Trojan?

[Alexis]

Try upgrading to Safari 4

 

[vansmith]

Have you downloaded any Video Codecs or Pirated versions of Software? What you have sounds like that DNS changer Trojan and those are the only way I have ever seen to get it on to OSX. If you are being taken to a site different than what you are typing in, that might be the issue.

Have you taken a look at your DNS settings? I think that dtravis7 is right. What have you downloaded lately? What is listed as your DNS servers in System Preferences > Network > Advanced... > DNS > DNS Servers:?

Perhaps this and this would be a good read.

 

[jenzmac]

No I had not downloaded anything as I said earlier? I am using Airport and when I was setting up my computer over 2 years ago I was having trouble setting it up. Couldn't download emails from my account with my provider, I was ringing back and forth between the provider and Mac help desks to sort it and they both kept telling me to ring the other, so possibly my proxies are wrong? I am set up to automatically detect location? Only get emails from my Mac account now as gave up trying my old account with my provider

Upgraded to Safari 4 yesterday

 

[jenzmac]

Just found a reference to Trojan Clickers which sounds like what I've got

This family of Trojans redirects victim machines to specified websites or other Internet resources. Clickers either send the necessary commands to the browser or replace system files where standard Internet urls are stored (e.g. the 'hosts' file in MS Windows).

Clickers are used:

To raise the hit-count of a specific site for advertising purposes
To organize a DoS attack on a specified server or site
To lead the victim to an infected resource where the machine will be attacked by other malware (viruses or Trojans)

 

[cwa107]

Yes, you have a trojan redirector. If you didn't install it, then make sure you secure the computer from others in your household. It can only be installed one way.

Take a look at this thread for some removal tools:

Apple - Support - Discussions - Trojan Detection and Removal ...

 

[jenzmac]

I'm the only one in the house using a computer, possibly someone from outside has been picking up my Airport connection? I thought I had that secure?
Thanks for the link, will look now

 

[cwa107]

I'm the only one in the house using a computer, possibly someone from outside has been picking up my Airport connection? I thought I had that secure?
Thanks for the link, will look now

Unfortunately, that's not how it works.

Trojans are installed one way - by the user. The term comes from the story of the Trojan Horse, which the Greeks used to lay siege to Troy. From Wikipedia:

It was the stratagem that allowed the Greeks finally to enter the city of Troy and end the conflict. In the best-known version, after a fruitless 10-year siege of Troy the Greeks built a huge figure of a horse in which a select force of men hid. The Greeks pretended to sail away, and the Trojans pulled the Horse into their city as a victory trophy. That night the Greek force crept out of the Horse and opened the gates for the rest of the Greek army, which had sailed back under cover of night. The Greek army entered and destroyed the city, decisively ending the war. A "Trojan Horse" has come to mean any trick that causes a target to invite a foe into a securely protected bastion or place.

So, in computer terms, a Trojan is simply a piece of seemingly desirable software that masks malicious software beneath the surface. In this case, it is distributed through a program that claims to be a plug-in that allows you to watch a video online. The website insists that you must download this plug-in in order to continue. Once you do, you'll be prompted to install the software and enter your password. It's at that point, that it should raise the red flag, as very few programs need you to enter your password (your password is needed when a program wants to modify the operating system or system settings).

I want to make this point clear as a lot of people don't understand the difference between a virus, trojan, worm or adware/spyware. At the moment, there is nothing more than trojans that effect the Mac. So, if and when you run into this again, you'll know exactly what to do - don't install any software unless it is from a source you trust and you know exactly what it does - and be especially wary if you're prompted for your admin password.

 

[jenzmac]

OK ran MacScan I had 4 Tracking Cookies, can these cause your system to be directed to another website when you try to get to home page or a bookmark as happened to me, leaving the webpage address as it should be, as was happening to me?

There's the result showing the 4 cookies

 

[cwa107]

OK ran MacScan I had 4 Tracking Cookies, can these cause your system to be directed to another website when you try to get to home page or a bookmark as happened to me, leaving the webpage address as it should be, as was happening to me?

There's the result showing the 4 cookies

Tracking cookies are nothing to worry about generally. Nothing about a trojan, huh?

 

[xstep]

DNS Nameserver Spoofability Test

 

[jenzmac]

DNS Nameserver Spoofability Test

OK ran this test which was interesting to do

My DNS nameserver came up Excellent on 'Anti Spoofing Safety'

CWA, no Trojans detected but what was happening most certainly sounded like the clicker

All seems to be good now, only thing is that trusted websites that I ask to remember my details Username & P/W make me log in each time I visit now, even though there is nothing on these sites to jeopardize my privacy or security