Thursday, June 05, 2008

Virus

Last week I noticed that some of the websites I read regularly were being redirected. For a day or two I figured the issue was on their side so I didn't do anything. Then after a couple days I checked the sites on my laptop (I was suspicious because the URL of the redirect was just an ip address). My laptop went right to the correct site. I ran the command line program host (can do the same with Lookup in the Network Utility program) to look up the ip address and both machines returned different ip addresses. Then I opened up /etc/resolve.conf. On the laptop it pointed to my DSL modem as the DNS host, on my iMac it listed two DNS hosts: 85.255.116.152 and 85.255.112.19. Googling those addresses and checking them with Whois in the Network Utility program both showed that they are servers in Ukraine. I tried just correcting /etc/resolv.conf with a text editor. That fixed what I address I got using host, but not in a web browser. And when I reset the machine, /etc/resolv.conf got rewritten back to using the Ukrainian DNS servers. I found one site that suggested just setting the DNS server in the Network section of system preferences. This worked, but I did not feel good about leaving something running on my computer trying to change my DNS server. So I cleared the manual DNS setting. And decided it was time to buy a virus scanner - for the first time in my life. If I was more patient I would have paid for it and downloaded it on my laptop and then transfered it over. But I wasn't feeling very patient so I just manually set the DNS server and double checked that both computers were resolving the same ip address. Downloaded Norton and ran it and after several hours it found 3 files it identified as viruses. From the names it looked like they were browser plugins. After Norton deleted those files /etc/resolv.conf went back to normal and stayed that way and I stopped having my web browser send me to the wrong place.

That was a pain in the ass! But I guess that's what I get for all those years of claiming that I don't need a virus scanner because I'm careful about what I download and what I run. Other lesson was a reminder of how nice the Mac Network Utility program is.

No comments: