New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Operating System General OS operation information and support

Malware on my iMac


Post Reply New Thread Subscribe

 
Thread Tools
creativepart

 
creativepart's Avatar
 
Member Since: Apr 03, 2012
Location: Hill Country, Texas
Posts: 9
creativepart is on a distinguished road

creativepart is offline
Starting yesterday I have the "google redirect" malware on my iMac. Any Google.com url redirects to Yahoo's developer website. I guess it's called "yql.yahooapis.com" and seems common enough on a PC. but I have it on my Mac.

If I reboot the iMac it goes away for a while but comes right back.

On my PC, I'd know how to take care of this in seconds -- but on the Mac I have no idea. And a "bing" search (since I can't search google) comes up with no mentions of this on a Mac.

Here's a screen shot direct from Chrome (Google product) for Google.com:
Attached Images
File Type: png Screen-Shot-2012-09-28-at-10.59.19-AM.png (30.9 KB, 28 views)
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 17,757
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
I have no idea why Chrome is doing this. Not only does it work fine here that Yahoo is a well respected (technically, perhaps not in terms of clout) website. Have you installed anything lately? What have you been browsing lately? Anything suspicious?

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks
creativepart

 
creativepart's Avatar
 
Member Since: Apr 03, 2012
Location: Hill Country, Texas
Posts: 9
creativepart is on a distinguished road

creativepart is offline
It's not just Chrome, it's Firefox and Safari, too.

Nope it's something on the Mac itself. This is a known PC malware. I just can't find anything about having this on an Mac.

Want to know the oddest part? In Parallels with Win 7 I don't have the issue. Only on the Mac do I have the problem And, generally it's a Windows malware.
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 17,757
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
Have you taken a look at your DNS settings (System Preferences > Network > select adapter > Advanced > DNS)? Do they look off? If you don't know, post them here and we'll let you know.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks
creativepart

 
creativepart's Avatar
 
Member Since: Apr 03, 2012
Location: Hill Country, Texas
Posts: 9
creativepart is on a distinguished road

creativepart is offline
I see nothing unusual there. I see my ISP's domain, the router IP, and I use Google's DNS IPs. So, that's all that's there.
QUOTE Thanks
Lifeisabeach

 
Lifeisabeach's Avatar
 
Member Since: Sep 30, 2007
Location: Wilmington, NC
Posts: 6,890
Lifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond repute
Mac Specs: iMac i3 (mid-2010) + OS 10.9; TV 3; iPhone 5S; iPad 4

Lifeisabeach is offline
What about your router? Check the DNS settings there.

EDIT: and check your HOSTS file.
http://www.neowin.net/forum/topic/10...mac-os-x-lion/


Please verify and include the exact model/year of your Mac and OS X version number (available from "About This Mac", then "More Info" on the Apple menu).
------
Links: Onyx | EasyFind | Apple Hardware Test | How to test your hard drive | The Safe Mac Adware Removal Guide | Uninstall MacKeeper
------
Lifeisabeach - Mac-Forums Member of the Month June 2009, Feb 2012, and March 2013.
QUOTE Thanks
creativepart

 
creativepart's Avatar
 
Member Since: Apr 03, 2012
Location: Hill Country, Texas
Posts: 9
creativepart is on a distinguished road

creativepart is offline
I'm running ClamXav on the computer right now. To my surprise it's up to 40 found "viruses" and still running. Some are clearly false positives. But running the application and quarantining the malware so far has gotten rid of the Google Redirect.

As a long time Windows user that's used a Mac desktop for only 7 or 8 months I'm surprised about the results. I wish there was a Malwarebytes version for the Mac as that's a program I trust.

I'm not at all sure that the malware being found by ClamXav is really bad stuff or not. The first thing it said was a trojan I was able to determine quickly that it was a false positive on a valid file. So, it makes me a bit skeptical about the others at this point.

Thanks for the help.
QUOTE Thanks
pigoo3

 
pigoo3's Avatar
 
Member Since: May 20, 2008
Location: U.S.
Posts: 26,130
pigoo3 has a reputation beyond reputepigoo3 has a reputation beyond reputepigoo3 has a reputation beyond reputepigoo3 has a reputation beyond reputepigoo3 has a reputation beyond reputepigoo3 has a reputation beyond reputepigoo3 has a reputation beyond reputepigoo3 has a reputation beyond reputepigoo3 has a reputation beyond reputepigoo3 has a reputation beyond reputepigoo3 has a reputation beyond repute
Mac Specs: 13" MB 2.4ghz, 2gig ram, OS 10.7.5

pigoo3 is offline
Quote:
Originally Posted by creativepart View Post
I'm not at all sure that the malware being found by ClamXav is really bad stuff or not.
EXACTLY! Many times what ClamXav finds are virus's/malware that effect Windows computers only. But ClamXav makes you aware of this…and isolates it anyway.

This kind of information falls into the category of…"A little knowledge is dangerous!"

- Nick

- Computer slow, too many "beachballs", read this: Beachballs
- Computer seems slower than it used to? Read this for some speedup tips: Speedup
- Almost full hard drive? Some solutions. Out of Space
- Apple Battery Info. Battery
QUOTE Thanks
creativepart

 
creativepart's Avatar
 
Member Since: Apr 03, 2012
Location: Hill Country, Texas
Posts: 9
creativepart is on a distinguished road

creativepart is offline
I can see that. So far it's really gone crazy on the spam folder of my email client. Duh.

Well, it was free and it shouldn't hurt to run it and see what happens.

The Google redirect has stopped, but I'm not absolutely sure it isn't a coincidence. When searching for info on this issue I found a number of really suspicious websites that looked to be picking up the search terms to pretend they were on this subject.

Oh, I did check my Mac Hosts file but there was nothing unusual there.
QUOTE Thanks
creativepart

 
creativepart's Avatar
 
Member Since: Apr 03, 2012
Location: Hill Country, Texas
Posts: 9
creativepart is on a distinguished road

creativepart is offline
Searching for info on this is very difficult. There are a ton of fake AV sites out there that just pick up your search term and pretend to have info in order to get you to buy their worthless program.

I did find another Mac user posting about this on a Google help site:

Google/Yahoo Redirect
QUOTE Thanks
creativepart

 
creativepart's Avatar
 
Member Since: Apr 03, 2012
Location: Hill Country, Texas
Posts: 9
creativepart is on a distinguished road

creativepart is offline
I think I know what got rid of the google redirect -- I reset my router at the same time that I started running ClamXav.

I feel confident that the problem is my router's DNS table. I need to remove it from my DNS list. Currently, it's listed first, followed by Google's DNS servers.
QUOTE Thanks

Post Reply New Thread Subscribe


« Mountain Lion with Office 2011 - Powerpoint issues | External hard drives »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
For iMac 27" Owners - How to downgrade from lion to SL dyl OS X - Operating System 3 10-29-2012 06:56 PM
Help my iMac Intel HD issues! MWithersIT Apple Desktops 9 01-13-2012 09:52 AM
iMac: replace HD or time for new iMac? n8cas Apple Desktops 23 12-31-2011 12:44 PM
Does a 17" imac g5 logic board fit a 20" imac g5? 568129 Apple Desktops 9 12-06-2011 02:13 PM
The New iMac (merged) EDIT-XTREEM Apple Desktops 7 07-21-2006 04:29 PM

All times are GMT -4. The time now is 12:31 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?