Mac Thread, malware changing DNS? in Technical; Came across a strange problem on a student mac laptop.
She was complaining that it was slow in the net ...
27th February 2009, 01:29 AM #1
malware changing DNS?
Came across a strange problem on a student mac laptop.
She was complaining that it was slow in the net and randomly going to wrong sites.
She told me it had started after her older brother had been on the laptop.
1st thought was he had added DNS nameservers to the network settings but it seems more than that as the 2 Ip's are undeletable!! Went to resolve.conf And the same DNS servers were there.
Bit of googling brings up some possible malware for windows.
Anyone come across this before?
Ran various scan but nothing.
Will post more in the morning!
Changing the file and it seems to reset back after a rrstart.
IDG Tech News
27th February 2009, 09:33 AM #2
use the free tool, it will remove any malware it finds, the paid version just gives you real time protection.
27th February 2009, 10:17 AM #3
sounds like a zlob dns changer
which is a piece of Malware.
I've seen it on some windows machines but never on a mac.
Really difficult stuff to get rid of
27th February 2009, 10:31 AM #4
If it's a mac it's probably a root kit. I'd suggest you run chkrootkit and see what happens.
chkrootkit -- locally checks for signs of a rootkit
Either way, it sounds like something has been messing with your hosts file. So have a look at that too.
27th February 2009, 12:30 PM #5
This has been around for some time on the mac platform. Use this:
DNSChanger Trojan Horse Removal - OSX.RSPlug.A OSX/Puper
to remove it. Alternatively you could issue:
sudo rm -R -v /Library/Preferences/SystemConfiguration
from the command line (/Applications/Utilities/Terminal), followed by
sudo reboot now
Or you can manually reboot the affected client. Make sure you quit all open applications before doing this. On successful restart navigate to the Sharing Preferences Pane and reinstate the Computer's Name. If Network Settings are supplied by a DHCP Server then verify those settings are as they should be. Re-instate any Proxy Server Settings you might have.
Antonio Rocco (ACSA)
Thanks to AntonioRocco from:
gaz350 (27th February 2009)
27th February 2009, 01:25 PM #6
thanks Antonio that did the trick!
also noticed the dad has a admin account on her laptop!
27th February 2009, 01:32 PM #7
It seems to be a newish technique spammers and fraudsters are using (especially for online banking fraud) or large websites that process many financial transactions.
It allows them to replicate websites and make it appear all legitimate so the user is completely unaware any crime or theft has occurred.
27th February 2009, 03:59 PM #8
Only available for Windows; this is a Mac forum.
Originally Posted by TronXP
By mactech03 in forum Mac
Last Post: 27th February 2009, 03:10 PM
By flyinghaggis in forum General Chat
Last Post: 30th August 2008, 09:43 PM
By MyDejaVu in forum Windows
Last Post: 30th May 2007, 09:10 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)