Help getting rid of Epoclick malware

Joined
Nov 11, 2010
Messages
11
Reaction score
0
Points
1
Hey guys,

I'm new, first post so please take it easy on me!

I've got the Epoclick.com bug on my MacBook Pro and I can't figure out how to get rid of it. All it is, is a pop up window that comes up completely randomly when I click links browsing through the internet, Google also comes up with some pretty funky searches not related to what I myself am searching. I've come to the end of my knowledge on what to do and now seek help in finding it as this is my first Mac and I'm only about 2 months into it. :) I've done a search but came up empty on this thing..

I believe it came when I downloaded the Frostwire filesharing program, so that should help narrowing down the search.

I've tried the following:
- cleared/reset Safari's cache/history etc etc..
- reinstalled Safari
- removed/reinstalled Frostwire
- Installed iAntiVirus and did a search, passed everything.
- Installed Apple's TechTool Deluxe off the Protection Plan CD, ran diagnostics and it passed everything except for the last bit.. 'Volume Structure'
- Tried browsing through different files/folders to find any suspicious programs

I'm running Mac OS X 10.6.4

I've reached the end of my knowledge on what to do and am trying to avoid a trip to the Mac store. I'm fairly computer literate in the Windows world so any help or suggestions would be greatly appreciated!!

-Brandon
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
Apple - Support - Discussions - A mac virus? ...

Ignore the stupid post that it's a Virus. It's DNS Redirection Malware. Read very carefully about 4-5 posts down. It seems to change the DNS settings in the router and NOT the computer. A person tried a router reset and all his systems, both Mac and PC are fine. It was the router.


Give it a read and a try.

Also do you have another computer there hooked up to the same router? See if that does the same thing. The user in that thread, all his systems did what you are experiencing.
 
OP
B
Joined
Nov 11, 2010
Messages
11
Reaction score
0
Points
1
Dang, out of ALL the things I read on Epoclick, not one of them mentioned it could be DNS related..

The only other thing I have connected to my router is my Xbox, maybe it came from there? who knows.

I removed power to the router to let it reset, also reset it via the button. Then reset the DNS preferences on my Xbox, we shall see if that fixes the problem!

Thanks!
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
Do keep us posted and let us know if that solves your issue.
 
OP
B
Joined
Nov 11, 2010
Messages
11
Reaction score
0
Points
1
This did not solve my issue.

I'm still getting the Epoclick.com pop-ups and my google searches get to the page i'm looking for, then switch to alternate ads.

:(
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
Will search some more. I have a feeling you click yes on some thing and allowed a DNS changer trojan to install. This is just a guess, but it's starting to look like that could be the issue. Did anything pop up asking for permission to install anything or ask for your password?
 
OP
B
Joined
Nov 11, 2010
Messages
11
Reaction score
0
Points
1
The last two and most recent things to ask me for my password to install was itunes' update and Frostwire. Facebook's video chat/message thing asked me to use my video device but I don't think that had anything to do with it.

I downloaded Frostwire from http://download.cnet.com/mac so I assumed it was a safe location to do so... This is the only place I can think/remember it to come from.
 
C

chas_m

Guest
Have you checked the DNS numbers on BOTH your router AND your Mac? You haven't made that clear.

On your Mac, you can access this via the System Preferences -> Network -> Advanced.

The router most people access via their web browser, and every router has a slightly different way of finding that info.
 
OP
B
Joined
Nov 11, 2010
Messages
11
Reaction score
0
Points
1
Have you checked the DNS numbers on BOTH your router AND your Mac? You haven't made that clear.

On your Mac, you can access this via the System Preferences -> Network -> Advanced.

The router most people access via their web browser, and every router has a slightly different way of finding that info.

My apologies, I did not check my stored DNS server addresses on my Mac, I don't know why.. I guess I wanted to rule out the router first? no clue.. ha

Anyways, I do have 2 stored DNS sever addresses in the left hand column under 'DNS Servers', they are grayed and I am unable to click on them to delete or edit them, though I do have the option to add another one. On the right under 'Search Domains' I have simply listed 'Home', again I am unable to click on it to edit/delete.

Also, I don't know how to check my DNS numbers on my router.. it's a Verizon FiOS setup ((if your unaware, it's the only thing compatible with Verizon's Fiber Optic -FiOS- network, they issue it to you)), can't really get into it like my old Linksys one I had.

I hope I've laid my situation out clear enough to you as I'm now lost.. haha. If you need a screenshot or the DNS addresses just let me know, I'm all ears for what to do next!

EDIT -- My xbox is using the same two DNS Servers listed in the same order as my Mac, I don't know if this helps..
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Also, I don't know how to check my DNS numbers on my router.. it's a Verizon FiOS setup ((if your unaware, it's the only thing compatible with Verizon's Fiber Optic -FiOS- network, they issue it to you)), can't really get into it like my old Linksys one I had.

You can't check the DNS server addresses on the FIOS router as it's static and can not be changed by accessing the router menu. The only way you can change the DNS server settings is as chas_m indicated.

I don't know which router Verizon has issued you (I have the ActionTech), however, you should be able to access the router setup menu by typing in this address: 198.162.1.1 to your browser.

You'll have to enter your userid and password that Verizon issued to you when they installed the router.
 
OP
B
Joined
Nov 11, 2010
Messages
11
Reaction score
0
Points
1
You'll have to enter your userid and password that Verizon issued to you when they installed the router.

I believe I have the same router as you, ActionTec MI424WR? The IP address you sent me may have been incorrect, it didn't bring anything up, but rather just asked for a ID/PW to get in. I tried it.. didn't work. Are you sure that is correct?

I searched around a bit, found and went to http://192.168.1.1/ and it brought up and official Verizon page. I typed in my ID/Password I use to pay the bills and got no joy. Said I was incorrect. :( I'm unaware of any other Usernames/Passwords they gave me when they installed FiOS unless I can find it elsewhere...?

stuck! haha
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
Usually routers have a default username and password to login unless the user changes them. I wonder if Verizion changed it or left it stock?

chscag, since you have the same router, can you help him?
 
OP
B
Joined
Nov 11, 2010
Messages
11
Reaction score
0
Points
1
EUREKA!

dtravis7, for future reference 'admin' and 'password1' or verizon1' works to get you in.

Would it be safe for me to start posting up the DNS servers my router/mac is using?
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
I grabbed the manual to the MI424WR. Turns out the first time you access the router with 192.168.1.1 a password setup screen comes up and asks for a new username and password. If you are not getting that screen, someone at some time configured it and set up a username and password. Do you have all the paperwork that Verizion left? Check for anything that might say router username/password.

Here is a URL to the manual in case it will help.

http://support.actiontec.com/doc_files/MI424WR_Rev._ACD_User_Manual_4.0.16.1.56.0.10.11.x_v6.pdf
 
OP
B
Joined
Nov 11, 2010
Messages
11
Reaction score
0
Points
1
I posted juuust before you did, but I found a way in, I used the default Username/PW to get in and changed it to my own.

The DNS servers that my Mac lists are matching up with my IP address and DNS Server numbers my router is using. :\ I have the option to restore the defaults which will make all my devices request new IP/DNS servers.. temptingg, but I'm not sure what to do or look for from where I'm at now..

Thanks for everything so far guys!
 
Joined
Nov 9, 2010
Messages
16
Reaction score
0
Points
1
Hi,

Did you tried any malware removal software like Malwarbytes etc. I think that may help to get rid of this.
 

bobtomay

,
Retired Staff
Joined
Dec 22, 2006
Messages
26,561
Reaction score
677
Points
113
Location
Texas, where else?
Your Mac's Specs
15" MBP '06 2.33 C2D 4GB 10.7; 13" MBA '14 1.8 i7 8GB 10.11; 21" iMac '13 2.9 i5 8GB 10.11; 6S
Hi,

Did you tried any malware removal software like Malwarbytes etc. I think that may help to get rid of this.

That is no help since it is a Windows only application.
 
OP
B
Joined
Nov 11, 2010
Messages
11
Reaction score
0
Points
1
I ran a ClamXAV - Malwarebytes' Mac equivalent for fun tonight and it turned up nothing :(

----------- SCAN SUMMARY -----------
Known viruses: 761648
Engine version: 0.96.4
Scanned directories: 151280
Scanned files: 439602
Infected files: 0
Total errors: 197
Data scanned: 21325.89 MB
Data read: 21628.60 MB (ratio 0.99:1)
Time: 3988.438 sec (66 m 28 s)

No infected files were found.
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
@dtravis7

Here is a URL to the manual in case it will help.

Thanks Dennis. I downloaded and saved the manual. Verizon never gave me a manual when they shipped the Actiontech to me via UPS. It was a replacement for an older D-Link model that they first installed.

These particular routers that are used by Verizon are specially made for them as they also have a separate radio which broadcasts the FIOS TV program guide to their cable boxes. (I also have FIOS TV and Music.) And as such, are not as configurable as an ordinary router. Typically, Verizon uses a static DNS address which ordinarily can not be changed via the router. However, it can be done thru the advanced settings in System Preferences, Network.
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
@Brandonn

I posted juuust before you did, but I found a way in, I used the default Username/PW to get in and changed it to my own.

The DNS servers that my Mac lists are matching up with my IP address and DNS Server numbers my router is using. :\ I have the option to restore the defaults which will make all my devices request new IP/DNS servers.. temptingg, but I'm not sure what to do or look for from where I'm at now..

Thanks for everything so far guys!

You should have no problem with the Actiontech if you make the DNS setting changes from System Preferences, Network, Advanced. The grayed out setting you're seeing is the ip address of the router.

I have my DNS settings as OpenDNS (primary) and Google Public DNS as secondary - which work well. By using the advanced settings, that will override the static DNS address setup in the Actiontech. I've even run this by the Verizon support people (after I found one who understood Mac computers and OS X! ) and they said it would work. Give it a try. If you need any further help with this, post back or PM me.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top