New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Apps and Games Discussion of applications and games available for Mac OS X.

malware/Trojan/google hack?! HELP


Post Reply New Thread Subscribe

 
Thread Tools
thedj4d

 
Member Since: Oct 10, 2008
Posts: 7
thedj4d is on a distinguished road

thedj4d is offline
right first post here so here goes!

On our network we have macs and pcs all of which were having a problem when following links from google... So I have now hard reset our router and am in the process of reintroducing each computer to the network after vigarous virus checks... My MacBook was first to go back on network a d the problem remains... Virus barrier has picked up nothing...

Please help as our network cannot be fully reinstated until I have figured out the cause of this problem and how go solve it.

Kind regards.
QUOTE Thanks
thedj4d

 
Member Since: Oct 10, 2008
Posts: 7
thedj4d is on a distinguished road

thedj4d is offline
Anyone?!
QUOTE Thanks
rman

 
rman's Avatar
 
Member Since: Dec 24, 2002
Location: Los Angeles, California
Posts: 12,591
rman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud of
Mac Specs: 2 x 3.0GHz Quad-Core, 6GB OS X 10.6.8 | 15in MacBook Pro 2.2GHz OS X 10.6.8 | 64GB iPad 2 WiFi

rman is offline
For someone to help you, you need to give out a little more information on the nature of the problem.

Because you state that this problem exists on both OS X and windows, it may not be what you are suggesting.

Life isn't about waiting for the storm to pass, It's about learning to dance in the rain!
QUOTE Thanks
louishen

 
louishen's Avatar
 
Member Since: Oct 22, 2007
Location: London
Posts: 8,945
louishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant future
Mac Specs: Mac Mini Core i7 2012 | White 2009 MacBook 2 Ghz | 733 Mhz G4 Quicksilver

louishen is offline
Are you talking about DNS redirects links going to the wrong sites

If so check your routers DNS servers, the problem may be there

Member of the Month September 2008 & August 2012 | Found advice useful? use the rep system
QUOTE Thanks
thedj4d

 
Member Since: Oct 10, 2008
Posts: 7
thedj4d is on a distinguished road

thedj4d is offline
Thanks Rman I'll try and give a little more detail.

Firstly this is a problem that our computers only suffer with when using our network. Friends and public wifi spots are fine and uninfected.

Although the problem was present on Pcs and Macs on the network, it is now only worrying me on the macs as all pcs on the network have had a fresh installation + security update and are awaiting the problem to be resolved on our macs before being reintroduced to network.

The issue on the macs is now this - when following a link on google, instead of taking me to the requested site I see the address bar at the top of firefox scan through various sites and eventually end of at a random page.

This random page usually includes my original google search term but bears no relevance to requested page - ie band's myspace page.

I have done some online research into this and have found various pages: -

The first seems to come to the conclusion that the problem we are having is a trojan named - OSX.RSPlug.A.
How to Remove the OSX.RSPlug.A Trojan Horse from your Mac | eHow.com
However the solution detailed on the page does not solve the problem.

-Virus Barrier has found no problems.
-There is no file entitled 'plugin.settings' in the Internet Plug-Ins folder
-I have opened Terminal and followed the insturctions from the page: -

Type in "sudo crontab -l" (the letter L, and minus the quotes), hit Return, and enter your administrator password when asked. If it returns with anything other than "crontab: no crontab for root", you are most likely infected.

And my mac does return with "crontab: no crontab for root"

This makes it seem as if I am not suffering from the problem but the redirects on google, ONLY WHEN USING OUR NETWORK, still continue?

The second page I have found on this subject/problem is this: -
Macworld | First Look: Trojan Horse warning: What you need to know

This page again talks of the same solution, by deleting plugin.settings file (which is not present on my macbook) and then checking by doing the same terminal check which my macbook passed.

However this page does advise you to check in System Preferences/Network/Advanced and then viewing the DNS tab. Here, the pages says you should have no grey DNS servers listed. I have three?!

Is there a way to check where each one of them is being received by?

Why would I have three?

How do I remove any of them as they all have greyed out minus buttons?

Many thanks to anyone that can help with this.
QUOTE Thanks
thedj4d

 
Member Since: Oct 10, 2008
Posts: 7
thedj4d is on a distinguished road

thedj4d is offline
Quote:
Originally Posted by louishen View Post
Are you talking about DNS redirects links going to the wrong sites

If so check your routers DNS servers, the problem may be there
How would I go about doing this? What would I be looking for when viewing the router settings?

