11-11-2010, 01:31 AM

Hey guys,

I'm new, first post so please take it easy on me!

I've got the Epoclick.com bug on my MacBook Pro and I can't figure out how to get rid of it. All it is, is a pop up window that comes up completely randomly when I click links browsing through the internet, Google also comes up with some pretty funky searches not related to what I myself am searching. I've come to the end of my knowledge on what to do and now seek help in finding it as this is my first Mac and I'm only about 2 months into it. I've done a search but came up empty on this thing..

I believe it came when I downloaded the Frostwire filesharing program, so that should help narrowing down the search.

I've tried the following:
- cleared/reset Safari's cache/history etc etc..
- reinstalled Safari
- removed/reinstalled Frostwire
- Installed iAntiVirus and did a search, passed everything.
- Installed Apple's TechTool Deluxe off the Protection Plan CD, ran diagnostics and it passed everything except for the last bit.. 'Volume Structure'
- Tried browsing through different files/folders to find any suspicious programs

I'm running Mac OS X 10.6.4

I've reached the end of my knowledge on what to do and am trying to avoid a trip to the Mac store. I'm fairly computer literate in the Windows world so any help or suggestions would be greatly appreciated!!

-Brandon

11-11-2010, 01:56 AM

Apple - Support - Discussions - A mac virus? ...

Ignore the stupid post that it's a Virus. It's DNS Redirection Malware. Read very carefully about 4-5 posts down. It seems to change the DNS settings in the router and NOT the computer. A person tried a router reset and all his systems, both Mac and PC are fine. It was the router.


Give it a read and a try.

Also do you have another computer there hooked up to the same router? See if that does the same thing. The user in that thread, all his systems did what you are experiencing.

11-11-2010, 05:26 PM

Dang, out of ALL the things I read on Epoclick, not one of them mentioned it could be DNS related..

The only other thing I have connected to my router is my Xbox, maybe it came from there? who knows.

I removed power to the router to let it reset, also reset it via the button. Then reset the DNS preferences on my Xbox, we shall see if that fixes the problem!

Thanks!

11-11-2010, 07:03 PM

Do keep us posted and let us know if that solves your issue.

11-11-2010, 07:36 PM

This did not solve my issue.

I'm still getting the Epoclick.com pop-ups and my google searches get to the page i'm looking for, then switch to alternate ads.

11-11-2010, 07:43 PM

Will search some more. I have a feeling you click yes on some thing and allowed a DNS changer trojan to install. This is just a guess, but it's starting to look like that could be the issue. Did anything pop up asking for permission to install anything or ask for your password?

11-11-2010, 08:16 PM

The last two and most recent things to ask me for my password to install was itunes' update and Frostwire. Facebook's video chat/message thing asked me to use my video device but I don't think that had anything to do with it.

I downloaded Frostwire from http://download.cnet.com/mac so I assumed it was a safe location to do so... This is the only place I can think/remember it to come from.

11-12-2010, 12:05 AM

Have you checked the DNS numbers on BOTH your router AND your Mac? You haven't made that clear.

On your Mac, you can access this via the System Preferences -> Network -> Advanced.

The router most people access via their web browser, and every router has a slightly different way of finding that info.

11-12-2010, 12:44 AM

Quote:

Originally Posted by chas_m

Have you checked the DNS numbers on BOTH your router AND your Mac? You haven't made that clear.

On your Mac, you can access this via the System Preferences -> Network -> Advanced.

The router most people access via their web browser, and every router has a slightly different way of finding that info.

My apologies, I did not check my stored DNS server addresses on my Mac, I don't know why.. I guess I wanted to rule out the router first? no clue.. ha

Anyways, I do have 2 stored DNS sever addresses in the left hand column under 'DNS Servers', they are grayed and I am unable to click on them to delete or edit them, though I do have the option to add another one. On the right under 'Search Domains' I have simply listed 'Home', again I am unable to click on it to edit/delete.

Also, I don't know how to check my DNS numbers on my router.. it's a Verizon FiOS setup ((if your unaware, it's the only thing compatible with Verizon's Fiber Optic -FiOS- network, they issue it to you)), can't really get into it like my old Linksys one I had.

I hope I've laid my situation out clear enough to you as I'm now lost.. haha. If you need a screenshot or the DNS addresses just let me know, I'm all ears for what to do next!

EDIT -- My xbox is using the same two DNS Servers listed in the same order as my Mac, I don't know if this helps..

11-12-2010, 01:00 AM

Quote:

Also, I don't know how to check my DNS numbers on my router.. it's a Verizon FiOS setup ((if your unaware, it's the only thing compatible with Verizon's Fiber Optic -FiOS- network, they issue it to you)), can't really get into it like my old Linksys one I had.

You can't check the DNS server addresses on the FIOS router as it's static and can not be changed by accessing the router menu. The only way you can change the DNS server settings is as chas_m indicated.

I don't know which router Verizon has issued you (I have the ActionTech), however, you should be able to access the router setup menu by typing in this address: 198.162.1.1 to your browser.

You'll have to enter your userid and password that Verizon issued to you when they installed the router.

11-12-2010, 01:40 AM

Quote:

Originally Posted by chscag

You'll have to enter your userid and password that Verizon issued to you when they installed the router.

I believe I have the same router as you, ActionTec MI424WR? The IP address you sent me may have been incorrect, it didn't bring anything up, but rather just asked for a ID/PW to get in. I tried it.. didn't work. Are you sure that is correct?

I searched around a bit, found and went to http://192.168.1.1/ and it brought up and official Verizon page. I typed in my ID/Password I use to pay the bills and got no joy. Said I was incorrect. I'm unaware of any other Usernames/Passwords they gave me when they installed FiOS unless I can find it elsewhere...?

stuck! haha

11-12-2010, 02:03 AM

Usually routers have a default username and password to login unless the user changes them. I wonder if Verizion changed it or left it stock?

chscag, since you have the same router, can you help him?

11-12-2010, 02:13 AM

EUREKA!

dtravis7, for future reference 'admin' and 'password1' or verizon1' works to get you in.

Would it be safe for me to start posting up the DNS servers my router/mac is using?

11-12-2010, 02:13 AM

I grabbed the manual to the MI424WR. Turns out the first time you access the router with 192.168.1.1 a password setup screen comes up and asks for a new username and password. If you are not getting that screen, someone at some time configured it and set up a username and password. Do you have all the paperwork that Verizion left? Check for anything that might say router username/password.

Here is a URL to the manual in case it will help.

http://support.actiontec.com/doc_fil...10.11.x_v6.pdf

11-12-2010, 02:26 AM

I posted juuust before you did, but I found a way in, I used the default Username/PW to get in and changed it to my own.

The DNS servers that my Mac lists are matching up with my IP address and DNS Server numbers my router is using. I have the option to restore the defaults which will make all my devices request new IP/DNS servers.. temptingg, but I'm not sure what to do or look for from where I'm at now..

Thanks for everything so far guys!