Malware on my iMac

Starting yesterday I have the "google redirect" malware on my iMac. Any Google.com url redirects to Yahoo's developer website. I guess it's called "yql.yahooapis.com" and seems common enough on a PC. but I have it on my Mac.

If I reboot the iMac it goes away for a while but comes right back.

On my PC, I'd know how to take care of this in seconds -- but on the Mac I have no idea. And a "bing" search (since I can't search google) comes up with no mentions of this on a Mac.

Here's a screen shot direct from Chrome (Google product) for Google.com:

I have no idea why Chrome is doing this. Not only does it work fine here that Yahoo is a well respected (technically, perhaps not in terms of clout) website. Have you installed anything lately? What have you been browsing lately? Anything suspicious?

It's not just Chrome, it's Firefox and Safari, too.

Nope it's something on the Mac itself. This is a known PC malware. I just can't find anything about having this on an Mac.

Want to know the oddest part? In Parallels with Win 7 I don't have the issue. Only on the Mac do I have the problem And, generally it's a Windows malware.

Have you taken a look at your DNS settings (System Preferences > Network > select adapter > Advanced > DNS)? Do they look off? If you don't know, post them here and we'll let you know.

I see nothing unusual there. I see my ISP's domain, the router IP, and I use Google's DNS IPs. So, that's all that's there.

What about your router? Check the DNS settings there.

EDIT: and check your HOSTS file.
http://www.neowin.net/forum/topic/1013632-access-hosts-file-mac-os-x-lion/

I'm running ClamXav on the computer right now. To my surprise it's up to 40 found "viruses" and still running. Some are clearly false positives. But running the application and quarantining the malware so far has gotten rid of the Google Redirect.

As a long time Windows user that's used a Mac desktop for only 7 or 8 months I'm surprised about the results. I wish there was a Malwarebytes version for the Mac as that's a program I trust.

I'm not at all sure that the malware being found by ClamXav is really bad stuff or not. The first thing it said was a trojan I was able to determine quickly that it was a false positive on a valid file. So, it makes me a bit skeptical about the others at this point.

Thanks for the help.

creativepart said:

I'm not at all sure that the malware being found by ClamXav is really bad stuff or not.

Click to expand...

EXACTLY! Many times what ClamXav finds are virus's/malware that effect Windows computers only. But ClamXav makes you aware of this…and isolates it anyway.

This kind of information falls into the category of…"A little knowledge is dangerous!"

- Nick

I can see that. So far it's really gone crazy on the spam folder of my email client. Duh.

Well, it was free and it shouldn't hurt to run it and see what happens.

The Google redirect has stopped, but I'm not absolutely sure it isn't a coincidence. When searching for info on this issue I found a number of really suspicious websites that looked to be picking up the search terms to pretend they were on this subject.

Oh, I did check my Mac Hosts file but there was nothing unusual there.

Searching for info on this is very difficult. There are a ton of fake AV sites out there that just pick up your search term and pretend to have info in order to get you to buy their worthless program.

I did find another Mac user posting about this on a Google help site:

Google/Yahoo Redirect

I think I know what got rid of the google redirect -- I reset my router at the same time that I started running ClamXav.

I feel confident that the problem is my router's DNS table. I need to remove it from my DNS list. Currently, it's listed first, followed by Google's DNS servers.