+ Post New Thread
Results 1 to 8 of 8
Mac Thread, malware changing DNS? in Technical; Came across a strange problem on a student mac laptop. She was complaining that it was slow in the net ...
  1. #1
    gaz350's Avatar
    Join Date
    Jul 2007
    Location
    Rutland, east.leicestershire :P
    Posts
    579
    Thank Post
    47
    Thanked 49 Times in 41 Posts
    Rep Power
    28

    malware changing DNS?

    Came across a strange problem on a student mac laptop.

    She was complaining that it was slow in the net and randomly going to wrong sites.
    She told me it had started after her older brother had been on the laptop.

    1st thought was he had added DNS nameservers to the network settings but it seems more than that as the 2 Ip's are undeletable!! Went to resolve.conf And the same DNS servers were there.

    Bit of googling brings up some possible malware for windows.

    Anyone come across this before?
    Ran various scan but nothing.

    Will post more in the morning!

    Changing the file and it seems to reset back after a rrstart.

  2. #2

    Join Date
    Oct 2007
    Location
    Newcastle Upon Tyne
    Posts
    453
    Thank Post
    149
    Thanked 67 Times in 58 Posts
    Rep Power
    44
    try this

    malwarebytes

    use the free tool, it will remove any malware it finds, the paid version just gives you real time protection.

  3. #3
    rolfea's Avatar
    Join Date
    Nov 2008
    Location
    Hereford
    Posts
    682
    Thank Post
    66
    Thanked 50 Times in 25 Posts
    Rep Power
    21
    sounds like a zlob dns changer

    which is a piece of Malware.
    I've seen it on some windows machines but never on a mac.
    Really difficult stuff to get rid of

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    If it's a mac it's probably a root kit. I'd suggest you run chkrootkit and see what happens.

    chkrootkit -- locally checks for signs of a rootkit

    Either way, it sounds like something has been messing with your hosts file. So have a look at that too.

  5. #5
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    268
    Thank Post
    10
    Thanked 113 Times in 95 Posts
    Rep Power
    41
    This has been around for some time on the mac platform. Use this:

    DNSChanger Trojan Horse Removal - OSX.RSPlug.A OSX/Puper

    to remove it. Alternatively you could issue:

    sudo rm -R -v /Library/Preferences/SystemConfiguration

    from the command line (/Applications/Utilities/Terminal), followed by

    sudo reboot now

    Or you can manually reboot the affected client. Make sure you quit all open applications before doing this. On successful restart navigate to the Sharing Preferences Pane and reinstate the Computer's Name. If Network Settings are supplied by a DHCP Server then verify those settings are as they should be. Re-instate any Proxy Server Settings you might have.

    Antonio Rocco (ACSA)

  6. Thanks to AntonioRocco from:

    gaz350 (27th February 2009)

  7. #6
    gaz350's Avatar
    Join Date
    Jul 2007
    Location
    Rutland, east.leicestershire :P
    Posts
    579
    Thank Post
    47
    Thanked 49 Times in 41 Posts
    Rep Power
    28
    thanks Antonio that did the trick!

    also noticed the dad has a admin account on her laptop!

  8. #7

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    It seems to be a newish technique spammers and fraudsters are using (especially for online banking fraud) or large websites that process many financial transactions.

    It allows them to replicate websites and make it appear all legitimate so the user is completely unaware any crime or theft has occurred.

  9. #8
    theeldergeek
    Guest
    Quote Originally Posted by TronXP View Post
    try this

    malwarebytes

    use the free tool
    Only available for Windows; this is a Mac forum.

SHARE:
+ Post New Thread

Similar Threads

  1. Properly changing dns on leopard server
    By mactech03 in forum Mac
    Replies: 1
    Last Post: 27th February 2009, 02:10 PM
  2. XP Antivirus Malware - More convincing than the real thing!
    By flyinghaggis in forum General Chat
    Replies: 14
    Last Post: 30th August 2008, 08:43 PM
  3. Replies: 2
    Last Post: 30th May 2007, 08:10 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •