Zlob DNS Changer problem

Hi there,
Every time I google somthing in any internet browser, and I click on the link, I get redirected to other search engines via a site called copy-book.com. I've heard that the problem (virus) is called Zlob DNS Changer. I've looked on other Zlob removal pages, but they are all for Windows operating systems and I don't know how to remove it with my Mac! It's driving me insane and my internet is so slow now. Can anyone help please?!
Will
P.S.
If this help, here is some solution someone posted in another forum but It didn't really help me.
"Alright so I had this and I think I have managed to fixed it. What I had was a DNS changer Trojan that was able to hack into my router and change my DNS so that when I used google it redirected me. I was redirected by wierd IP addresses and copybook as well. What you need to do is check your DNS and if it starts with 85. you could have the same problem. Also check out these sites to find out more:
www.youtube.com/watch?v=bzNQ0OxNX8E
http://www.trustedsource.org/blog/42/New-DNSChanger-Trojan-hacks-into-routers
Info on how to remove it:
http://www.exterminate-it.com/malpedia/remove-zlob-dns-changer"

Might check here and here nd here.
If your router has been compromised, I don't know what to tell you about that, except maybe try a factory default reset.
Your profile suggests that your are still at 10.5.1. If that's true, find an uninfected Mac and download and burn to CD the 10.5.4 combo update and 2008-005 security update then install them on your computer. I think that security update is supposed to protect against that DNS changer thing but you may need to remove it first if you've already got it.

Similar Messages

  • Host fingerprint always changing, possibly dns resolve problem?

    Hello,
    I have a server that i try to connect which key fingerprint changes form time to time, and it stops me to connect (i get wrong password disconnect, although i am using an RSA key). Since its a physical machine lets exclude the part of any traffic shaping by the VPS provider. Also normally when i cant connect i cant see anything on the sshd logs of the machine. So this probably is a dns resolve problem ? Any recommendation or  knowledge that you can share with me to help me solve this problem ?

    presumbly the previous stats were from the test socket as new stats are just the same
    any exchnage problems  http://usertools.plus.net/exchanges/mso.php
    http://usertools.plus.net/exchanges/?
    http://btbusiness.custhelp.com/app/service_status
    http://bt.custhelp.com/app/answers/detail/a_id/15036
    http://community.plus.net/exchange-information/
    If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post.
    If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.

  • DNS Changer-like trojan?

    I've stumbled upon some sort of virus/trojan/malware, and nothing seems capable of getting rid of it. I've tried MacScan, ProtectMac, and iAntiVirus, emptying the cache/history/cookies/etc. of all my browsers, as well as resetting my router, and none of these attempts have fixed it. (iAntiVirus is running a full scan right now, but I'm not hopeful; a quick scan found nothing and the software's update feature wouldn't work.)
    The malware appears to operate like the DNS Changer trojan, but it only goes into effect occasionally. It happens in Safari and Firefox, for sure, and Chrome, iirc. Maybe once or twice an hour, a window will pop up, usually directed to "google-analytics.com" Sometimes it will start at "search.gugle.com" and then redirect to search. and results.google-analytics.com. Most often it gets stuck here, at the analytics.com address, but it will occasionally continue redirecting until the page ends up at something obviously scammish. The pop-up seems to be triggered by a random click; I cannot discern any specific websites or links that trigger it, except bit.ly, which loads, and then immediately redirects (without a pop-up) and hangs.
    A name-server grep pulls 10.0.2.1, so nothing seems to be odd there, and this is why I assume it's not actually the DNS Changer trojan.
    I'm currently running a daisy-chain of computers all sharing one internet connection, which tells me that it's my computer, because only it and the computer after me suffer from the problem. The modem is attached via ethernet to an iMac, which is wirelessly forwarding internet to my MacBook, which is forwarding internet via ethernet to a MacMini used as a mediacenter. The problem has only occurred, that I have seen, on the MacBook and MacMini. Curiously, the bit.ly redirect only occurs on the MacBook, not the mini.
    That's all the information I can think of that's relevant. If anybody can help me, it would be much appreciated.
    Message was edited by: senseabove

    Thanks, Thomas. I'm jumping through hoops to get to the internet because I'm subleasing an apartment right now and the owner specifically requested I leave the internet routed through his iMac so he has remote access to it. The Mini I really only plug in when I want to watch Netflix on the main TV (and the only reason I'm forwarding to it via ethernet is that it's having an unrelated wifi problem). I just figured it would be of interest that the pop-up occurs on the laptop and subsequently connected mini, but not the originating iMac, implying it's a problem with my computer, but more than a nasty cookie of some sort.
    Nevertheless, I've connected the modem directly to the Mac to see if that'll help get to the root of this. The DNS servers now appearing when I run "/usr/sbin/scutil --dns | grep nameserve" in the terminal (which I got from another thread on DNS Changers in the 10.5 forum) are all my ISP's, according to a google search of the IP address, so I would assume that means I'm not suffering from a DNS Changer. And I'm using Camino now, since the attack seems to only work in Safari and Firefox, while trying to trigger it again in Firefox.
    And I'm running little snitch, which I'd just remembered to turn back on before you replied, but I'm not sure what I should be looking for. That said, it doesn't seem to be popping up since I've turned Little Snitch back on.

  • Dns change not saved

    When i try to change the DNS to 8.8.8.8 the change is nog saved.
    The next time i check the DNS it has it,s old value.
    How come ?

    Hi Fred,
    Tnx for responding.
    But the strange thing is that on my other Ipad the DNS-change is saved correcty.
    I don't have to change it anymore.
    I can't find the difference between the 2 ipads
    Grtz
    Marcel

  • HT1222 DNS changer

    How can I put out the Malware DNS Changer from my iMac ?
    Comment me débarrasser du malware DNS Changer quiinfecte mon iMac?

    Go to this website - http://www.dcwg.org/detect/ - and pick a U.S. server (if you're in the U.S.). It will send you to a server that can detect whether you're safe or infected. If you're infected, it spells out the remedies.
    And no, I don't think DNSChanger can infect iOS machines - I may be wrong (and certainly someone will jump in here and tell me if I'm wrong).
    Good luck,
    Clinton

  • How to address the IP address automatically changing problem?

    My Oracle database 10g(10.2.0) is on the WinXP platform and the system IP address often changes automatically. This leads to some troubles with my Oracle database. How to deal with this problem? How to stop the IP changing problem?

    frank.qian wrote:
    But my database is using an ipaddress now. When I use loalhost instead, can database accept this?The database doesn't know or care. Its all in your network configuration files ... listener.ora and tnsnames.ora, and your 'hosts' file.
    Edited by: EdStevens on Dec 1, 2008 8:47 PM

  • HT201184 My computer is infected with the DNS changer virus. I installed the Macscan DNS Changer Removal Tool but after restarting the virus is still there!

    My computer is infected with the DNS changer Virus. I installed the Macscan DNS Changer Removal tool but after running it and restarting the laptop, the virus is still there .

    "Hinweis: Für die korrekte Durchführung dieses Tests dürfen keine Proxy-Server in den Einstellungen Ihres Webbrowsers aktiviert sein. Diese werden häufig bei Firmenrechnern verwendet. Sie sollten daher im Zweifel Ihren IT-Support kontaktieren, der Ihnen mitteilen kann, ob dieser Test in ihrer Umgebung genutzt werden kann."
    Google Translate:
    Note: For proper implementation of this test may not be a proxy server enabled in your browser settings. These are often used in corporate machines. You should contact your IT support in doubt, you can tell whether this test can be used in their environment.
    and
    fane_j wrote:
    Does the US site use a different script, which works even when proxies are used?
    No idea.

  • Not able to acess app store .. Tried every thing with ... Dns change .. Time chage.... Reset... Location services .suggest me how to resolve this issue

    Not able to acess app store .. Tried every thing with ... Dns change .. Time chage.... Reset... Location services .suggest me how to resolve this issue

    Hi aditya123,
    If you are having difficulty connecting to the App store from your iPhone, you may want to try the steps in this article -
    Can't connect to the iTunes Store
    http://support.apple.com/kb/TS1368
    Specifically -
    Troubleshoot issues on an iPhone, iPad, or iPod touch
    If you haven't been able to connect to the iTunes Store:
    Make sure your date, time, and time zone are correct in Settings > General > Date & Time.
    Note: Time Zone may list another city in your time zone.
    Make sure that your iOS software is up to date by tapping Settings > General > Software Update (iOS 5 or later) or connecting your iOS device to iTunes and clicking Check for Update on your device's Summary page.
    Check and verify that you're in range of a Wi-Fi router or base station. If you're on a device with cellular service, make sure that cellular data is turned on from Settings > General > Cellular.
    Note: If connected to cellular data, larger items may not download. You may need to connect to Wi-Fi to download apps, videos, and podcasts.
    Make sure that you have an active Internet connection. You can check the user guide for your device for help with connecting to the Internet.
    Make sure that other devices (portable computers, for example) are able to connect to the Wi-Fi network and access the Internet.
    Try resetting (turning off and then on again) your Wi-Fi router.
    If the issue persists, try troubleshooting your Wi-Fi networks and connections.
    It looks like you have already done many of these, but there are a few more to check out.
    Thanks for using Apple Support Communities.
    Best,
    Brett L

  • I have a DNS changer that MacScan can't find

    I have discovered that I have a DNS changer hidden away somewhere on my Powerbook G4
    I've run MacScan several times and it can't find it. Some of the other virus checkers only work on system 10.5 and up.
    I've been trying to learn how to eradicate this manually through various on line advice, but most of it is for newer machines and systems. I'm on 10.4.11.
    I followed some instructions to list my router in the Terminal App and see that my router keeps being changed to a server 85.255.116.83 in the Ukraine...rats) When I renew my DHCP lease in my Network preferences my server returns to 192.168.1.254 but within 5 seconds its been changed back.
    I don't have a script named plugins.settings in my /Library/Internet Plug-ins (something that was suggested to look for)
    Given that this seems to be running constantly, there must be something to look for, something to delete (like a preference file maybe), or something to re-install to eliminate this trojan.
    Any of you brilliant Mac minds have a suggestion for me

    Significant Rogue DNS Activity To 85.255.112.0/22 (thanks to the "FreeVideo Player" Trojan)
    http://lists.sans.org/pipermail/unisog/2006-November/026937.html
    DNSHijacker-85.255
    http://www.spynomore.com/dnshijacker-85-255.htm

  • DNS Changer Question?

    I just got my macbook pro from my college lastweek and found out today about the dns changer malware. How can I protect my laptop from this?

    UnicornFluffBall wrote:
    I just got my macbook pro from my college lastweek and found out today about the dns changer malware. How can I protect my laptop from this?
    The DNSChanger malware has not infected Macs for several years now, so if yours is new there is no reason to worry about it.
    To check and see if it was somehow previously infected go to http://www.dcwg.org/detect/ and click on the country / language of your choice.

  • DNS update problem

    Hi-
    A forum that I subscribe to has recently changed server, and now I don't seem to be able to access it. I've written to the owner, and he has written back to say "wait for your dns to update."
    How long might it take (hours, days, weeks...), or is there a way to force the Mac to update it manually (and if so, how!!)
    Many thanks,
    Andy

    DNS updating has nothing to do with your mac. it's your ISP that needs to update it's name servers. it could take 48+ hours for a DNS change to fully propagate. but again, it depends on your ISP, i normally see DNS updates on my end within a few hours but i've had clients where it's taken days.

  • I have Mac OS X 10.4.11 and evidently have the DNS changer virus.  Will MacScan fix this or is there something else?

    Will MacScan fix this or is there anything else?

    MacScan no, see > Thomas' Tech Corner » How to remove the DNS Changer malware

  • Any talk about the DNS changer trojan and how it could effect the iMac

    any talk about the DNS changer trojan and how it could effect the iMac and what are the solutions

    http://www.reedcorner.net/will-your-internet-service-cut-off-on-july-9/
    And recommendations in:  https://discussions.apple.com/message/18851415

  • Firefox loads, but wont load any web pages. tabs say "untitled". page is blank below. uninstaled and reinstaled no change. problem came after recent update. any help?

    firefox opens, but wont load any web pages. tabs say "untitled". page is blank below. uninstaled and reinstaled- no change. problem came after recent update. any help?
    ps. IE works as usual

    Problem solved from prior post. Firefox had become blocked somehow by McAfee firewall. Set to full access. Now works perfectly.

  • My iPod has the DNS changer bot.

    I've read discussions saying that it is impossible for an iPod/iPad to be infected with the DNS changer bot, but three computers in my house check fine on the governments check site, and on m iPod, it says that I'm infected. The little pop up occurs on my computers and my iPod saying that I'm infected, but only the iPod actually is "infected." Any ideas?

    I've read discussions saying that it is impossible for an iPod/iPad to be infected with the DNS changer bot
    That is correct.  There was never an iOS version of this malware.  In fact, there is no iOS malware at all, unless you have jailbroken your iPod.
    three computers in my house check fine on the governments check site, and on m iPod, it says that I'm infected.
    That site works by detecting whether your device looks up IP addresses using one of the formerly-malicious DNS servers that were seized by the FBI in November of last year.  The iPod generally gets its DNS server settings from the router.  The same is also generally true of computers, though you are more likely to have manually changed the DNS server settings on a laptop than on an iPod, so it's possible your router's settings have been changed to use a malicious DNS server.  If you know how to access your router's settings, you should examine them and see what DNS server addresses are being used.  Are they in one of the ranges listed at the bottom of the following page?
    http://www.dcwg.org/detect/checking-osx-for-infections/
    If so, you need to change your DNS settings in the router.  I would probably just reset the router to factory defaults if it were me, but you could also just change the DNS server settings to the OpenDNS servers (208.67.222.222 and 208.67.220.220).
    If not, you need to change the iPod's network settings.  Go to Settings -> General -> Network -> Wifi and tap the blue circle with a '>' in it that is next to the network you're using.  (Also, be sure that it's using the network you expect it to be using, and that it hasn't somehow jumped onto a neighboring wifi network.)  Then delete whatever is in the DNS field and change it to the OpenDNS servers.

Maybe you are looking for

  • Engine error HP LaserJet 100 color MFP M175 PCL6 wireless

    Hi folks, I would like to help with the "engine error" you're experiencing. I would like you to download the HP LaserJet Pro Series Firmware Update Utility. With this utility we can install a firmware update for the printer hardware. Please read all

  • .ZIP files and the ZipFile object

    Dove into java.util.zip this weekend and was most unhappy with the docs. Fortunately, searching these forums I was able to make some progress, but am still confused about the ZipFile class. I was able to open a FileInputStream, hand it to a ZipInputS

  • Flex Mobile: Problems with MultiDPI SplashScreen

    Hi guys, The property applicationDPI in my application is 160, and I created three bitmaps to 160, 240 and 320 DPI to be used in the SplashScreen. I created this class . see : http://www.adobe.com/devnet/flex/articles/mobile-skinning-part2.html#artic

  • Mov. file to dvd/ flashdrive

    I am having trouble copying a movie made with iMovie to a dvd. I move the file to the dvd icons on the desktop and all that shows up on the disc is the alias. this is for my daughters English project. I tried exporting the movie to mp4 and put it on

  • TA24326 How do you repair Apple Software Update in Windows 7?

    When I open iTunes it says a new version (10.6.3) is available, and I click on "download" but nothing happens.  I then go to Apple Software Update and no updates are found.