Trojan redirect malware

[jozi]

o/s mavericks 10.9.5
Is it possible to remove the trojan redirect without resorting to scanners like clamx? I used it when I had the trojan redirect on another mac and it froze the mac. I had to pull the plug in the end and then the mac would not boot up - mother board fried. Now I've purchased another mac and have again inadvertently downloaded the trojan after downloading a movie from the veehd site. I've deleted the movie and the media player that I had to download to watch the movie but the trojan is embedded in my system. The trojan affects all my current browsers - chrome, Safari, Firefox. I've tried switching to google dns numbers instead of my isp dns numbers but redirect problem still persists. I've checked the host file in terminal as per the safemac.com instructions and host file looks ok. I am being re-directed on each and every site I visit and usually being directed to mackeeper and addcash. I think my router is ok because I don't have this problem when using my cell phone to connect to internet via router wifi. I really don't want to do a re-install but I've been told this trojan is often not detected by scanners. So is there some clever some-one who knows another method of how to ged rid of it?

 

[vansmith]

Which Trojan redirect do you have? There are different redirects available. What directions have you followed on SafeMac?

 

[lclev]

Okay what you have is not a trojan, it is malicious adware. Which makes no difference if you are the one experiencing it.

You reference safemac.com - have you run adware medic yet? You may have to download it with a "clean" computer if you can't get to the site. I recommend disconnecting your computer from the internet. Run adware medic more than once.

AdwareMedic

Also check your browser settings. In Chrome you can go to settings (found by clicking on the three little lines at the end of the address bar) -> clear your history and then scroll down to settings -> and either check the "On startup" section for your redirect websites or you can scroll down and expand the advanced section and click the reset. Also check the extensions to make sure they are all good.

In Safari, click on preferences and make sure your homepage is the one you want. Also clear the history and check the extensions to make sure they all look good.

I don't have a "how to" for firefox as I don't use it but the same steps should be used on it.

Make sure you do all the steps while disconnected from the internet then reconnect and see if that fixed it. Hopefully it did. Post back and let us know.

Lisa

 

[jozi]

Thank you vansmith and iclev for responding so promptly. Lisa, I've taken your advice and gone the Adwaremedic route and it has worked. No redirects are currently plaguing me. Thank you so much. I was amazed at how quickly the software found the infected files - within seconds it found a whole batch of files that I've deleted. I also cleared the browsing history in Chrome. I was a bit perplexed by your advice re: "On Startup" as there are three choices provided and none of them contained any info re: redirect websites. I only had one enabled extension - Google Docs - which I have disabled. I only use Chrome so I have not yet played with the settings in Safari and Firefox. I download a lot of documentaries from youtube. Is youtube content safe to download? What precautions can I take to ensure that a youtube video is safe to download? Any advice you can give re: anti virus or malware protection for mavericks would be appreciated. Thanks again for your prompt assistance.

 

[bobtomay]

Never, ever, download a video player from any web site that tells you to download one for what is supposedly a free video - it IS going to be an adware browser redirector in the best case scenario.

If a site wants Flash, go directly to Adobe.
If it wants Silverlight, go directly to Microsoft.
If it is Vudu, Amazon or another of the immediately recognizable legitimate sites offering pay for videos and requiring their player (which is due to DRM), then you are pretty safe downloading their video player.

 

[lclev]

Glad you got the problem fixed. To avoid future problems I suggest you install in your browser as extensions Adblock Pro and Ghostery. They are free and you can tweak them to fit your preferences. They can also be disabled if you hit a site that they block too much on. But most of the time they will work silently in the background and prevent a host of problems.

Lisa