Safari 8.0.4 : Hijacked

Similar Messages

• Safari, Mail AND Firefox Hijack???

  Hi, This is a mirrored post from the one in Safari forum, and the iBook G4 general use forum.
  First point, let's get this out of the way: I know there are neither virus nor malware in the wild for macs.
  Now, to the matter: Today, my Safari, Firefox and Mail app were hijacked several times, and were always redirected to this page: www.register.4less.com
  Always that I typed an ordinary http address (let's say: www.elnorte.com) in the address bar, I ended up in a site that purportedly belonged to the address I typed (in the address bar said the address I typed), but on the body, there was an image with the logo of register.4less.com, and the text: "Welcome to the future hosting of "www.[whateverityped].com" It was the same on FF and Safari.
  It all started when the Mail app warned me that a computer with a certificate issued to "register.4less.com" was pretending to be pop.gmail.com. I obviously cancelled the process, thinking the gmail server was compromised. I then experienced problems connecting with ANY app in my computer, even the RSS reader widget crashed (and when it crashed it couldn't connect to apple for sending the report).
  I made several transactions trough an https server (my bank) without any problems, only somewhat slower than the average. After this, any other website which were not https would give me the message I've explained before. I know I shouldn't have logged in to my bank, but at that moment I didn't suspected anything.
  Now, some more important information. I live in Mexico City, but right now I'm on vacation on my parent's house in my place of Birth: Monterrey, México. I have a cousin living also in Monterrey, which has refered to me he had encountered this problem with safari before and only in http sites. He told me also that https sites didn't have any problem (ebay and amazon sign in pages, e.g.). He uses the same ISP my parents use. In México city I have another ISP, and have never before had this problem. Right now my brothers are out of home, so I can not ask them if they have had this problem before, altough none of them uses a Mac.
  Of course I always have my Mac's firewall on. I also don't have any sharing enabled (neither windows nor personal file sharing).
  When I empty the cache this problem goes away for a few minutes before returning (that's how I'm writing this).
  I have the pop-up blocker on, and while typing this I changed the cookies to "Only to sites you navigate to", and deleted all of the cookies already installed. This didn't prevented the problem from happening again.
  Now guys, help me out here with these Questions:
  1. What should I do??
  2. What happened?? Could it be that the ISP have been compromised?, or is it my computer? I don't think it is my computer, I've searched the entire HD searching for anything remotely likely to register.4less.com and I didn't found anything. But right now I'm a little scared.

  "Start" Of Quote
  First point, let's get this out of the way: I know
  there are neither virus nor malware in the wild for
  macs.
  "End" Of Quote
  There is a virus for Mac! its called Leap-a-Worm Trasmitted my iChat to my knowledge there is one more Mac Virus but im not sue whats it called!

• My safari browser has been hijacked by so called in text advertising on both my iPad and MacBook Pro and I can't get rid of it.

  Both my iPad 4 and MacBook Pro are affected - if I turn off JavaScript the problem goes but then I can't access gmail etc.  I have deleted all cookies and web data and it keeps coming back. Words are highlighted green and annoying little pop up ads.  How can I get rid of this?

  Please read this whole message and be sure you understand all of it before doing anything. Back up all data before making changes to your settings.
  Unlock the Network preference pane, if necessary, by clicking the lock icon in the lower left corner and entering your password. Open the DNS tab again and change the server addresses to the following:
  8.8.8.8
  8.8.4.4
  That's Google DNS. Click OK, then Apply.
  In Safari, select
  Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data
  and confirm. If you’re using another browser, empty the cache. Test. Any difference?
  Notes:
  1. If you lose Internet access after making the above change to your network settings, delete the Google servers in the Network preference pane, then select the TCP/IP tab and click Renew DHCP Lease. That should restore the original DNS settings; otherwise restore them yourself.
  2. I’m not advocating Google or anything else as a DNS provider; the server addresses are offerred merely for testing purposes. There may be privacy and technical issues involved in using that service, which you should investigate personally before you decide whether to keep the settings. Other public DNS services exist.

• Safari Hijacked and Certificates that won't go away.  Malware?

  Four times over the last 4 or 5 months "something" hijacks Safari and freezes it.
  The first 3 times I was in Google.   I clicked on a site, it would freeze Safari and I would get a message from an unrelated website telling me to call a number for Apple Support which was not Apple.
  Each of those 3 times I called Apple Care and they went to Finder>Library> Cache and removed files from Launch Agents, Launch Daemons and Plug-ins.  That removed the problem.
  This time I was in Words With Friends when a Certificate popped up for the website Secure.RubiconProject.Com.   I spent over an hour on the phone with Apple looking for bad files.  None were found but we couldn't get rid of the Certificate and Safari was frozen.   Also, WWF would keep crashing Safari.
  The Apple guy had me install a 2 week free trial of Web Root antivirus.  It found some problems which it took care of.  When I went back to Words with Friends the Certificate popped up again but this time I clicked on it since Web Root would tell me if there was an issue. 
  The screen was blank but since then: 1.  No certificate and 2. an error message that was always across the top of WWF about having to reload the page was gone.  When I used Firefox to work on this problem with Apple, I would keep getting a message that said Firefox would not direct this to another page and I had to click an OK button.  That is gone.
  I don't know why I keep getting this issue since each time it is different.   I told Apple guy that I had read that Apple doesn't need antivirus and in fact they can cause more problems than they help.   He said Apple has a Firewall but nothing for malware which is become more and more prevalent.  There are threads here about not needed anti viruses but I'm at a loss. 
  I have Apple Care for 2 more years but I don't want to keep calling them if I can find a solution to this.  I'm not tech savvy.   I would like an antivirus that is a one time fee. 
  Advice please?

  You may have inadvertently installed adware. Eradicating it is simple and you don't have to download or install anything to fix it.
  Although adware relies upon deception, it does not get installed without your consent, and "anti-virus" utilities cannot prevent users from willfully installing garbage. Only you can do that, by recognizing adware's appearance, which is constantly changing as adware authors constantly attempt to thwart automatic means of detection.
  For an explanation or how this may have occurred, how to avoid it in the future, and for Apple's recommended solution read How to install adware.
  Webroot is garbage that won't help prevent adware. Uninstall it. Be sure to follow its uninstallation instructions.
  I have Apple Care for 2 more years but I don't want to keep calling them if I can find a solution to this.
  You should call them, as often as necessary. AppleCare is a service you paid for. Let them work for you. I suggest you express your displeasure regarding their inept recommendation to install Webroot. OS X's software firewall is also completely irrelevant to your concern.

• Safari and Firefox seem to have been hijacked

  Safari and Firefox seem to have been hijacked. When I type hotmail it takes me to some netgear wn2500rp genie. Help!

  Hi,
  Go here for trouble shooting 3rd party plugins or input managers which might be causing the problem.
  http://support.apple.com/kb/TS1594
  Make sure Safari is running in 32-bit mode. Right or control click the Safari icon in the Applications folder, then click: Get Info In the Get Info window click the black disclosure triangle next to General so it faces down. Select 32 bit mode. Also, (in that same window) make sure Safari is NOT running in Rosetta.
  If Safari still crashes, go to the Safari Menu Bar, click Safari/Preferences. Make note of all the preferences under each tab. Quit Safari. Now go to ~/Library/Preferences and move this file com.apple.safari.plist to the Desktop. Relaunch Safari. If it's a successful launch, then that .plist file needs to be moved to the Trash.
  Carolyn

• Help my safari web browser has been hijacked by some type of malware. My browser is locked in on a web page that pretends to be from the FBI. Is there security software I can purchase to eliminate this malware?

  I am not sure if this is the correct forum but I had these bastards who have stolen my web browser. Natually they ask me to send them monies to unlock my browser. It is a dangerous place out there. I would appreciate any recommendations as to possible security software to remove this malware will be much appreciated
  thank you
  Hijacked Safari Browser

  Information.
  https://discussions.apple.com/message/17680743#17680743

• IPad mini Safari Browser hijacked - any ideas to defend against intrusion?

  My safari session was hijacked as in I was no longer in control of where the browser was going and typing. Almost like a remote control app.  When I proceeded to iPad settings the hacker attempted to stop me from shutting down JavaScript, block cookies and eventually shutting down
  There was no Bluetooth connection open therefore no possibility of a nearby snooper and I was on a private home network.

  You may want to check this out.  We were seeing login issues prior to finding this.
  http://stackoverflow.com/questions/12506897/is-safari-on-ios-6-caching-ajax-resu lts

• Safari Hijacking??!!

  Hi, First point, let's get this out of the way: I know there are neither virus nor malware in the wild for macs.
  Now, to the matter: Today, my Safari, Firefox and Mail app were hijacked several times, and were always redirected to this page: www.register.4less.com
  Always that I typed an ordinary http address (let's say: www.elnorte.com) in the address bar, I ended up in a site that purportedly belonged to the address I typed (in the address bar said the address I typed), but on the body, there was an image with the logo of register.4less.com, and the text: "Welcome to the future hosting of "www.[whateverityped].com" It was the same on FF and Safari.
  It all started when the Mail app warned me that a computer with a certificate issued to "register.4less.com" was pretending to be pop.gmail.com. I obviously cancelled the process, thinking the gmail server was compromised. I then experienced problems connecting with ANY app in my computer, even the RSS reader widget crashed (and when it crashed it couldn't connect to apple for sending the report).
  I made several transactions trough an https server (my bank) without any problems, only somewhat slower than the average. After this, any other website which were not https would give me the message I've explained before. I know I shouldn't have logged in to my bank, but at that moment I didn't suspected anything.
  Now, some more important information. I live in Mexico City, but right now I'm on vacation on my parent's house in my place of Birth: Monterrey, México. I have a cousin living also in Monterrey, which has refered to me he had encountered this problem with safari before and only in http sites. He told me also that https sites didn't have any problem (ebay and amazon sign in pages, e.g.). He uses the same ISP my parents use. In México city I have another ISP, and have never before had this problem. Right now my brothers are out of home, so I can not ask them if they have had this problem before, altough none of them uses a Mac.
  Of course I always have my Mac's firewall on. I also don't have any sharing enabled (neither windows nor personal file sharing).
  When I empty the cache this problem goes away for a few minutes before returning (that's how I'm writing this).
  I have the pop-up blocker on, and while typing this I changed the cookies to "Only to sites you navigate to", and deleted all of the cookies already installed. This didn't prevented the problem from happening again.
  Now guys, help me out here with these Questions:
  1. What should I do??
  2. What happened?? Could it be that the ISP have been compromised?, or is it my computer? I don't think it is my computer, I've searched the entire HD searching for anything remotely likely to register.4less.com and I didn't found anything. But right now I'm a little scared.

  I just saw this on the DHS web site.
  Servers are frequently hacked; Even on Mitnick's ISP server (HostedHere).
  -==============================================
  August 21, CNET News — Kevin Mitnick Website hacked.
  Instead of the usual description of Kevin Mitnick, his consulting services and books, the famed hacker's Website on Sunday, August 20, displayed a vulgar message. Online vandals, apparently operating from Pakistan, broke into the computer hosting Mitnick's Website on Sunday and replaced his front page with one of their own. As a result, four Web addresses belonging to Mitnick, including KevinMitnick.com and MitnickSecurity.com, displayed an explicit message on Mitnick and hacking. The attackers gained complete control over the server that hosts his site as well as others at hosting provider Hostedhere, Mitnick said. Website defacements still occur often, but they have become less high profile in recent years as other, financially motivated threats take the spotlight.
  Screen shot: http://www.zone-h.org/content/view/14073/31
  Source: http://news.com.com/KevinMitnick+Web+sitehacked/2100-7349_3-6108032.html?tag=nefd.top

• Search engine hijacked by Yahoo in Safari Mountain Lion?

  I installed Mountain Lion these past days and since then, my Safari browser is hijacked by Yahoo, although I did set Google as my default search engine, and even changed DNS to google (8.8.8.8 and 8.8.4.4). I am at a loss - what is happening?  Help?

  In Preferences>General what is your default Search Engine?

• Browser Hijacks on Safari and Firefox

  For the last 10 days I've been getting browser hijacks when using Safari, taking me to sites such as www.vcigar.com, or getting notices that 'Safari is unable to open the page due to too many diverts'.
  I tried downloading Firefox, but the same thing is happening.
  I've tried all of the following:
  - emptying the cache
  - re-setting Safari
  - disabling Javascript
  - running ClamXav
  - cleaning Leopard
  - re-installing the system
  None of these has identified any problem with my system or eradicated the problem, which if anything has worsened in the last few days.
  Can anyone out there offer any advice as to what to try next?
  Thanks in advance for your time.

  Mulder, thanks for your response.
  I have tried what you suggested, but nothing was found and the problem persists.
  Any page I try to go to, it attempts to divert to http://www.dropped.pl/ and then safari gives the following message:
  Safari can’t open the page.
  Too many redirects occurred trying to open “http://www.bbc.co.uk/”. This might occur if you open a page that is redirected to open another page which then is redirected to open the original page.
  This happens persistently, irrespective of page.
  Any ideas, anyone?

• Safari hijacked-reproducable by me on two machines

  Please note. I tried to post in a different thread but the thread got marked as answered so that was the end of that. So here goes again
  I am getting a browser hijack on a regular basis. I have not been infected by the trojan. I get redirected to a pc malware site
  performanceoptimizer.com
  and then to
  scanner2.malware-scan.com
  I first noticed this when I would be browsing macnn.com/news and would click on one of their links which took me to an electronista site. I would get hijacked every time from the electronista.com site as described above. I emailed macnn and they seemed to know the problem had to do with me being in Canada. That was interesting. I was at mac2sell.net just before this and got hijacked the same way from them now too. No link to the electronista site this time though. I am running 10.5.2 with Safari 3.0.4 (5523.15) on my macbook.
  Just another note about my browser hijack problems. I also get the same results from my Macpro (rev1) running 10.4.1 and Safari 2.0.4 (419.3). Not sure how to post pictures here if you would like to see them though
  Thanks so much

  Wow, this is a very quick reply!!
  So the same product keys shouldn't harm my machines then? For example, when I try to install some upgrades from Microsoft website and there is this little software (which I forgot its name) that will check if my Windows is a genuine copy or not and I was just thinking that having same product keys could somehow break this "genuine copy" thing...
  I just want to make sure that this is not a problem or illigal to do. Nobody wants to have a problem with the Microsoft I guess

• Konchava Safari hijacker

  Something called Konchava is hijacking my safari and directing me to apps on the App Store.  Does anyone know how to get rid of it?

    Remove adware using an app.
     Use  free  AdwareMedic by clicking “Download ” from here
     http://www.adwaremedic.com/index.php
     Install , open,  and run it by clicking “Scan for Adware” button   to remove adware.
     Once done, quit AdwareMedic by clicking AdwareMedic in the menu bar and selecting
     “Quit AdwareMedic”.
     Safari > Preferences > Extensions
     Turn those off and relaunch Safari again.
     Turn those on one by one and test.
                 or
     Remove the adware  manually  by following the “HowTo” from Apple.
     http://support.apple.com/en-us/HT6506

• Charter & msn live search hijacking safari

  so recently i've noticed that some websites will redirect to a 'search page' from charter. and just randomly, if i reload the address it will go to the site directly, sometimes it's not redirected it just goes directly. (sites like 'daringfireball.net' or my blog address, just random sites, it changes)
  well then i noticed that it would ALWAYS go to redirected charter page when i only put the 'main' part of the address in, instead of the whole thing. i.e. just typing "apple" should go to "http://www.apple.com", but instead it would go to this site: "http://ww11.charter.net/search?qo=apple&rn=PcLMPddnp2HJcpY"
  i then scrolled down to the bottom and clicked the 'About this Page' link. and found out that Charter was trying to be "helpful" and the only way to "opt out" would be to add a cookie. (doesn't it seem like i should have to add a cookie if i wanted to "opt in" not the other way around?)
  anyways when i do 'opt out' then typing 'apple' in the address bar still doesn't take me to 'http://www.apple.com'; instead it takes me to a search results list from MSN Live Search: apple. that's almost even worse!!
  and i can't figure out how to "opt out" of the msn hijacking. anybody else having this trouble? any suggestions?
  i've already tried 'clearing cookies', emptying the cache, and restarting. nothing works. this is happening on both my iMac and macbook. and this only seems to be a 'charter' connection problem, because when i log in at a different location with another ISP it works just fine. i also contacted Charter and they said they don't support macs or safari, and told me to contact my browser developer.
  thanks in advance for any help!

  Hi Pastorabe,
  Welcome to Apple discussions; )
  Those DNS# values give by H_S, are from OpenDNS.
  Your ISP, & many others have numbers to e enter in the DNS server field.
  Many folks leave the DNS server field empty, not sure if that was the sase with yours.
  In any case many of them can be found here on the PortForward page, look for the Common DNS Servers link.
  Some in portforward such i.e, Earthlink's DNS # will still allow for highjacking, these are the opt out #s for Earthlink, that are not entered there.
  207.69.188.171 (west coast)
  207.69.188.172 (east coast)
  If you're west of the Mississippi, use the west coast DNS server as your primary and the east coast as secondary. And vice-versa for those of you in the eastern U.S.
  Quoted from an earthlink blog
  The Verizon DNS # 's also work for many in the US..
  Verizon (Level3) - these are not restricted to Verizon customers
  4.2.2.1
  4.2.2.2
  4.2.2.3
  4.2.2.4
  4.2.2.5
  4.2.2.6
  It is very nice not to be highjacked to an advertising page or other, isn't it?
  Enjoy your Mac & happy browsing: )
  Eme'~[)

• Safari in Lion hijacked by malware

  I hope someone can help...
  I have the new Lion operating system and was in Safari this morning trying to find a game for my son to play. I clicked on a site and I got a pop up window from www.theconsumerwinner.com telling me to answer a survey...only option was to click ok. I did not...I force quit Safari instead. When I restarted Safari the website and popup comes back and has basically hijacked my safari. I cannot get into any of Safari's menu options...even help.
  I went into the Safari folder and deleted the history from today, but it's still there. How can I get rid of this? I love my Safari...luckily I have Firefox installed for a work program, so I'm using it for now.  I want my Safari back though...
  Please help.
  Thank you!

  You have acquired either a flash cookie or a tracker cookie.
  For those who do not know about Flash cookies, more properly referred to as Local Shared Objects (LSO), they operate in a similar way to regular browser cookies but are stored outside the purview of your browser, meaning you cannot delete them from within your browser, whether Safari, Firefox, Opera or any other. Typically they are issued from sites or 3rd party sites that contain Adobe Flash content. Since virtually all internet advertising is delivered in Flash, Google/Doubleclick and all other internet advertising companies are sure to be tracking your browsing behavior with Flash cookies. These companies can see you traverse the Internet as you come upon the plethora of sites that contain their embedded advertising. Check out the Wikipedia entry here.
  In Mac OS X they are stored in the following location:
  /User’s Home Folder/Library/Preferences/Macromedia/Flash Player/#SharedObjects
  The settings for the Flash cookies are stored in:
  /User’s Home Folder/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys
  In OS X Local Shared Objects, or Flash Cookies, are appended with a .sol suffix. Flush deletes all the Flash cookies (.sol) and their settings.
  Flush can be downloaded from this website:
  http://machacks.tv/2009/01/27/flushapp-flash-cookie-removal-tool-for-os-x/
  If you want to retain certain Flash cookies but not others, the excellent add-on for Safari called SafariCookies  does just that:
  http://www.sweetpproductions.com/safaricookies/index.htm
  which not only does that but much more equally useful stuff!
  This article covers the issue in more depth:
  http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/
  Flash cookies are also known as 'Zombie Cookies' and are used by a number of firms, including Hulu, MTV, and Myspace. Graham Cluley, senior technology consultant at the internet security firm Sophos, told BBC News that the source of the trouble was Adobe Flash itself, which he called "one of the weirdest programs on the planet".
  "I think it's highly unlikely that these large companies have abused Flash cookies - which are different from browser cookies - with malicious intent," he said.
  "I think it's much more likely that the vast majority of users are simply oblivious to the bizarre way in which Adobe allows them to configure the software."
  http://www.bbc.co.uk/news/technology-10787882
  And a more recent article:
  http://www.nytimes.com/2010/09/21/technology/21cookie.html?_r=3&scp=1&sq=flash&s t=cse
  For other tracker cookies:
  If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's  (that's you!)  DNS records stay modified on a minute-by-minute basis.
  You can read more about how, for example, the OSX/DNSChanger Trojan works (by falsely suggesting extra codecs are required for Quicktime) here:
  http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml
  SecureMac has introduced a free Trojan Detection Tool for Mac OS X.  It's available here:
  http://macscan.securemac.com/
  First update the MacScan malware definitions before scanning. You can also contact their support team for any additional support - [email protected] [/b]
  The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
  (Note that a 30 day trial version of MacScan can be downloaded free of charge from:
  http://macscan.securemac.com/buy/
  and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)
  VIRUSES
  No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.
  It is possible, however, to pass on a Windows virus to another Windows user, for example through an email attachment. To prevent this all you need is the free anti-virus utility ClamXav, which you can download for Tiger and Leopard (check with them about Lion) from:
  http://www.clamxav.com/
  The new version for Snow Leopard is available here:
  http://www.clamxav.com/index.php?page=v2beta
  Note: ClamAV adds a new user group to your Mac. That makes it a little more difficult to remove than some apps. You’ll find an uninstaller link in ClamXav’s FAQ page online.
  If you are already using ClamXav: please ensure that you have installed all recent  Apple Security Updates  and that your version of ClamXav is the latest available.
  Do not install Norton Anti-Virus on a Mac as it can seriously damage your operating system. Norton Anti-Virus is not compatible with Apple OS X.

• Safari Google search hijacked by Yahoo

  Has anyone else found their search function in Safari hijacked by Yahoo? I can't even enter a URL -- it won't load! The Yahoo search box comes up instead and the URL stalls while loading. So then I am forced to do a Yahoo search to find the page I entered a URL for! Is there a solution for this or am I stuck with it?

  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Turn all extensions OFF and test. If the problem is resolved, turn extensions back ON and then disable them one or a few at a time until you find the culprit.