Many thanks.
QUOTE Thanks
louishen

 
louishen's Avatar
 
Member Since: Oct 22, 2007
Location: London
Posts: 8,945
louishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant future
Mac Specs: Mac Mini Core i7 2012 | White 2009 MacBook 2 Ghz | 733 Mhz G4 Quicksilver

louishen is offline
Contact your ISP and ask them for the addresses of the DNS servers they use

If you routers DNS settings are in any way different, then it may be that the router has been hijacked and no amount of cleaning up any Mac or PC is going to cure the problem

The OSX.RSPlug.A Trojan got a lot of press, but users had to take active steps to install it, and grant it admin privileges (in the false belief they could then see a saucy video), so in reality it didn't ever infect many machines

Member of the Month September 2008 & August 2012 | Found advice useful? use the rep system
QUOTE Thanks
dtravis7

 
dtravis7's Avatar
 
Member Since: Jan 04, 2005
Location: Modesto, Ca.
Posts: 27,609
dtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond repute
Mac Specs: iMac 2.4 C2D 10.9.4, iMac 2.16 C2d 10.6.8, Macbook2007 10.8.4, Mac Mini 10.8.4, iPhone 3GS Note 8!!

dtravis7 is offline
Can you take a screen shot of the network panel on the DNS Tab and post it? If you do not know how to do a screen shot in osx, let us know. I have 2 grayed out entries but they are the default DNS that comes from my ISP and is in the router. The 2 entries that I can edit are OPEN DNS that I added.

I have no issues at all with any DNS redirects here. If I can see what the IP of the grayed out servers are I could do a trace and see what they are.
QUOTE Thanks
thedj4d

 
Member Since: Oct 10, 2008
Posts: 7
thedj4d is on a distinguished road

thedj4d is offline
Hi dtravis7,

Since your post I have traced the DNS Servers and the results are this...

DNS servers 1 & 2 trace info comes back as this: -

Network name : UKRTELEGROUP
Infos : UkrTeleGroup Ltd.
Country : Ukraine (UA)

DNS Server No.3 comes back as this: -

Network name : UK-CABLEINET-20000211
Infos : Cable Internet Ltd
Infos : PROVIDER Local Registry
Country : United Kingdom (GB)

Now as I am in the U.K currently it seems odd to have two of the three DNS servers pointing to Ukraine?!
QUOTE Thanks
dtravis7

 
dtravis7's Avatar
 
Member Since: Jan 04, 2005
Location: Modesto, Ca.
Posts: 27,609
dtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond reputedtravis7 has a reputation beyond repute
Mac Specs: iMac 2.4 C2D 10.9.4, iMac 2.16 C2d 10.6.8, Macbook2007 10.8.4, Mac Mini 10.8.4, iPhone 3GS Note 8!!

dtravis7 is offline
Can you check your router and view the DNS there? See if the Ukraine servers show up in the routers DNS info.
QUOTE Thanks
thedj4d

 
Member Since: Oct 10, 2008
Posts: 7
thedj4d is on a distinguished road

thedj4d is offline
Hi dtravis7,

Thanks for your continued help -

I have checked in the router settings and ONLY the Ukraine DNS servers show in my router?!
QUOTE Thanks
thedj4d

 
Member Since: Oct 10, 2008
Posts: 7
thedj4d is on a distinguished road

thedj4d is offline
Any further suggestions?
QUOTE Thanks
louishen

 
louishen's Avatar
 
Member Since: Oct 22, 2007
Location: London
Posts: 8,945
louishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant futurelouishen has a brilliant future
Mac Specs: Mac Mini Core i7 2012 | White 2009 MacBook 2 Ghz | 733 Mhz G4 Quicksilver

louishen is offline
I take it you are not in the Ukraine

I would strongly suspect those Ukciane DNS servers to be the root of the problem

Try and delete them at thr router and replace them with the ones your ISP uses or the open DNS servers

https://www.opendns.com/smb/start/router/

Member of the Month September 2008 & August 2012 | Found advice useful? use the rep system
QUOTE Thanks

Post Reply New Thread Subscribe


« I cannot open shiira 2.2 | CoD4 for Mac »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
iPhone 2.0 T-Mobile Hack nwa122 iOS and Apps 2 07-26-2008 02:01 PM
iPhone hack wishlist blog jakeroberts iPhone Hardware and Accessories 0 06-30-2007 08:43 AM
iBook Clamshell Hack Resolution? mateo107 Apple Notebooks 2 04-27-2005 09:44 PM
Spanning hack with the iMac adiliegro Switcher Hangout 2 10-13-2004 10:36 PM

All times are GMT -4. The time now is 12:22 PM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?