Thanks !

One of the reader’s comment …

“This is problem with SMC wireless router/modems. I am an Interent Support Rep and have seen this problem with customer and described on other sites. The problem is that the default search domain on these routers is set to mygateway.net. Changing this to a legitimate search domain is a work around for the problem, but I have seen no explaination for why the default serch domain is set to this. It has been reported for more than one ISP so it not something that just one ISP is doing.”

Let me know how it goes.

Used terminal and “sudo crontab -l” and found:

* * * * * “/Library/Internet Plug-Ins/QuickTime.xpt”>/dev/null 2>&1

However I can’t remove it. I only get “localized rsrc” is using it and therefore I can’t empty thrash.

What to do?

This is what we call “DNS Pharming Attack”. So a malware like DNSChanger trojan attempts to modify users DNS settings so that when user type a valid URL they are redirected to a list of websites that belongs to these attackers. As an effect, an innocent/infected user will thought that he/she is clicking a valid website like example, Facebook.com instead its completely loading different page. Pharming provides an attacker a advantage to hijack your browser and may cause disclosure of your private information, browsing behavior, direct to exploit websites, push further malware, push advertisements (so, you’ll find pop-ups coming out from time to time).

For common user perspective, this attack doesn’t seems harmful, however this is where attacker silently takes real advantage of the infection.

I hope this provides you clear understanding of this threat.