malware changing DNS?
Came across a strange problem on a student mac laptop.
She was complaining that it was slow in the net and randomly going to wrong sites.
She told me it had started after her older brother had been on the laptop.
1st thought was he had added DNS nameservers to the network settings but it seems more than that as the 2 Ip's are undeletable!! Went to resolve.conf And the same DNS servers were there.
Bit of googling brings up some possible malware for windows.
Anyone come across this before?
Ran various scan but nothing.
Will post more in the morning!
Changing the file and it seems to reset back after a rrstart.
use the free tool, it will remove any malware it finds, the paid version just gives you real time protection.
sounds like a zlob dns changer
which is a piece of Malware.
I've seen it on some windows machines but never on a mac.
Really difficult stuff to get rid of
If it's a mac it's probably a root kit. I'd suggest you run chkrootkit and see what happens.
chkrootkit -- locally checks for signs of a rootkit
Either way, it sounds like something has been messing with your hosts file. So have a look at that too.
This has been around for some time on the mac platform. Use this:
DNSChanger Trojan Horse Removal - OSX.RSPlug.A OSX/Puper
to remove it. Alternatively you could issue:
sudo rm -R -v /Library/Preferences/SystemConfiguration
from the command line (/Applications/Utilities/Terminal), followed by
sudo reboot now
Or you can manually reboot the affected client. Make sure you quit all open applications before doing this. On successful restart navigate to the Sharing Preferences Pane and reinstate the Computer's Name. If Network Settings are supplied by a DHCP Server then verify those settings are as they should be. Re-instate any Proxy Server Settings you might have.
Antonio Rocco (ACSA)
thanks Antonio that did the trick!
also noticed the dad has a admin account on her laptop!
It seems to be a newish technique spammers and fraudsters are using (especially for online banking fraud) or large websites that process many financial transactions.
It allows them to replicate websites and make it appear all legitimate so the user is completely unaware any crime or theft has occurred.
Only available for Windows; this is a Mac forum.
Originally Posted by TronXP