Results 1 to 13 of 13
  1. #1
    malware/Trojan/google hack?! HELP

    Member Since
    Oct 10, 2008
    Posts
    7
    Angry malware/Trojan/google hack?! HELP
    right first post here so here goes!

    On our network we have macs and pcs all of which were having a problem when following links from google... So I have now hard reset our router and am in the process of reintroducing each computer to the network after vigarous virus checks... My MacBook was first to go back on network a d the problem remains... Virus barrier has picked up nothing...

    Please help as our network cannot be fully reinstated until I have figured out the cause of this problem and how go solve it.

    Kind regards.

  2. #2
    malware/Trojan/google hack?! HELP

    Member Since
    Oct 10, 2008
    Posts
    7
    Anyone?!

  3. #3
    malware/Trojan/google hack?! HELP
    rman's Avatar
    Member Since
    Dec 24, 2002
    Location
    Los Angeles, California
    Posts
    12,584
    Specs:
    2 x 3.0GHz Quad-Core, 6GB OS X 10.6.8 | 15in MacBook Pro 2.2GHz OS X 10.6.8 | 64GB iPad 2 WiFi
    Cool
    For someone to help you, you need to give out a little more information on the nature of the problem.

    Because you state that this problem exists on both OS X and windows, it may not be what you are suggesting.
    Life isn't about waiting for the storm to pass, It's about learning to dance in the rain!

  4. #4
    malware/Trojan/google hack?! HELP
    louishen's Avatar
    Member Since
    Oct 22, 2007
    Location
    London
    Posts
    8,968
    Specs:
    Mac Mini Core i7 2012 | White 2009 MacBook 2 Ghz | 733 Mhz G4 Quicksilver
    Are you talking about DNS redirects links going to the wrong sites

    If so check your routers DNS servers, the problem may be there
    Member of the Month September 2008 & August 2012 | Found advice useful? use the rep system

  5. #5
    malware/Trojan/google hack?! HELP

    Member Since
    Oct 10, 2008
    Posts
    7
    Thanks Rman I'll try and give a little more detail.

    Firstly this is a problem that our computers only suffer with when using our network. Friends and public wifi spots are fine and uninfected.

    Although the problem was present on Pcs and Macs on the network, it is now only worrying me on the macs as all pcs on the network have had a fresh installation + security update and are awaiting the problem to be resolved on our macs before being reintroduced to network.

    The issue on the macs is now this - when following a link on google, instead of taking me to the requested site I see the address bar at the top of firefox scan through various sites and eventually end of at a random page.

    This random page usually includes my original google search term but bears no relevance to requested page - ie band's myspace page.

    I have done some online research into this and have found various pages: -

    The first seems to come to the conclusion that the problem we are having is a trojan named - OSX.RSPlug.A.
    How to Remove the OSX.RSPlug.A Trojan Horse from your Mac | eHow.com
    However the solution detailed on the page does not solve the problem.

    -Virus Barrier has found no problems.
    -There is no file entitled 'plugin.settings' in the Internet Plug-Ins folder
    -I have opened Terminal and followed the insturctions from the page: -

    Type in "sudo crontab -l" (the letter L, and minus the quotes), hit Return, and enter your administrator password when asked. If it returns with anything other than "crontab: no crontab for root", you are most likely infected.

    And my mac does return with "crontab: no crontab for root"

    This makes it seem as if I am not suffering from the problem but the redirects on google, ONLY WHEN USING OUR NETWORK, still continue?

    The second page I have found on this subject/problem is this: -
    Macworld | First Look: Trojan Horse warning: What you need to know

    This page again talks of the same solution, by deleting plugin.settings file (which is not present on my macbook) and then checking by doing the same terminal check which my macbook passed.

    However this page does advise you to check in System Preferences/Network/Advanced and then viewing the DNS tab. Here, the pages says you should have no grey DNS servers listed. I have three?!

    Is there a way to check where each one of them is being received by?

    Why would I have three?

    How do I remove any of them as they all have greyed out minus buttons?

    Many thanks to anyone that can help with this.

  6. #6
    malware/Trojan/google hack?! HELP

    Member Since
    Oct 10, 2008
    Posts
    7
    Quote Originally Posted by louishen View Post
    Are you talking about DNS redirects links going to the wrong sites

    If so check your routers DNS servers, the problem may be there
    How would I go about doing this? What would I be looking for when viewing the router settings?

    Many thanks.

  7. #7
    malware/Trojan/google hack?! HELP
    louishen's Avatar
    Member Since
    Oct 22, 2007
    Location
    London
    Posts
    8,968
    Specs:
    Mac Mini Core i7 2012 | White 2009 MacBook 2 Ghz | 733 Mhz G4 Quicksilver
    Contact your ISP and ask them for the addresses of the DNS servers they use

    If you routers DNS settings are in any way different, then it may be that the router has been hijacked and no amount of cleaning up any Mac or PC is going to cure the problem

    The OSX.RSPlug.A Trojan got a lot of press, but users had to take active steps to install it, and grant it admin privileges (in the false belief they could then see a saucy video), so in reality it didn't ever infect many machines
    Member of the Month September 2008 & August 2012 | Found advice useful? use the rep system

  8. #8
    malware/Trojan/google hack?! HELP
    dtravis7's Avatar
    Member Since
    Jan 04, 2005
    Location
    Modesto, Ca.
    Posts
    28,480
    Specs:
    iMac late 2007 10.11.b4, iMac 2008 10.10.5, Macbook2007 10.7.5, Mac Mini 10.7.5, iPhone 3GS Note 8!!
    Can you take a screen shot of the network panel on the DNS Tab and post it? If you do not know how to do a screen shot in osx, let us know. I have 2 grayed out entries but they are the default DNS that comes from my ISP and is in the router. The 2 entries that I can edit are OPEN DNS that I added.

    I have no issues at all with any DNS redirects here. If I can see what the IP of the grayed out servers are I could do a trace and see what they are.

  9. #9
    malware/Trojan/google hack?! HELP

    Member Since
    Oct 10, 2008
    Posts
    7
    Hi dtravis7,

    Since your post I have traced the DNS Servers and the results are this...

    DNS servers 1 & 2 trace info comes back as this: -

    Network name : UKRTELEGROUP
    Infos : UkrTeleGroup Ltd.
    Country : Ukraine (UA)

    DNS Server No.3 comes back as this: -

    Network name : UK-CABLEINET-20000211
    Infos : Cable Internet Ltd
    Infos : PROVIDER Local Registry
    Country : United Kingdom (GB)

    Now as I am in the U.K currently it seems odd to have two of the three DNS servers pointing to Ukraine?!

  10. #10
    malware/Trojan/google hack?! HELP
    dtravis7's Avatar
    Member Since
    Jan 04, 2005
    Location
    Modesto, Ca.
    Posts
    28,480
    Specs:
    iMac late 2007 10.11.b4, iMac 2008 10.10.5, Macbook2007 10.7.5, Mac Mini 10.7.5, iPhone 3GS Note 8!!
    Can you check your router and view the DNS there? See if the Ukraine servers show up in the routers DNS info.

  11. #11
    malware/Trojan/google hack?! HELP

    Member Since
    Oct 10, 2008
    Posts
    7
    Hi dtravis7,

    Thanks for your continued help -

    I have checked in the router settings and ONLY the Ukraine DNS servers show in my router?!

  12. #12
    malware/Trojan/google hack?! HELP

    Member Since
    Oct 10, 2008
    Posts
    7
    Any further suggestions?

  13. #13
    malware/Trojan/google hack?! HELP
    louishen's Avatar
    Member Since
    Oct 22, 2007
    Location
    London
    Posts
    8,968
    Specs:
    Mac Mini Core i7 2012 | White 2009 MacBook 2 Ghz | 733 Mhz G4 Quicksilver
    I take it you are not in the Ukraine

    I would strongly suspect those Ukciane DNS servers to be the root of the problem

    Try and delete them at thr router and replace them with the ones your ISP uses or the open DNS servers

    https://www.opendns.com/smb/start/router/
    Member of the Month September 2008 & August 2012 | Found advice useful? use the rep system

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Trojan redirect malware
    By jozi in forum OS X - Operating System
    Replies: 5
    Last Post: 02-15-2015, 09:33 PM
  2. How to get rid of webhp? trojan/malware?
    By TaroCarrot in forum OS X - Operating System
    Replies: 1
    Last Post: 09-13-2014, 09:53 AM
  3. Trojan/malware problem
    By jcjrogers in forum Switcher Hangout
    Replies: 7
    Last Post: 09-12-2010, 10:52 PM
  4. Malware / Trojan or something on Mac
    By Maxy in forum OS X - Operating System
    Replies: 13
    Last Post: 05-17-2010, 04:51 AM
  5. Trojan Horse or Malware or something
    By Maxy in forum OS X - Operating System
    Replies: 5
    Last Post: 05-07-2010, 07:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •