Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Getting redirected on websites - Help.
New Posts  All Forums:Forum Nav:

Getting redirected on websites - Help.

post #1 of 13
Thread Starter 
Hey, my roommate is having an issue. Whenever he searches for something on google/bing/msn/ect and clicks on any link that came up as a result - he will get redirected to random sites. Like, if he googled Bruce Willis and wanted to go to the imbd link - he clicks it and it'll take him somewhere else. Usually some generic looking site that has no relation to whatever he was going to.

I had him run Malwarebytes and AVG which didn't find any infection. Could it be some sort of toolbar he has downloaded in his browser? I noticed he has a couple.

Anyway I am not very knowledgeable with stuff like this so I have no idea what it could be, but with school starting soon he'll need this problem fixed.

Edit: I just googled the problem which I should've done from the start.. and it turns out to be some Jump Redirect virus. Is there any software I can use to remove this?
Edited by Zakel2 - 8/10/11 at 4:36pm
Obsidian
(16 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Z68X-UD5-B3 Sapphire 6970 G.Skill 2x4GB 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 Samsung F3 Something cheap Swftech Apogee HD 
CoolingCoolingCoolingOS
EK FC-6970V2 MCP 355 XSPC EX360 Windows 7  
MonitorPowerCaseAudio
Samsung XL2370 OCZ ModXStream Pro 700W Corsair Obsidian 800D Asus Xonar DG 
  hide details  
Reply
Obsidian
(16 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Z68X-UD5-B3 Sapphire 6970 G.Skill 2x4GB 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 Samsung F3 Something cheap Swftech Apogee HD 
CoolingCoolingCoolingOS
EK FC-6970V2 MCP 355 XSPC EX360 Windows 7  
MonitorPowerCaseAudio
Samsung XL2370 OCZ ModXStream Pro 700W Corsair Obsidian 800D Asus Xonar DG 
  hide details  
Reply
post #2 of 13
It's a specific type of rootkit. I had this problem about a year ago. I'll see if I can find the fix. You need a special rootkit remover.

Edit : DING! Found it. http://support.kaspersky.com/viruses...?qid=208280684
Silence is Golden
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 2500k @ 4.5Ghz Asus P8P67 Deluxe B3 EVGA GTX 680 G.Skill RipjawsX 2x4GB 
Hard DriveHard DriveCoolingOS
Intel 80GB SSD G2 WD Blue 500GB Corsair H50 Windows 7 Ultimate x64 
MonitorKeyboardPowerCase
BenQ v2400w Logitech Illuminated Seasonic X750 NZXT Switch 810 
MouseAudioAudio
Logitech G400 Asus Xonar DS Swan D1080MkII 08 
  hide details  
Reply
Silence is Golden
(15 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5 2500k @ 4.5Ghz Asus P8P67 Deluxe B3 EVGA GTX 680 G.Skill RipjawsX 2x4GB 
Hard DriveHard DriveCoolingOS
Intel 80GB SSD G2 WD Blue 500GB Corsair H50 Windows 7 Ultimate x64 
MonitorKeyboardPowerCase
BenQ v2400w Logitech Illuminated Seasonic X750 NZXT Switch 810 
MouseAudioAudio
Logitech G400 Asus Xonar DS Swan D1080MkII 08 
  hide details  
Reply
post #3 of 13
Thread Starter 
Ahh - quick response xD I'll take a look at that link
Obsidian
(16 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Z68X-UD5-B3 Sapphire 6970 G.Skill 2x4GB 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 Samsung F3 Something cheap Swftech Apogee HD 
CoolingCoolingCoolingOS
EK FC-6970V2 MCP 355 XSPC EX360 Windows 7  
MonitorPowerCaseAudio
Samsung XL2370 OCZ ModXStream Pro 700W Corsair Obsidian 800D Asus Xonar DG 
  hide details  
Reply
Obsidian
(16 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Z68X-UD5-B3 Sapphire 6970 G.Skill 2x4GB 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 Samsung F3 Something cheap Swftech Apogee HD 
CoolingCoolingCoolingOS
EK FC-6970V2 MCP 355 XSPC EX360 Windows 7  
MonitorPowerCaseAudio
Samsung XL2370 OCZ ModXStream Pro 700W Corsair Obsidian 800D Asus Xonar DG 
  hide details  
Reply
post #4 of 13
i had that. if the comp is new just format
facebook machine
(16 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Asrock p67 extreme4 saphire 6870 ripjaws X 1600mhz 8gb 
Hard DriveHard DriveOptical DriveCooling
seagate 250gb 5400rpm vertex 3 max iops hp dvdrw cooler master v8 
OSMonitorKeyboardPower
win7 Acer s230hl logitech k350 corsair tx650 
CaseMouseMouse PadAudio
nzxt m59 logitech m510 wowpad microthin jbl audio stereo speakers 
  hide details  
Reply
facebook machine
(16 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Asrock p67 extreme4 saphire 6870 ripjaws X 1600mhz 8gb 
Hard DriveHard DriveOptical DriveCooling
seagate 250gb 5400rpm vertex 3 max iops hp dvdrw cooler master v8 
OSMonitorKeyboardPower
win7 Acer s230hl logitech k350 corsair tx650 
CaseMouseMouse PadAudio
nzxt m59 logitech m510 wowpad microthin jbl audio stereo speakers 
  hide details  
Reply
post #5 of 13
Thread Starter 
I ran that Kaspersky program and I didn't get any results.
Obsidian
(16 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Z68X-UD5-B3 Sapphire 6970 G.Skill 2x4GB 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 Samsung F3 Something cheap Swftech Apogee HD 
CoolingCoolingCoolingOS
EK FC-6970V2 MCP 355 XSPC EX360 Windows 7  
MonitorPowerCaseAudio
Samsung XL2370 OCZ ModXStream Pro 700W Corsair Obsidian 800D Asus Xonar DG 
  hide details  
Reply
Obsidian
(16 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Z68X-UD5-B3 Sapphire 6970 G.Skill 2x4GB 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 Samsung F3 Something cheap Swftech Apogee HD 
CoolingCoolingCoolingOS
EK FC-6970V2 MCP 355 XSPC EX360 Windows 7  
MonitorPowerCaseAudio
Samsung XL2370 OCZ ModXStream Pro 700W Corsair Obsidian 800D Asus Xonar DG 
  hide details  
Reply
post #6 of 13
Check his IE Proxy settings

had an issue on a friends computer where it wouldn't get to the web at all, only because something had made an email POP server the Proxy in IE....
post #7 of 13
Thread Starter 
Well this is rather strange. I actually went on his pc and was searching on firefox and chrome and only got redirected once on firefox - while he was stating it happens to him 90% of the time. And I was on there for about 10 minutes clicking various links.
Edited by Zakel2 - 8/10/11 at 5:13pm
Obsidian
(16 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Z68X-UD5-B3 Sapphire 6970 G.Skill 2x4GB 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 Samsung F3 Something cheap Swftech Apogee HD 
CoolingCoolingCoolingOS
EK FC-6970V2 MCP 355 XSPC EX360 Windows 7  
MonitorPowerCaseAudio
Samsung XL2370 OCZ ModXStream Pro 700W Corsair Obsidian 800D Asus Xonar DG 
  hide details  
Reply
Obsidian
(16 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k Z68X-UD5-B3 Sapphire 6970 G.Skill 2x4GB 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 Samsung F3 Something cheap Swftech Apogee HD 
CoolingCoolingCoolingOS
EK FC-6970V2 MCP 355 XSPC EX360 Windows 7  
MonitorPowerCaseAudio
Samsung XL2370 OCZ ModXStream Pro 700W Corsair Obsidian 800D Asus Xonar DG 
  hide details  
Reply
post #8 of 13
Quote:
Originally Posted by Zakel2 View Post
Well this is rather strange. I actually went on his pc and was searching on firefox and chrome and only got redirected once on firefox - while he was stating it happens to him 90% of the time. And I was on there for about 10 minutes clicking various links.
Currently dealing with this now on a customer's machine. Assuming what we're dealing with is the exact same. Here is what I tried and it hasn't worked yet...


-- Ran MAB, TDS, Sopho's rootkit utilty, and none of those have found ANYTHING. Sopho's found a few items, but they were only suspicious cookies. (Deleted, and the problem still exists.)

If you install No-Script on firefox. You can see the site you get directed to, it should direct you to one site, that uses a Java Script which redirects you to another site. I've been able to get Bing working in IE. MSE helped me with that. Ran a full system scan and found some files that had trojans in them. I've manually searched the registry, nothing in the startup entries, nothing in the registry directly related to IE/Firefox. Other than a search scopes options that I don't think is related.

If you have what I have, I'm going to go ahead and recommend a reformat. I HATE reformatting to 'solve' an issue. Since it doesn't fix anything...just kind of starts over. But this system is pretty badly messed up...boot up in safe mode. Still get redirected, no proxy settings changed. HOSTS file is the default. Any Browser gets redirected, not just firefox//ie. I'm trying Combofix now as a last resort before giving it the ol' complete wipe.

This is really bugging me...I've spent about 10 hours on it in the past two days.
Roadhouse
(16 items)
 
Coldstorm R.2.1
(13 items)
 
Roadhouse
(7 photos)
CPUMotherboardGraphicsRAM
Intel i7 2600K Gigabyte GA-Z68X-UD3H-B3 Sapphire 6950  G. Skill Ripjaws Series (8gb) 2x4gb DDR3 1600 
Hard DriveHard DriveOptical DriveCooling
Corsair M4 SSD Western Digital Caviar Black Lite-On DVD Burner Corsair H100 
OSMonitorKeyboardPower
Windows 7 64x Professional Samsung 2333HD Ducky Shine (Red Switches) Corsair TX650M 
CaseMouseMouse PadAudio
Thermaltake Level 10 GT Logitech G9x Steeleseries Xai Steeleseries Siberia v2's 
CPUMotherboardGraphicsRAM
Phenom 920@3.8GHz GIGABYTE GA-MA790X-UD4 SAPPHIRE 6950 2GB [UPS] G Skill 2x2(4gb) DDR2-800 
Hard DriveOptical DriveOSMonitor
500gb+640gb - Raid 0- 750gb and 1tb for Storage LG 22x DVD Burner Windows 7 Professional 64x Samsung 2333HD 
KeyboardPowerCaseMouse
XArmor Corsair 650TX CoolerMaster Storm Sniper BE Logitech G9x 
Mouse Pad
Steelseries 
  hide details  
Reply
Roadhouse
(16 items)
 
Coldstorm R.2.1
(13 items)
 
Roadhouse
(7 photos)
CPUMotherboardGraphicsRAM
Intel i7 2600K Gigabyte GA-Z68X-UD3H-B3 Sapphire 6950  G. Skill Ripjaws Series (8gb) 2x4gb DDR3 1600 
Hard DriveHard DriveOptical DriveCooling
Corsair M4 SSD Western Digital Caviar Black Lite-On DVD Burner Corsair H100 
OSMonitorKeyboardPower
Windows 7 64x Professional Samsung 2333HD Ducky Shine (Red Switches) Corsair TX650M 
CaseMouseMouse PadAudio
Thermaltake Level 10 GT Logitech G9x Steeleseries Xai Steeleseries Siberia v2's 
CPUMotherboardGraphicsRAM
Phenom 920@3.8GHz GIGABYTE GA-MA790X-UD4 SAPPHIRE 6950 2GB [UPS] G Skill 2x2(4gb) DDR2-800 
Hard DriveOptical DriveOSMonitor
500gb+640gb - Raid 0- 750gb and 1tb for Storage LG 22x DVD Burner Windows 7 Professional 64x Samsung 2333HD 
KeyboardPowerCaseMouse
XArmor Corsair 650TX CoolerMaster Storm Sniper BE Logitech G9x 
Mouse Pad
Steelseries 
  hide details  
Reply
post #9 of 13
Ask him if he installed any of those toolbars himself? If he didn't install them then its most likely ad-ware. Whenever he does a search and it redirects him its usually because spyware has messed with his hosts file:

Download this:
http://www.funkytoad.com/index.php?o..._content&id=13

Restore your hosts file to its default state. Then lock it (add the read-only permissions to the file.)
Usually Malware/Spyware will compromise your hosts file to redirect URLs. The only thing that should be allowed to write to the hosts file is windows, your browsers, and AV/Anti-Spyware programs. (like you when you use the immunize feature in Spybot S&D it will write a bunch of entries into your hostfiles to redirect malicious URLs to 127.0.0.1)

After that, go to www.ccleaner.com and use "run cleaner" and it will clear out all the crap in the temporary folders, cache, cookies, etc. (beware, if he is reliant on his browser remember his passwords for him, then he needs to find them out and write them down because this will delete them all).
Edited by Kaiga - 8/10/11 at 10:25pm
post #10 of 13
Quote:
Originally Posted by Zakel2 View Post
Well this is rather strange. I actually went on his pc and was searching on firefox and chrome and only got redirected once on firefox - while he was stating it happens to him 90% of the time. And I was on there for about 10 minutes clicking various links.
It doesn't matter what browser you use, IE is integrated into the OS. if you have a proxy set under IE all of your browsers will use it. By default there should be NO proxy set.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Getting redirected on websites - Help.