Safari virus!? Can't open some web pages, Ads appear instead.

Discussion in 'Mac Apps and Mac App Store' started by kingofkev, May 8, 2009.

  1. kingofkev macrumors newbie

    Joined:
    Mar 3, 2009
    #1
    When i open some websites through safari (3.2.1) like youtube. i get sent directly to spam (funnygames.com), and then a link to ebay. I have tried resetting safari including its caches, and still the same thing appears.

    Is there a way to get rid of these adds that are blocking my websites?, or what is the cause? I really find this annoying and would appreciate some help.

    thanks
     
  2. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #2
    Have you installed any shady software recently?
     
  3. Sun Baked macrumors G5

    Sun Baked

    Joined:
    May 19, 2002
    #3
    Likely the DNS trojan was installed when you updated the porn download video codec.

    Don't remember the name of the trojan, but there are some simple methods to see if you have it and to simply remove the file that is causing the DNS issue.
     
  4. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #4
    Well, as I'm sure others will be shouting, there are no viruses on Mac. It could potentially be a trojan. Does this behavior happen with Firefox or just Safari?
     
  5. Sun Baked macrumors G5

    Sun Baked

    Joined:
    May 19, 2002
    #5
  6. kingofkev thread starter macrumors newbie

    Joined:
    Mar 3, 2009
    #6
    So i checked the dns servers and nothing seems to be irregular. I also ran the iservices trojan removal tool and it didn't pick up anything. The last thing i can remember downloading that asked for my admin password was Handbrake. I don't think i downloaded any codecs other than the ones i already have. Eg, divx, flip 4 mac etc.

    Is there anything else that could cause this problem?
     
  7. Sun Baked macrumors G5

    Sun Baked

    Joined:
    May 19, 2002
    #7
    If the scutil followed by show State:/Network/Global/DNS in terminal doesn't return anything on the DNS server watch list, don't know.

    Along with nothing in sudo crontab -l
     
  8. trevpimp macrumors regular

    trevpimp

    Joined:
    Apr 16, 2009
    Location:
    Inside A Mac Box
    #8
    So in order to not get a trojan for Mac OS X I just can't give my password after installing an app? Do all installed apps ask for a password to run? If yes, then how do we know if it's a legit application?
     
  9. Sun Baked macrumors G5

    Sun Baked

    Joined:
    May 19, 2002
    #9
    Basically for the Mac, download from legit sites, or take your own risk.

    However, this trojan doesn't always reside on the Mac, sometimes your router will get infected.

    Don't know the check for that.
     
  10. Jethryn Freyman macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #10
    Only install software from trusted sites.

    If you know what you're doing, you can look through the installer package (.pkg file) and search or anything fishy.

    OP: There are three different trojans you could have:

    OSX.DNSChanger
    OSX.RSPlug
    OSX.iServices

    OS X trojans can't run on routers. It has to be router specific, or the result of a direct attack on the router.

    Install Perian for Quicktime and Flip4Mac. Anything else is unnecessary, redundant, dangerous, or a trojan.
     
  11. Sun Baked macrumors G5

    Sun Baked

    Joined:
    May 19, 2002
    #11
    Don't know much about the DNSChanger attacks on the routers or if they have gone beyond the D-Link and Linksys routers.

    But if you don't find anything on the Mac, the router is worth spending 30 seconds on.
     
  12. Jethryn Freyman macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #12
    Oops, I was wrong here.

    Apparently the DNSChanger trojan can change router settings.

    To fix that, go to your router and correct your DNS settings.

    OP: Run a scan with iAntiVirus.
     
  13. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #13
    That is way over the top. You warning can potentially lumps some codecs that have been around much longer and may be much better known than either Perian or Flip4Mac. The codec is not dangerous if it is listed on Apple's QuickTime codec webpage.

    This is by no means a comprehensive list of legitimate codecs. You listed three (3) QuickTime trojans. They are not a reason for avoiding all other codecs. As of now, you will not encounter a trojan if you don't download codecs from porn sites and if you don't download pirated software. There is no substitute for thinking.
     
  14. EmperorDarius macrumors 6502a

    Joined:
    Jan 2, 2009
    #14
  15. Jethryn Freyman macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #15
    As far as I know, Perian + Flip4Mac cover every single video codec (with the exception of "dumb", rarely used codecs like RealMedia, and professional codecs, like MPEG2.)
     
  16. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #16
    That is so not the issue. The issue is that you are carrying on as though Perian and Flip4Mac are the only safe codecs. The truth is that there are numerous safe codecs that have been around for much longer than either Perian or Flip4Mac.

    And another thing--the QuickTime codec for Real Media is neither "dumb" nor rarely used. The proper term is nonexistent and therefore never used. To play Real Media on the Mac, you need RealPlayer.
     
  17. Jethryn Freyman macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #17
    That's true, but after Perian and Flip, most are redundant. I just wanted to make sure any newbies weren't confused, after all, Perian and Flip do handle nearly every format you'll come across.

    Anyway, to the OP: Run a scan with iAntiVirus and then fix your DNS servers on your computer in system preferences and on your modem/router.
     
  18. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #18
    Accurate information is better. Confusion is an opportunity to for the newbie to learn.
     

Share This Page