- Thread starter Chirimoya
- Start date
Geeks and boffins to the rescue!
I would put my 10 pesos on the fact that you have a trojan that has created a script that uses the sciutil unix command to rewrite the dns servers, thus directing you to here and there.
Just a wild guess.
Have you ever used a terminal before? I can talk you through it over a messenger or post instructions here.
Just a wild guess.
Have you ever used a terminal before? I can talk you through it over a messenger or post instructions here.Ok, instructions...............
1. In your main finder window navigate to /Library -> Internet Plug-Ins then delete the file named plugins.settings
2. Empty the trash.
3. Open a terminal (in finder navigate to /Applications -> Utilities)
4. type sudo crontab -r then type your password (must be an admin <root> password)
5. check it has worked by typing sudo crontab -l the message returned should be along the lines of crontab: no crontab for root.
6. close your open windows and open system preferences.
7. open network then choose your connection. (airport?)
8. in the dns server box type 208.67.222.222 and 208.67.220.220 even if it's already there.
9. close the window and restart the mac.
If there is no "plugins.settings" file then you don't have the virus and it's another issue.
....................
It works by tricking you or a fellow user into running a program that you think will let you play a video or such like. It isn't however a codec, it's a script that changes your internal dns servers (not visible in sys prefs) and runs a crontab (an automated system process) every minute or so to change it back to the malicious dns servers. Here you deleted the script then the crontab.
1. In your main finder window navigate to /Library -> Internet Plug-Ins then delete the file named plugins.settings
2. Empty the trash.
3. Open a terminal (in finder navigate to /Applications -> Utilities)
4. type sudo crontab -r then type your password (must be an admin <root> password)
5. check it has worked by typing sudo crontab -l the message returned should be along the lines of crontab: no crontab for root.
6. close your open windows and open system preferences.
7. open network then choose your connection. (airport?)
8. in the dns server box type 208.67.222.222 and 208.67.220.220 even if it's already there.
9. close the window and restart the mac.
If there is no "plugins.settings" file then you don't have the virus and it's another issue.
....................
It works by tricking you or a fellow user into running a program that you think will let you play a video or such like. It isn't however a codec, it's a script that changes your internal dns servers (not visible in sys prefs) and runs a crontab (an automated system process) every minute or so to change it back to the malicious dns servers. Here you deleted the script then the crontab.
So far so good, but at this stage I get stuck: a little box at the top of the network box pops up telling me that "your network settings have been changed by another application". It does not allow me to make any changes to the settings, and does not allow me to close it or the main network settings box. I can only exit network settings by doing a force quit.
Again, got this far, but there is no file in that folder called plugins.settings.
Are you running 10.4.11? There is a looping bug bug that is to do with security update 2008-006. It came out yesterday. This creates the "your network settings have been changed by another application message. Can you get rid of it?
I don't know if it's something I did following someone's advice here, but the situation has improved. I just managed to log into gmail, hotmail and yahoo but for some reason flickr still redirects to the OpenDNS page. This makes me wonder whether the improvement is just temporary.
wight-boy, it is 10.4.11 and I did install that security update this morning: how do I get rid of it?
wight-boy, it is 10.4.11 and I did install that security update this morning: how do I get rid of it?
I would put my 10 pesos on the fact that you have a trojan that has created a script that uses the sciutil unix command to rewrite the dns servers, thus directing you to here and there.
Just a wild guess.
On a Mac? WhooHoo... some folks will be really surprised
No really, if it is a bug to do with the latest security update, it is easy to fix.
It's definitely a router problem and not a problem with anything virus/spyware/malware-like in the laptop itself. Our internet at home has been down since Tuesday so I'm posting from a caf? (new bagel place in Punta Cana Village) and all the sites that I can't access at home are fully accessible here.
Chiri, did someone not perhaps accidentally turn on a protective type program like a child filter or something like that? Or accidentally notched up your 'safe search' settings to the max?
I was wondering the same thing. I don't know much about Macs but I do know that when I use my son's Mac it will warn me if I'm sure about entering a site, even DR1, hotmail etc
Problem is back, with bells on. Practically everything I try to access on Firefox is blocked or open v-e-r-y s-l-o-w-l-y, so I'm using Safari or Explorer for the few sites that do open. I have no idea whatsoever what to do about this. Last time the problem vanished went as suddenly as it appeared.
I'm going to try and use my laptop in a public wi-fi spot to establish whether the router at home is indeed to blame, which appears to be the case, as the other laptops using my wireless network are also affected.
This time the OpenDNS error message does not mention Melmac systems, it just says "Site blocked. mail.google.com is not allowed on this network. This site was categorized as: Webmail".
I'm going to try and use my laptop in a public wi-fi spot to establish whether the router at home is indeed to blame, which appears to be the case, as the other laptops using my wireless network are also affected.
This time the OpenDNS error message does not mention Melmac systems, it just says "Site blocked. mail.google.com is not allowed on this network. This site was categorized as: Webmail".