|
|
Redirect Virus
|
|
|
|
Forum Regular
Join Date: Sep 2000
Location: Dracut, MA, USA
Status:
Offline
|
|
My wife's new MacBook Air seems to have acquired a "redirect virus" . She can be in facebook or reading email and out of the blue her page is redirected to some other random website. Has anyone come across a fix for this annoyance? I have installed Norton's to NO avail.
Harvey
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Oct 2001
Location: San Jose, CA
Status:
Offline
|
|
There's no such thing, especially on a Mac. What web browser is she using? Have you tried emptying the browser's cache? What exactly is she clicking on? Or is it happening without her clicking anything (doubtful)? And what "random website" is it redirecting her to?
Steve
|
Celebrating 10 years and 4000 posts on MacNN!
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Sep 2000
Location: Dracut, MA, USA
Status:
Offline
|
|
How can you say that. If I have learned anything in my 35 years in computing, it's that anything is possible.
She alternates between Firefox and safari. She can be reading or responding to her email (webmail actually with Yahoo) and with no warning her screen is gone and a new website has opened. I have checked and her pop-up windows are blocked. There are 4 macs on the home network and neither of the others seems to have this problem.
|
|
|
|
|
|
|
|
|
Moderator Emeritus
Join Date: Apr 2005
Location: Cambridge, UK
Status:
Offline
|
|
Check the hosts file?
I know the TDSS rootkit can do this on Windows, not aware of anything on the Mac.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Sep 2002
Location: New York, NY
Status:
Offline
|
|
Sure she's just not accidentally doing the "Back" multitouch gesture on the trackpad?
|
Vandelay Industries
|
|
|
|
|
|
|
|
Moderator Emeritus
Join Date: Apr 2001
Location: Wasilla, Alaska
Status:
Offline
|
|
Originally Posted by Art Vandelay
Sure she's just not accidentally doing the "Back" multitouch gesture on the trackpad?
Good call Art.
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Jul 2009
Status:
Offline
|
|
Originally Posted by ibook_steve
There's no such thing, especially on a Mac.
Steve
Lines like that are why I sometimes feel ashamed to be a Mac user. People tend to assume I'm as stupid as that sentence.
|
|
|
|
|
|
|
|
|
Moderator Emeritus
Join Date: Apr 2001
Location: Wasilla, Alaska
Status:
Offline
|
|
Originally Posted by AltecXP
Lines like that are why I sometimes feel ashamed to be a Mac user. People tend to assume I'm as stupid as that sentence.
What is so stupid about that sentence?
There is no "redirect virus". (Except for the trojan Cold Warrior talked about..)
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
What about that Trojan CW was talking about? (technically not a virus, but that distinction is irrelevant to the user)
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
Because it doesn't work like that. The OP describes the current site changing after being loaded - the trojan in question just changed the DNS records before loading.
|
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
|
|
|
|
|
|
|
|
Moderator
Join Date: Aug 2001
Location: Nobletucky
Status:
Offline
|
|
Originally Posted by Harvey
...I have checked and her pop-up windows are blocked...
FWIW, the "block popup windows" functions in both Safari and FF don't defeat all forms of popups. There are forms of pop- unders, especially, that get around the blocks. Also, on-click scripts get around those blocks. So, if she happens to click on something on a webpage (like a link to a video or something), that can propagate both the link she wants as well as a tiny popunder window that is very easy to not notice. That popunder can then cause all sorts of mischief.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status:
Offline
|
|
Is it possible that some site is opening a pop-under that is scripting a redirect for the frontmost window?
|
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
A pop-under that switches window focus might just give exactly the indications Harvey is describing.
Harvey, when this happens, are there other browser windows open? Is it possible to count the windows before and after this happens?
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Dec 2010
Status:
Offline
|
|
hey guys..
not saying that this is 'the' cause.. but.. I have experienced random 'redirects' while browsing before.
also.. don't want to start a major discussion about the pros / cons / likes / dislikes of this here either...
.. just want to suggest a possible course of action.
ok.
so, apparently, there's this thing called "Flash" that websites use for allowing 3rd party advertising with. (among other things)
there are those who take advantage of some 'features' of this 'flash'.. and cause a redirect to another site as soon as the flash ad is loaded.
many reputable sites have had this issue, and it is sometimes not easy to track down, due to the nature of running ad campaigns.
there's this plugin that blocks flash and stops it from loading, allowing you to selectively load or ignore any flash content.
it is called "ClickToFlash".
Note: This is not a product endorsement or a recommendation. just a point to look at to test the concept.
Install this plugin, disable Flash for all sites, continue surfing, and note whether or not you experience any more random redirects.
If you are clean... and happy with the results.. you can get creative, and selectively click on some of the flash ads to load them.
If you then experience a sudden shift in websites, aka. random redirects, then you have found the culprit, and if you can identify the ad, you could report it to the hosting site if desired.
ymmv..
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by Thorzdad
FWIW, the "block popup windows" functions in both Safari and FF don't defeat all forms of popups. There are forms of pop-unders, especially, that get around the blocks. Also, on-click scripts get around those blocks. So, if she happens to click on something on a webpage (like a link to a video or something), that can propagate both the link she wants as well as a tiny popunder window that is very easy to not notice. That popunder can then cause all sorts of mischief.
Or, another way of putting all of this (AFAIK), pop-up blockers block the spawning of new windows or tabs that are not invoked directly by clicking on something.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Harvey: does this happen on any website, or particular websites? What DNS servers are you using, and have you tried others? Flash can indeed invoke redirects, so the ClickToFlash Safari extension or the Firefox FlashBlock extension are worth giving a try too.
I would methodically rule out all of these other possibilities before fixating on the possibility of a virus and try to trace additional information that pertains to what you have to do (if any) to cause this to happen and whether you can reproduce this. A virus is frankly at the bottom of my list of possible culprits, I would not start my troubleshooting there.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Originally Posted by AltecXP
Lines like that are why I sometimes feel ashamed to be a Mac user. People tend to assume I'm as stupid as that sentence.
That's some way of ingratiating yourself with these forums. You know you just called a guy who designed Apple iBook laptops stupid?
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by Big Mac
That's some way of ingratiating yourself with these forums. You know you just called a guy who designed Apple iBook laptops stupid?
It was kind of a dumb thing to say to speak in such absolutes, with all due respect to iBook Steve.
There is nothing special about the Mac that precludes it from getting at least some sort of trojan, if not virus. The distinction is not terribly relevant here, as has been pointed out.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
95% chance this guy wasn't hit by a "redirecting virus" on OS X. Is it completely out of the realm of possibilities? No. Is it very highly unlikely? Yes.
Many Windows users automatically jump to the conclusion that they've been hit by a virus when something goes wrong. If they're on a Mac, they need to stop making that leap because after nearly ten years malware threats are still basically unheard of on the platform.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status:
Offline
|
|
Originally Posted by besson3c
...
There is nothing special about the Mac that precludes it from getting at least some sort of trojan, if not virus...
That is true for trojans and other types of social engineered malware.
Not true for virii. UNIX vs. Windows. UNIX wins every time.
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Sep 2000
Location: Dracut, MA, USA
Status:
Offline
|
|
Thank you all for your input. All of your ideas seem to work, but only temporarily. I have not tried the Flash Click yet . . . it does sound like a very viable fix.
Hereis the latest: you asked what it was that pops up . . . . . just an hour ago. . . .
http://gotof.com/roadblock.php
security check
complete a 30 sec test below
make Bing your default home page
do you shop at Home Depot?
Play Bobble Boomers
Click any of the links above
and complete the required actions
to continue
http://tmcoi.info
one more thing! ...
Please Click to "OK" to continue.
OK
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|