[Silver Samurai]

Ok, so if their's a IMG award for bonehead user, I think this takes the cake and I win.
Anyways, yesterday I noticed that I somehow got a virus on my memory stick. Figured no biggie, I can see the viruses in OSX and can delete them manually. No dice there either.
Anyways, while I haven't been able to remove the viruses yet, my Mac is acting up. Periodically it sends me to 1 of those malware pages of your system is infected type deal. Obviously i'ts not real since it's Vista page.
But this has me concerned, as to why/how I'm being redirected there in the 1st place.

Just wondering, anyone got any suggestions?

Besides the win virus, the only other change I've done is upgrade to 10.6, but why would it do that?
Thanks in advance.

[Hansi]

Aren't you just being redirected there by the sites you are looking at. Is it different sites? If so which? I've seen a few forums while googling for information which throw you over to these types of sites.

To remove the virus permanently simply re-format the USB stick.

[Sneaky Snake]

Are the viruses still on the USB stick?? or have they migrated to the HDD?

[Silver Samurai]

Hansi, on September 13th 2009, 10:51 AM, said:

Aren't you just being redirected there by the sites you are looking at. Is it different sites? If so which? I've seen a few forums while googling for information which throw you over to these types of sites.

To remove the virus permanently simply re-format the USB stick.

It's weird, because when it's happened I've been trying to go to facebook. Messed up, but ya, it redirects me...

I'll back up the stuff on my mem stick and then format it. Atleast if I do it on my mac it'll be contained and not be able to run, unlike doing it on the WinPC. Don't think my parents would be too pleased if I did kill their machine. Not to mention they'd make me fix it!

Sneaky Snake, on September 13th 2009, 02:50 PM, said:

Are the viruses still on the USB stick?? or have they migrated to the HDD?

I don't see how they've migrated over. Macs can't run .exe or .bat files. (unless if I'm mistaken)
I tried to delete them but it didn't work. I'll try to format later on.

As a precaution though I'm going to run a full virus scan on my parents PC.

[teflon]

Delete your facebook cookies/reset Safari/erase the cache. Basically cut loose with your browser and start afresh.
Also, make sure that the URL is right. I know its idiot simple stuff, but it could be as simple as the browser's saved one of your accidental mis-types and now when you type the first few letters and hit enter because it's auto-filled it for you you're getting what is now a phishing site.

As for deleting stuff on the USB stick, the files may well be protected/locked. Either open the trash's window and holt alt when you click erase, or use the finder's menu item for "secure empty trash". They're both the same, and will delete anything, be it locked, protected, slightly magical or alien technology.

[devSin]

ATD has a neat story about ads on NYTimes.com redirecting to Chinese malware sites (bad foreign grammar Windows XP-style security window mock-up nonsense). If it can happen to the New York Times, maybe it also happens for whatever else you're doing.

[J'nathus]

devSin, on September 13th 2009, 08:25 PM, said:

bad foreign grammar Windows XP-style security window mock-up nonsense

That is actually THE biggest problem we're having right now (in the PC tech support / malware removal world). The "rogue anti-malware" as we call them, but otherwise known as a complete sham. People are suckered into buying those to the tune of $1M per week (according to one of our reports). The name is forever changing, the attack vector is usually Trojan.Vundo and the threat is usually mixed (registry hacks, rootkits, etc). On EVERY infected machine I see, these bugs exist. They have many names, random names AND trying to sound like a legitimate program names.. like Antivirus XP 2009, Antivirus Pro 2010, Spyware Guard 2008, Personal Antivirus, Antivirus 360 (to sound like Norton 360), Antivirus AVS (to sound like AVG) . . . Luckily those bugs are actually usually easy to remove. It is the collateral infections that tend to be the problems - the rootkits. I always wonder why there are Trojans and Trojan.Downloaders... to my knowledge ALL Trojans are downloaders.

As far as the first poster, your redirect could be DNS based. Verify that your DNS addresses are coming from your ISP and not set static by something. Additionally, are you sure you're being redirected and it's not not a pop up? I get those even on my Mac. I love how it'll just start downloading something. That something is a .exe and therefore is not threat to the Mac. Those 'you're infected' pages are quite prevalent. Since they are false advertising and a vector for infection, the entity responsible should be caught and flogged, then put to sleep, then their vast financial resources redistributed back to all those people they ripped off.

[Silver Samurai]

J, on September 14th 2009, 05:26 AM, said:

That is actually THE biggest problem we're having right now (in the PC tech support / malware removal world). The "rogue anti-malware" as we call them, but otherwise known as a complete sham. People are suckered into buying those to the tune of $1M per week (according to one of our reports). The name is forever changing, the attack vector is usually Trojan.Vundo and the threat is usually mixed (registry hacks, rootkits, etc). On EVERY infected machine I see, these bugs exist. They have many names, random names AND trying to sound like a legitimate program names.. like Antivirus XP 2009, Antivirus Pro 2010, Spyware Guard 2008, Personal Antivirus, Antivirus 360 (to sound like Norton 360), Antivirus AVS (to sound like AVG) . . . Luckily those bugs are actually usually easy to remove. It is the collateral infections that tend to be the problems - the rootkits. I always wonder why there are Trojans and Trojan.Downloaders... to my knowledge ALL Trojans are downloaders.

As far as the first poster, your redirect could be DNS based. Verify that your DNS addresses are coming from your ISP and not set static by something. Additionally, are you sure you're being redirected and it's not not a pop up? I get those even on my Mac. I love how it'll just start downloading something. That something is a .exe and therefore is not threat to the Mac. Those 'you're infected' pages are quite prevalent. Since they are false advertising and a vector for infection, the entity responsible should be caught and flogged, then put to sleep, then their vast financial resources redistributed back to all those people they ripped off.

I formatted the usb drive and the virus is gone from it.

I don't know if im still being redirected because I set up firefox to tell me anytime I was being redirected. So far so good though.

I think I deleted everything from my cache though.

I know what you mean about the fake sites. I find them quite humourous since I'm running OSX.
But I'm sure in this case it was a redirect. The tab would change and not open in a new window.

Thanks for the tips everyone.
I hope this is gone for good.