New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Operating System General OS operation information and support

URGENT - DNS Virus??


Post Reply New Thread Subscribe

 
Thread Tools
master.00

 
Member Since: Jun 18, 2012
Posts: 13
master.00 is on a distinguished road

master.00 is offline
I have 2 PPC's running 10.5.8 and just recently encountered a strange problem a couple days ago.

Every time that I try and visit a popular website (ie. Google, Bing, Yahoo, etc.) it takes an extremely long time to load (approx 5 minutes). Eventually the site does load after a very long time which I have concluded to be a DNS problem (where the primary DNS times out and finally the secondary loads).

All other sites load fine (as long as they are not using any scripts from the blocked sites).

I have come to the conclusion that I have contracted some sort of DNS virus that is intentionally blocking these sites as the problem only occurs on my Mac.

These sites load fine on my network when I am using my iPhone or my PC so the problem is specifically with my PPC macs and not my router or network settings.

I have tried changing the DNS servers to a handful of different DNS settings and it does not make any difference, the sites are still not loading.

I am completely stumped on how to fix this problem and have not been able to find any solutions.

Does anyone have any idea on how to fix this problem? It is causing major problems for my workflow as I cannot access these essential sites.

Any help would be greatly appreciated.
QUOTE Thanks
chscag

 
chscag's Avatar
 
Member Since: Jan 23, 2008
Location: Fort Worth, Texas
Posts: 37,112
chscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond repute
Mac Specs: 27" iMac i5, 3.2 GHz, iPad 3, iPhone 5c, iPhone 4, 3 iPods, OS X 10.9.2

chscag is offline
There are no DNS viruses so that's not the problem. And even if there were a DNS virus, it would have infected your PC not the Mac.

Try changing your DNS servers to either OpenDNS or Google Public DNS:

In Leopard... open System Preferences, Network. Click on WiFi or Ethernet whichever you're using, then click on the Advanced button. Click on the DNS tab.

You should see an address that's grayed out. Ignore it. Enter these two addresses by clicking on the small + sign below.

8.8.8.8.
8.8.4.4.

Those are the addresses for Google Public DNS, primary and secondary. Exit System Preferences, reboot your router and the machine.
QUOTE Thanks
master.00

 
Member Since: Jun 18, 2012
Posts: 13
master.00 is on a distinguished road

master.00 is offline
thanks but I clearly stated that I have already tried a handful of different DNS settings. Ive tried Google and about a half dozen other DNS addresses including a list from my own ISP.

That is not the problem. If it was, then my whole network would be experiencing the issue. As I mentioned, it's only my PPC macs.

I am about 99.9% certain that this is being caused by a virus. A virus would not effect my PC as it would only effect the computer in which it was contracted on.

Its no coincidence that it's ONLY the popular sites that are being effected.
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Ottawa
Posts: 17,099
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
Quote:
Originally Posted by master.00 View Post
I am about 99.9% certain that this is being caused by a virus. A virus would not effect my PC as it would only effect the computer in which it was contracted on.
Viruses are self-replicating - by design, they are meant to infect multiple machines on accessible networks.

How did you determine that this was a DNS issue? You mention that you're confident that this is the case. I ask because DNS lookups are relatively quick and if one fails, your Mac won't hang around waiting for the first one to fail multiple times. Second, if the problem persists with different addresses, it's probably not the DNS settings. If the problem had gotten worse (or the situation had gotten better) with a different set of DNS servers, I'd be inclined to agree with you. However, since the problem didn't change, I'm lead to believe that the problem isn't DNS related.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Mac-Forums Investigates MacKeeper - Confused about MacKeeper? Take a look at this review.
QUOTE Thanks
master.00

 
Member Since: Jun 18, 2012
Posts: 13
master.00 is on a distinguished road

master.00 is offline
I am confident that its a virus and it is my assumption that it is a DNS issue.

I have had DNS problems in the past which mimicked the exact same behavior where sites would take a long time to load which was the result of a primary DNS timeout.

However, in that situation it was ALL sites that were effected and it was on all machines on my network. A simple DNS switch solved the problems in that particular situation.

However, in this case, it's just the popular sites that are effected (Google, Facebook, Yahoo) and it's just my PPC Mac's., Changing the DNS servers has not made any difference.

Also, the day before this problem started I had visited a site that was giving off malware alerts.

Though, I've scanned my machines and nothing was found.
QUOTE Thanks
IvanLasston

 
IvanLasston's Avatar
 
Member Since: Feb 26, 2010
Location: Rocky Mountain High, Colorado
Posts: 2,116
IvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to beholdIvanLasston is a splendid one to behold
Mac Specs: 1.8 GHz i7 MBA 11" OSX 10.8.2

IvanLasston is offline
It may not be a virus - but it may be a Trojan. The distinction is that a trojan - is like the trojan horse - you have to let it in for it to be a problem. Viri spread without any interaction. Anyway - there are any number of ways to hijack dns - first look at /etc/hosts and see if anything looks fishy there.
Then look through this google search and see if anything sounds familiar.
https://www.google.com/search?sugexp...=1101&bih=1004

So it could be malware - but it probably isn't a virus.
QUOTE Thanks
Germany_chris

 
Germany_chris's Avatar
 
Member Since: Oct 31, 2011
Posts: 278
Germany_chris has a spectacular aura about

Germany_chris is offline
Quote:
Originally Posted by master.00 View Post
I am confident that its a virus and it is my assumption that it is a DNS issue.

I have had DNS problems in the past which mimicked the exact same behavior where sites would take a long time to load which was the result of a primary DNS timeout.

However, in that situation it was ALL sites that were effected and it was on all machines on my network. A simple DNS switch solved the problems in that particular situation.

However, in this case, it's just the popular sites that are effected (Google, Facebook, Yahoo) and it's just my PPC Mac's., Changing the DNS servers has not made any difference.

Also, the day before this problem started I had visited a site that was giving off malware alerts.

Though, I've scanned my machines and nothing was found.
Then you have the first PowerPC virus , and it was created 7 years after the last PowerPC Mac shipped.

Mac Pro 4,1 (Flashed to 5,1) W3570 3.2 Quad..48GB RAM..Gainward GTX 570 "Phantom."
MacBook Pro 5,2..2.8Ghz C2D..8GB RAM..240GB Vertex +
QUOTE Thanks
chas_m

 
chas_m's Avatar
 
Member Since: Jan 22, 2010
Location: Victoria, BC
Posts: 15,696
chas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond repute
Mac Specs: 2009 MBP, Black speakers, Black Benq second monitor, black(ish) iPhone 5s, Black 2012 iPad, etc.

chas_m is offline
Quote:
Originally Posted by master.00 View Post
I am confident that its a virus and it is my assumption that it is a DNS issue.
I found the problem. It's you.

You're flat-out wrong on the first count (there are ZERO mac viruses) and probably wrong on the second count as well (since changing DNS addresses didn't fix the issue).

You will probably make more headway by questioning your assumptions -- or better yet, assuming nothing -- and re-approach the problem with an open mind.

For example, have you looked at your hosts file lately? There is some DNS re-direct MALWARE (not viruses) that might cause such a problem. Maybe that is what's really going on. Ivan's a smart guy, he may very well have the answer there for you.

Another possibility: a corrupt cache in your browser. I didn't see anything in your original post that indicated you had tried other browsers (or mentioned which browser you're using for that matter). So there's a possibility of that.

I don't know what the problem is, I'm just offering a couple of new approaches to help you find out what the real problem. Sticking to a discredited theory isn't going to help.
QUOTE Thanks
master.00

 
Member Since: Jun 18, 2012
Posts: 13
master.00 is on a distinguished road

master.00 is offline
It IS a cross-browser problem.

though, if I use a proxy the sites load fine.
QUOTE Thanks
master.00

 
Member Since: Jun 18, 2012
Posts: 13
master.00 is on a distinguished road

master.00 is offline
I've checked the hosts file and there is nothing suspicious or unusual in there.

I'm really stumped here as to what could be causing this! I've scanned with 4 different programs and nothing was found.

This is really driving me crazy!
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Ottawa
Posts: 17,099
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
Quote:
Originally Posted by chas_m View Post
I found the problem. It's you.
This response was entirely unwarranted - there is no reason to pick on the OP because you disagree. Ease up on the abrasiveness.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Mac-Forums Investigates MacKeeper - Confused about MacKeeper? Take a look at this review.
QUOTE Thanks
chas_m

 
chas_m's Avatar
 
Member Since: Jan 22, 2010
Location: Victoria, BC
Posts: 15,696
chas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond repute
Mac Specs: 2009 MBP, Black speakers, Black Benq second monitor, black(ish) iPhone 5s, Black 2012 iPad, etc.

chas_m is offline
I'm not picking on the OP. I'm challenging him to look at the problem afresh.

I'm genuinely sorry that I don't know what is causing his problem and I wish I could offer some solid help, but all I can do is suggest that he abandon the notions that have (clearly) not worked to resolve the issue.

Next time I'll remember to put sufficient numbers of smiley faces where I intend to be light-hearted.

Also, I take issue with your characterization of my post as "entirely" unwarranted. I offered three perfectly valid, helpful suggestions for new routes of investigation.
QUOTE Thanks
master.00

 
Member Since: Jun 18, 2012
Posts: 13
master.00 is on a distinguished road

master.00 is offline
So, I found an old version of netscape and as it turns out, I can access google and all other sites using netscape.

Safari and Firefox will not load the sites.

I was able to ping the sites that are blocked in Firefox and Safari so it seems that the problem is that something is effecting those browsers in particular.

I tried creating a new user account on my mac and was still unable to access those sites using Safari on the new account.

Any ideas on what might cause this problem in Safari / Firefox but not netscape?

I've been scratching my head for almost a week now and have found very little help here or elsewhere despite endless searching.

I could really use some help here! ive done the following with no luck what-so-ever

- scanned for trojans / virus
- changed dns servers
- checked host files
- clear browser / system cache (manually / onyx)
- created new system user
- reinstalled browsers
- ping / traceroute check
QUOTE Thanks
RavingMac

 
RavingMac's Avatar
 
Member Since: Jan 07, 2008
Location: In Denial
Posts: 7,446
RavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond reputeRavingMac has a reputation beyond repute
Mac Specs: 4GB Mac Mini 2012, 13" MBA, 15" MacBook Pro OSX 10.7, 32 GB iPhone 3GS, iPad2 64gb 3G

RavingMac is offline
I honestly have no real clue what is going on, but, assuming you have good backups have you tried doing a reformat and reinstall of the OS on one of the affected Macs to see if that gets rid of the problem?

If I were given just one wish it would be . . . that I could have three more wishes!
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Ottawa
Posts: 17,099
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
So, we can rule our DNS since those settings would affect every browser.

Did you setup OS X to use a proxy server? Safari would use those and although Firefox has its own system, it defaults to using the system ones.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Mac-Forums Investigates MacKeeper - Confused about MacKeeper? Take a look at this review.
QUOTE Thanks

Post Reply New Thread Subscribe


« mac mail | iphoto, itunes, USB stick recognition at fault »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Virus Myths appleXcore OS X - Operating System 9 10-21-2009 09:12 PM
DNS problem in OSX Server 10.6 charlieatlantic OS X - Operating System 2 10-07-2009 03:57 PM
the big virus question... jpfritz OS X - Operating System 10 09-23-2009 10:02 AM
DNS Issues - Open DNS works with Facebook - ISP DNS does not David A OS X - Operating System 3 09-16-2009 03:12 PM
annoying and rare keyboard problem URGENT!! Virus!? ErrorProne Other Hardware and Peripherals 11 07-26-2008 04:56 PM

All times are GMT -4. The time now is 12:40 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?