HELP! Searh Engine Redirect Virus

Any topic is game... you can discuss it here! Just keep it clean, OK?

Moderators: malletphreak, Hostrauser

User avatar
The Aceman
Support Staff
Support Staff
Posts: 3599
Joined: Thu Oct 30, 2003 12:58 pm
Location: Escondido, Ca
Contact:

HELP! Searh Engine Redirect Virus

Post by The Aceman » Sun Apr 20, 2008 2:42 pm

Someone Help! I seem to have a virus that causes all my search engine results to be redirected. It's affecting all the search engines, Yahoo, Google, Alta Vista!!! When I perform a search the normal results come up, but when I click on a result it doesn't take me to the actual site, it comes up with a http://reults.yahoo.com and then takes me to some stupid spam page. The yahoo results address comes up no matter which search engine I use. The virus is not appear to be browser related, I have the same problem in Firefox, Opera, and Safari. Is anyone else having this problem or is the virus on my computer, or is it universal at the moment? Having a Mac I never really have to deal with viruses, so I'm not sure what to do, but it is quite annoying.
Go read "Ishmael" a novel by Daniel Quinn. It will literally change your life.
Corruptissima re publica plurimae leges.
Image

User avatar
bassoonuba
Section Leader
Section Leader
Posts: 896
Joined: Thu Jan 04, 2007 8:13 pm
Location: California

Post by bassoonuba » Sun Apr 20, 2008 9:10 pm

Could be a virus or more likely, malware. Based on previous posts I assume that you're running a mac. Try downloading Adaware and running a scan. If you're on a PC then Windows Defender is quite a bit better.
Image

User avatar
Ex Nihilo
Drum Major
Drum Major
Posts: 1820
Joined: Mon Jul 25, 2005 10:12 am

Post by Ex Nihilo » Mon Apr 21, 2008 12:01 am

adaware doesn't work for mac... i don't know if there is anything out for mac yet...

try emptying every single internet file folder you have. it's bound to be there somewhere.

User avatar
Hostrauser
Support Staff
Support Staff
Posts: 7984
Joined: Tue Oct 29, 2002 6:46 am
Location: Milwaukee, WI
Contact:

Post by Hostrauser » Mon Apr 21, 2008 10:12 am

Ex Nihilo wrote:adaware doesn't work for mac... i don't know if there is anything out for mac yet...
Nor does Spybot.

Yeah, 95% of all viruses/spyware might target PCs... but that means about 95% of all the FIXES do, too.

User avatar
The Aceman
Support Staff
Support Staff
Posts: 3599
Joined: Thu Oct 30, 2003 12:58 pm
Location: Escondido, Ca
Contact:

Post by The Aceman » Mon Apr 21, 2008 10:14 am

I downloaded and ran MacScan which found a few minor viruses, I deleted them all and still had the problem. I ended up just clearing all my cookies and that fixed the problem. But it's annoying having to login to all my pages and having to tell my browser to remember them again.
Go read "Ishmael" a novel by Daniel Quinn. It will literally change your life.
Corruptissima re publica plurimae leges.
Image

User avatar
The Aceman
Support Staff
Support Staff
Posts: 3599
Joined: Thu Oct 30, 2003 12:58 pm
Location: Escondido, Ca
Contact:

Post by The Aceman » Mon Apr 21, 2008 2:23 pm

OK, nevermind, thought the problem was fixed, but I was wrong, grrrr.
Go read "Ishmael" a novel by Daniel Quinn. It will literally change your life.
Corruptissima re publica plurimae leges.
Image

User avatar
bassoonuba
Section Leader
Section Leader
Posts: 896
Joined: Thu Jan 04, 2007 8:13 pm
Location: California

Post by bassoonuba » Mon Apr 21, 2008 4:42 pm

Doh! I thought adaware ran on any platform.

Although I'm not sure how to do it on a mac, the next step would be to look at your startup programs (on a pc it's msconfig) to see if there is anything out of the ordinary. Also be on the alert for a double entry (ie if it shows acrobat twice, be a little suspicious of it). I'm almost positive that macs have 2 startup folders... 1 for login startup and one for computer/os startup... you will need to check both.
Image

User avatar
IsnipeWithAknife
Drum Major
Drum Major
Posts: 2858
Joined: Fri Apr 25, 2003 1:38 am
Location: Los Angeles
Contact:

Post by IsnipeWithAknife » Tue Apr 22, 2008 2:14 pm

is there a safe mode on Macs? you should try some computer cleaning in safe mode. I've never had any virus problems since the late 90s. Friends of mine had some success defeating ad/spyware running cleaning programs and clearing cookies on safe mode.
WHS '05, UCSB '10
WOP OT Round 1 Picture Battle Champion!
WOP OT Mafia Game II: First ever mafia champions
http://officeofstrategicinfluence.com/spam/

tSz42

Post by tSz42 » Wed Apr 23, 2008 8:31 am

IsnipeWithAknife wrote:is there a safe mode on Macs?
Hold down shift after the chime and wait for the gray loading screen.

User avatar
mkosbie
Drum Major
Drum Major
Posts: 2412
Joined: Wed Sep 08, 2004 6:21 pm
Location: Jerusalem, Israel

Post by mkosbie » Tue Apr 29, 2008 5:34 pm

An attack like this would generally be an infection in the winsock catalog on a PC. Basically, you access the internet through a series of programs called LSPs (Layered Service Providers) stored in the winsock catalog. Each one has the ability to do ANYTHING IT WANTS to ANY INTERNET TRAFFIC currently running on your computer.

On windows there's an easy command (netsh wins reset) to reset the catalog to a "clean" state (that is, the same way it was when the OS was installed). I don't know if the same exists for Mac.
It's 5:00... do you know where your ancestors came from?

User avatar
The Aceman
Support Staff
Support Staff
Posts: 3599
Joined: Thu Oct 30, 2003 12:58 pm
Location: Escondido, Ca
Contact:

Post by The Aceman » Wed Apr 30, 2008 7:47 am

mkosbie wrote:An attack like this would generally be an infection in the winsock catalog on a PC. Basically, you access the internet through a series of programs called LSPs (Layered Service Providers) stored in the winsock catalog. Each one has the ability to do ANYTHING IT WANTS to ANY INTERNET TRAFFIC currently running on your computer.

On windows there's an easy command (netsh wins reset) to reset the catalog to a "clean" state (that is, the same way it was when the OS was installed). I don't know if the same exists for Mac.
UNIX systems do not require a Winsock equivalent because TCP/IP and its use of sockets was designed to run directly with UNIX application programs. Basically eliminates the middle man, there is no WinSock.dll in between your browser and your TCP/IP on a mac.
Go read "Ishmael" a novel by Daniel Quinn. It will literally change your life.
Corruptissima re publica plurimae leges.
Image

User avatar
The Aceman
Support Staff
Support Staff
Posts: 3599
Joined: Thu Oct 30, 2003 12:58 pm
Location: Escondido, Ca
Contact:

Post by The Aceman » Sun May 11, 2008 11:17 am

OK, so I finally got rid of it. All I had to do was flush my DNS cache, and voila. I'm assuming since that fixed the problem, the malware I had was a Trojan Virus DNS Changer, had all the syptoms and flushing the DNS cache solved the problem.
Go read "Ishmael" a novel by Daniel Quinn. It will literally change your life.
Corruptissima re publica plurimae leges.
Image

User avatar
Ex Nihilo
Drum Major
Drum Major
Posts: 1820
Joined: Mon Jul 25, 2005 10:12 am

Post by Ex Nihilo » Sun May 11, 2008 11:32 pm

any idea where it came from?

User avatar
Hostrauser
Support Staff
Support Staff
Posts: 7984
Joined: Tue Oct 29, 2002 6:46 am
Location: Milwaukee, WI
Contact:

Post by Hostrauser » Mon May 12, 2008 8:27 am

The internet.

:duck:

User avatar
The Aceman
Support Staff
Support Staff
Posts: 3599
Joined: Thu Oct 30, 2003 12:58 pm
Location: Escondido, Ca
Contact:

Post by The Aceman » Mon May 12, 2008 9:25 am

Ex Nihilo wrote:any idea where it came from?
Not sure, but there are a few users on this computer and ALL the accounts were affected, so we may never know.
Go read "Ishmael" a novel by Daniel Quinn. It will literally change your life.
Corruptissima re publica plurimae leges.
Image

Post Reply