Safari Hijacking??!!

Similar Messages

• Safari Hijacked and Certificates that won't go away.  Malware?

  Four times over the last 4 or 5 months "something" hijacks Safari and freezes it.
  The first 3 times I was in Google.   I clicked on a site, it would freeze Safari and I would get a message from an unrelated website telling me to call a number for Apple Support which was not Apple.
  Each of those 3 times I called Apple Care and they went to Finder>Library> Cache and removed files from Launch Agents, Launch Daemons and Plug-ins.  That removed the problem.
  This time I was in Words With Friends when a Certificate popped up for the website Secure.RubiconProject.Com.   I spent over an hour on the phone with Apple looking for bad files.  None were found but we couldn't get rid of the Certificate and Safari was frozen.   Also, WWF would keep crashing Safari.
  The Apple guy had me install a 2 week free trial of Web Root antivirus.  It found some problems which it took care of.  When I went back to Words with Friends the Certificate popped up again but this time I clicked on it since Web Root would tell me if there was an issue. 
  The screen was blank but since then: 1.  No certificate and 2. an error message that was always across the top of WWF about having to reload the page was gone.  When I used Firefox to work on this problem with Apple, I would keep getting a message that said Firefox would not direct this to another page and I had to click an OK button.  That is gone.
  I don't know why I keep getting this issue since each time it is different.   I told Apple guy that I had read that Apple doesn't need antivirus and in fact they can cause more problems than they help.   He said Apple has a Firewall but nothing for malware which is become more and more prevalent.  There are threads here about not needed anti viruses but I'm at a loss. 
  I have Apple Care for 2 more years but I don't want to keep calling them if I can find a solution to this.  I'm not tech savvy.   I would like an antivirus that is a one time fee. 
  Advice please?

  You may have inadvertently installed adware. Eradicating it is simple and you don't have to download or install anything to fix it.
  Although adware relies upon deception, it does not get installed without your consent, and "anti-virus" utilities cannot prevent users from willfully installing garbage. Only you can do that, by recognizing adware's appearance, which is constantly changing as adware authors constantly attempt to thwart automatic means of detection.
  For an explanation or how this may have occurred, how to avoid it in the future, and for Apple's recommended solution read How to install adware.
  Webroot is garbage that won't help prevent adware. Uninstall it. Be sure to follow its uninstallation instructions.
  I have Apple Care for 2 more years but I don't want to keep calling them if I can find a solution to this.
  You should call them, as often as necessary. AppleCare is a service you paid for. Let them work for you. I suggest you express your displeasure regarding their inept recommendation to install Webroot. OS X's software firewall is also completely irrelevant to your concern.

• Safari hijacked-reproducable by me on two machines

  Please note. I tried to post in a different thread but the thread got marked as answered so that was the end of that. So here goes again
  I am getting a browser hijack on a regular basis. I have not been infected by the trojan. I get redirected to a pc malware site
  performanceoptimizer.com
  and then to
  scanner2.malware-scan.com
  I first noticed this when I would be browsing macnn.com/news and would click on one of their links which took me to an electronista site. I would get hijacked every time from the electronista.com site as described above. I emailed macnn and they seemed to know the problem had to do with me being in Canada. That was interesting. I was at mac2sell.net just before this and got hijacked the same way from them now too. No link to the electronista site this time though. I am running 10.5.2 with Safari 3.0.4 (5523.15) on my macbook.
  Just another note about my browser hijack problems. I also get the same results from my Macpro (rev1) running 10.4.1 and Safari 2.0.4 (419.3). Not sure how to post pictures here if you would like to see them though
  Thanks so much

  Wow, this is a very quick reply!!
  So the same product keys shouldn't harm my machines then? For example, when I try to install some upgrades from Microsoft website and there is this little software (which I forgot its name) that will check if my Windows is a genuine copy or not and I was just thinking that having same product keys could somehow break this "genuine copy" thing...
  I just want to make sure that this is not a problem or illigal to do. Nobody wants to have a problem with the Microsoft I guess

• Konchava Safari hijacker

  Something called Konchava is hijacking my safari and directing me to apps on the App Store.  Does anyone know how to get rid of it?

