flip4Mac. Anything else is unnecessary, redundant, dangerous, or a trojan.

 

[Sun Baked]

OS X trojans can't run on routers. It has to be router specific, or the result of a direct attack on the router.

Don't know much about the DNSChanger attacks on the routers or if they have gone beyond the D-Link and Linksys routers.

But if you don't find anything on the Mac, the router is worth spending 30 seconds on.

 

[Jethryn Freyman]

OS X trojans can't run on routers. It has to be router specific, or the result of a direct attack on the router.

Oops, I was wrong here.

Apparently the DNSChanger trojan can change router settings.

To fix that, go to your router and correct your DNS settings.

OP: Run a scan with iAntiVirus.

 

[MisterMe]

Only install software from trusted sites.

...

Install Perian for Quicktime and Flip4Mac. Anything else is unnecessary, redundant, dangerous, or a trojan.

That is way over the top. You warning can potentially lumps some codecs that have been around much longer and may be much better known than either Perian or Flip4Mac. The codec is not dangerous if it is listed on Apple's QuickTime codec webpage.

This is by no means a comprehensive list of legitimate codecs. You listed three (3) QuickTime trojans. They are not a reason for avoiding all other codecs. As of now, you will not encounter a trojan if you don't download codecs from porn sites and if you don't download pirated software. There is no substitute for thinking.

 

[EmperorDarius]

To verify if it's a DNS changer or not, try using OpenDNS and see if things change:

https://www.opendns.com/start/device/apple-osx-leopard/

You could also run a scan with the free: www.iantivirus.com

 

[Jethryn Freyman]

That is way over the top. You warning can potentially lumps some codecs that have been around much longer and may be much better known than either Perian or Flip4Mac. The codec is not dangerous if it is listed on Apple's QuickTime codec webpage.

This is by no means a comprehensive list of legitimate codecs. You listed three (3) QuickTime trojans. They are not a reason for avoiding all other codecs. As of now, you will not encounter a trojan if you don't download codecs from porn sites and if you don't download pirated software. There is no substitute for thinking.

As far as I know, Perian + Flip4Mac cover every single video codec (with the exception of "dumb", rarely used codecs like RealMedia, and professional codecs, like MPEG2.)

 

[MisterMe]

As far as I know, Perian + Flip4Mac cover every single video codec (with the exception of "dumb", rarely used codecs like RealMedia, and professional codecs, like MPEG2.)

That is so not the issue. The issue is that you are carrying on as though Perian and Flip4Mac are the only safe codecs. The truth is that there are numerous safe codecs that have been around for much longer than either Perian or Flip4Mac.

And another thing--the QuickTime codec for Real Media is neither "dumb" nor rarely used. The proper term is nonexistent and therefore never used. To play Real Media on the Mac, you need RealPlayer.

 

[Jethryn Freyman]

That is so not the issue. The issue is that you are carrying on as though Perian and Flip4Mac are the only safe codecs. The truth is that there are numerous safe codecs that have been around for much longer than either Perian or Flip4Mac.

That's true, but after Perian and Flip, most are redundant. I just wanted to make sure any newbies weren't confused, after all, Perian and Flip do handle nearly every format you'll come across.

Anyway, to the OP: Run a scan with iAntiVirus and then fix your DNS servers on your computer in system preferences and on your modem/router.

 

[MisterMe]

That's true, but ....

Accurate information is better. Confusion is an opportunity to for the newbie to learn.