    Remove adware using an app.
     Use  free  AdwareMedic by clicking “Download ” from here
     http://www.adwaremedic.com/index.php
     Install , open,  and run it by clicking “Scan for Adware” button   to remove adware.
     Once done, quit AdwareMedic by clicking AdwareMedic in the menu bar and selecting
     “Quit AdwareMedic”.
     Safari > Preferences > Extensions
     Turn those off and relaunch Safari again.
     Turn those on one by one and test.
                 or
     Remove the adware  manually  by following the “HowTo” from Apple.
     http://support.apple.com/en-us/HT6506

• Safari Hijacked

  I have read all about how my Safari search has probably been hijacked, but not how to fix it.
  In putting in "Lowes" for example I get that the domain name is not valid or it goes to a "Wbr4.com",
  etc. I assume that I have a trojan horse that has changed or added to my DNS settings (which are grayed out).
  I have reset Safari, deleted the plist all to no avail.
  Is there a software that will get rid of my problem?
  Is it fixable?
  Thanks,
  Joe

  I think the explanation in Macworld is a pretty good one. See how you go checking the diagnosis and if necessary the cure at http://www.macworld.com/article/60823/2007/10/trojanhorse.html and please post back how you get on.
  ted.h.

• Safari hijacked by mackeeper.zeobit - really, this is TOO MUCH

  I clicked on a news article about a pastor who died recently in Sacramento, and a malware popup for mackeeper.zeobit.com urged me to clean my computer. The malware shut all the other Safari windows. The pop-up had an OK button, but NO OTHER WAY to remove the pop-up or close Safari. The normal window controls were missing.  All Safari Menu options were greyed out.  I tried using the Apple Menu to Shut Down, but that failed as Safari refused to Quit.
  As Safari would not Force Quit (greyed out) and would not Quit when I used the Apple menu to Shut Down, I powered off using the Power Button ...several times. No good - still had the non-closeable window and Menu options to Force Quit Safari or Reset Safari were greyed out.
  I spent a long time using Chrome to read a lengthly Apple discussion, which ended May 28th. Not really up-to-date and no practical help.  Finally, for no particular reason except for the passage of much time (30+ minutes?); when I next checked the Safari menu, the Reset Safari and Force Quit Safari options were no longer greyed out. 
  So I Reset Safari and Force Quit Safari for good measure.  Now I'm afraid to reopen Safari.  For now, I'm stuck using Chrome; and I don't care to use the Google product as it is basically spyware, IMO.
  So, two questions:
  1. Is there something I can do at the basic user level to prevent such interference that doesn't also cripple browser performance?
  2. Is Apple going to do anything about getting these Mackeeper and MacDefender creeps from invading their browser?  (Oh, I know you don't know... just venting... sigh... I mean, this stuff's been happening to people for many months, my software's up to date, i guess Apple isn't too worried about us little users getting freaked.)
  ~~~Teelbee

  Many users will see references to an application called MacKeeper on various web sites and via pop-ups on their browser. Not only is it expensive for what it purports to do (freeware applications that do the same or more are readily available), it can sometimes install itself without the user realising it, and it can be very tricky to get rid of.
  MacKeeper can be regarded as highly invasive malware* that can de-stablize your operating system. It is unethically marketed by a company called Zeobit and a rip-off.
  Further opinion on it and how to uninstall MacKeeper malware can be read here:
  http://applehelpwriter.com/2011/09/21/how-to-uninstall-mackeeper-malware/
  Do NOT download or use the ‘MacKeeper uninstaller’ from the Zeobit site, as this will cause even more damage to your operating system.
  This is also worth reading:
  http://www.reedcorner.net/news.php/?p=245
  Equally phoney was iAntivirus:
  http://www.reedcorner.net/news.php/?p=341
  until it was purchased recently (May 2012) by Symantic (makers of Norton anti-virus which does not work well with Apple OS X). Even after having tinkered with it, iAntivirus still fails to do the job properly and cannot be recommended.
  There are no viruses that can affect Apple OS X and there is therefore no reason to run anti-virus software on a Mac, but a Mac, like all computers, can transmit viruses and malware to other users particularly those running Windows. Note, however, that Trojans are another matter and can represent a genuine threat, an example of which was the recent 'Flashback Trojan' which you can read more about here:
  https://discussions.apple.com/docs/DOC-3261
  For further information you may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:
  https://discussions.apple.com/docs/DOC-2435
  The User Tip (which you are welcome to print out and retain for future reference) seeks to offer some guidance on the main security threats and how to avoid them.
  * The expression ‘malware’ is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software.

• IPad and Safari hijacked on a MAC!!!!!!!!!!!!!!!!!!!!

  I'm now on my third generation iPad. Yesterday, I got it hijacked, with a dialogue box saying to call a 1-888 number to unlock it. This has never happened in years of iPad use, but did one day after I enrolled in Google Plus. Feel free to make a rational conclusion. I will not ask the question of why hackers are always 2 orders of magnitude more competent that corporate IT. Instead, I will ask why no law enforcement agency can track a specific phone number and arrest the ********.
  Any enlightenment gratefully received.

  please follow this step
  Use iTunes to restore your iOS device to factory settings
  You can use iTunes to restore your iPhone, iPad, or iPod touch to factory settings and the latest version of iOS.
  Restoring iOS software deletes all your data and content from your device, including songs, videos, contacts, photos, and calendar info.
  Before you restore your device
  Make sure you’re using the latest version of iTunes.
  Use iTunes to back up your device. Transfer and sync any additional content to your computer.
  Turn off Find My iPhone in Settings > iCloud on your device to disable Activation Lock.
  Restore your iOS device
  Connect your iOS device to your computer using the cable that came with it.
  Select your iPhone, iPad, or iPod touch when it appears in iTunes. In the Summary panel, click Restore.
  Click Restore again to confirm that you want to restore your device to factory settings and delete all data and content. iTunes will download the iOS software file and restore your iOS device.
  After your iOS device is restored to factory settings, it will restart. Once it does, you’ll see the "Slide to set up” welcome screen. Follow the steps in the iOS Setup Assistant. You can set up your device as new or using a previous backup. If your iOS device has cellular service, it will activate after you restore.

• Safari hijacked by Adobe Reader - cant open pdfs from Safari

  I would greatly appreciate any help cant seem to find this exact problem elsewhere.
  I have a Macpro (new tower) running  10.9.4
  A few days ago I received an email from a trusted friend which included a link. I followed the link which asked me to download Adobe Reader which i foolishly did. Since then when I try to open a PDF from Safari I get the following message "Before viewing PDF documents in this browser you must launch Adobe Reader and accept the End User Licence Agreement, then Quit and relaunch the browser"
  Please note I can still open PDFs from the Finder and other browser's (e.g. Opera) also allow me to download
  I went to the Adobe site and downloaded Reader but it wont let me complete the installation. I fear my Mac has been infected by a trojan etc and can't seem to find out how to get around this.
  So far I have tried
  1) went to /Library/Internet Plug-ins - but nothing there
  2) reinstall of Mavericks
  Any help appreciated. I suppose a clean reinstall would help but don't want to do that just yet

  Open a Finder Window.
  Click on the Go in the menu bar.
  Press on option on the keyboard, "Library" will appear. Click on that.
  In the new Finder Window that it opens up, or the one that you have opened already. It'll show that particular folder. In that folder is Internet Plug-ins.
  Check to see if Adobe is in there. If so, delete it and reboot.
  I honestly thought it was in the same folder that you tried, but I don't remember at the moment. So my instructions are just a shot in the dark.
  KOT

• Safari Hijack

  Below is a Screen Shot of my Safari session after accidentally typing in an url:
  My Safari browser was "frozen" because Safari's startup page was changed by the to the above website.
  To fix the problem I temporally disabled Internet access, when then enabled be to go into Safari Preferences and remove the offending website, restoring Safari's startup page to my desired website.

  Select Safari > Preferences > Privacy > "Remove all website data" to get rid of any cookies or other data left by the server. Then quit Safari and relaunch it by holding down the shift key and clicking its icon in the Dock. That will stop the page from reloading automatically.
  Open your Downloads folder and delete anything you don't recognize.

• Safari Google search hijacked by Yahoo

  Has anyone else found their search function in Safari hijacked by Yahoo? I can't even enter a URL -- it won't load! The Yahoo search box comes up instead and the URL stalls while loading. So then I am forced to do a Yahoo search to find the page I entered a URL for! Is there a solution for this or am I stuck with it?

  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Turn all extensions OFF and test. If the problem is resolved, turn extensions back ON and then disable them one or a few at a time until you find the culprit.

• Major disruptions caused by Safari

  I installed Safari as the default browser. It hijacked the XML file type association, previously associated to Internet Explorer. It is a change that cannot be undone because Internet Explorer fixes only protocol associations, not file associations. There are numerous problems with this:
  1. The default style sheet is empty CSS; it does not do anything useful (as compared to Internet Explorer).
  2. External subsets in DTD are not read; the pages that used to work do not work any more. The workaround to explicitly declare all entities used by the page is cumbersome and hard to do automatically.
  3. When I send a local page to Internet Explorer because I cannot read it in Safari, Safari converts the local path to a file URL performing UTF-8 and URLEncode as intermediate conversions. Internet Explorer is unable to open such URLs except in very special cases where the encoding is transparent.
  4. The spell checker in Safari does not handle Polish even though the user interface is in Polish; I understand that Internet Explorer does not include any spell checker whatsoever so the spell checker should be turned off by default.
  5. XML transformations that previously worked break, e.g. on msxml:node-set. And it hard to tell where exactly they break without modifying the style sheet.
  6. Safari hijacks XML file type but leaves XSL file type alone; this allows an ugly workaround of saving all XML files as XSL.
  7. The icons for Safari associations are uninformative (XML) or not present at all (HTM).
  I understand the best thing in this situation would be to show Safari the door; however, Apple Software Update will still recommend installing it. With so many bugs and problems, please do not show Safari in ASU unless it is already installed.

  I installed Safari as the default browser. It hijacked the XML file type association, previously associated to Internet Explorer. It is a change that cannot be undone because Internet Explorer fixes only protocol associations, not file associations. There are numerous problems with this:
  1. The default style sheet is empty CSS; it does not do anything useful (as compared to Internet Explorer).
  2. External subsets in DTD are not read; the pages that used to work do not work any more. The workaround to explicitly declare all entities used by the page is cumbersome and hard to do automatically.
  3. When I send a local page to Internet Explorer because I cannot read it in Safari, Safari converts the local path to a file URL performing UTF-8 and URLEncode as intermediate conversions. Internet Explorer is unable to open such URLs except in very special cases where the encoding is transparent.
  4. The spell checker in Safari does not handle Polish even though the user interface is in Polish; I understand that Internet Explorer does not include any spell checker whatsoever so the spell checker should be turned off by default.
  5. XML transformations that previously worked break, e.g. on msxml:node-set. And it hard to tell where exactly they break without modifying the style sheet.
  6. Safari hijacks XML file type but leaves XSL file type alone; this allows an ugly workaround of saving all XML files as XSL.
  7. The icons for Safari associations are uninformative (XML) or not present at all (HTM).
  I understand the best thing in this situation would be to show Safari the door; however, Apple Software Update will still recommend installing it. With so many bugs and problems, please do not show Safari in ASU unless it is already installed.

• Safari and Firefox seem to have been hijacked

  Safari and Firefox seem to have been hijacked. When I type hotmail it takes me to some netgear wn2500rp genie. Help!

  Hi,
  Go here for trouble shooting 3rd party plugins or input managers which might be causing the problem.
  http://support.apple.com/kb/TS1594
  Make sure Safari is running in 32-bit mode. Right or control click the Safari icon in the Applications folder, then click: Get Info In the Get Info window click the black disclosure triangle next to General so it faces down. Select 32 bit mode. Also, (in that same window) make sure Safari is NOT running in Rosetta.
  If Safari still crashes, go to the Safari Menu Bar, click Safari/Preferences. Make note of all the preferences under each tab. Quit Safari. Now go to ~/Library/Preferences and move this file com.apple.safari.plist to the Desktop. Relaunch Safari. If it's a successful launch, then that .plist file needs to be moved to the Trash.
  Carolyn

• Help my safari web browser has been hijacked by some type of malware. My browser is locked in on a web page that pretends to be from the FBI. Is there security software I can purchase to eliminate this malware?

  I am not sure if this is the correct forum but I had these bastards who have stolen my web browser. Natually they ask me to send them monies to unlock my browser. It is a dangerous place out there. I would appreciate any recommendations as to possible security software to remove this malware will be much appreciated
  thank you
  Hijacked Safari Browser

  Information.
  https://discussions.apple.com/message/17680743#17680743

• IPad mini Safari Browser hijacked - any ideas to defend against intrusion?

  My safari session was hijacked as in I was no longer in control of where the browser was going and typing. Almost like a remote control app.  When I proceeded to iPad settings the hacker attempted to stop me from shutting down JavaScript, block cookies and eventually shutting down
  There was no Bluetooth connection open therefore no possibility of a nearby snooper and I was on a private home network.

  You may want to check this out.  We were seeing login issues prior to finding this.
  http://stackoverflow.com/questions/12506897/is-safari-on-ios-6-caching-ajax-resu lts

• Safari, Mail AND Firefox Hijack???

  Hi, This is a mirrored post from the one in Safari forum, and the iBook G4 general use forum.
  First point, let's get this out of the way: I know there are neither virus nor malware in the wild for macs.
  Now, to the matter: Today, my Safari, Firefox and Mail app were hijacked several times, and were always redirected to this page: www.register.4less.com
  Always that I typed an ordinary http address (let's say: www.elnorte.com) in the address bar, I ended up in a site that purportedly belonged to the address I typed (in the address bar said the address I typed), but on the body, there was an image with the logo of register.4less.com, and the text: "Welcome to the future hosting of "www.[whateverityped].com" It was the same on FF and Safari.
  It all started when the Mail app warned me that a computer with a certificate issued to "register.4less.com" was pretending to be pop.gmail.com. I obviously cancelled the process, thinking the gmail server was compromised. I then experienced problems connecting with ANY app in my computer, even the RSS reader widget crashed (and when it crashed it couldn't connect to apple for sending the report).
  I made several transactions trough an https server (my bank) without any problems, only somewhat slower than the average. After this, any other website which were not https would give me the message I've explained before. I know I shouldn't have logged in to my bank, but at that moment I didn't suspected anything.
  Now, some more important information. I live in Mexico City, but right now I'm on vacation on my parent's house in my place of Birth: Monterrey, México. I have a cousin living also in Monterrey, which has refered to me he had encountered this problem with safari before and only in http sites. He told me also that https sites didn't have any problem (ebay and amazon sign in pages, e.g.). He uses the same ISP my parents use. In México city I have another ISP, and have never before had this problem. Right now my brothers are out of home, so I can not ask them if they have had this problem before, altough none of them uses a Mac.
  Of course I always have my Mac's firewall on. I also don't have any sharing enabled (neither windows nor personal file sharing).
  When I empty the cache this problem goes away for a few minutes before returning (that's how I'm writing this).
  I have the pop-up blocker on, and while typing this I changed the cookies to "Only to sites you navigate to", and deleted all of the cookies already installed. This didn't prevented the problem from happening again.
  Now guys, help me out here with these Questions:
  1. What should I do??
  2. What happened?? Could it be that the ISP have been compromised?, or is it my computer? I don't think it is my computer, I've searched the entire HD searching for anything remotely likely to register.4less.com and I didn't found anything. But right now I'm a little scared.

  "Start" Of Quote
  First point, let's get this out of the way: I know
  there are neither virus nor malware in the wild for
  macs.
  "End" Of Quote
  There is a virus for Mac! its called Leap-a-Worm Trasmitted my iChat to my knowledge there is one more Mac Virus but im not sue whats it called!