New Posts  All Forums:Forum Nav:

Redirect Virus?

post #1 of 19
Thread Starter 
Hey guys, something really weird is going on. Any time I google something some of the links lead to a site. the domain of the site is "pagesinxt.com" but on the site page it says it's asterpix.com. the two sites ive tried so far are caraudio.com and then some tennisforum where someone else was having the problem. It won't let me go to those, and im sure if I try googleing so more it will redirect those sites too.

The weirdest part is it's doing it on my iPhone too. At first I tried it with WiFi on and it redirected aswell, and then I turned WiFi off and it is still doing it! Anyone have any ideas? I really don't know what to do. I've ran Malwarebytes and Microsoft Security Essentials and neither have found anything.

Any help would be greatly appreciated, thanks!

Edit: Also i'm not positive if this is what caused this but I have an idea. Yesterday I clicked a link that was a fake link, Like it had a "L" instead of an i. I clicked it and it was just loading and never actually got to the webpage before I X'd out of it. Could that possibly be what caused this? And it was from a site that has a lot of hackers, so could I possibly be part of a botnet now or something?
Edited by vitality - 4/2/12 at 5:18pm
 
Macbook Pro
(7 items)
 
 
CPUMotherboardGraphicsRAM
Intel i5 3210m Apple Logic Board Intel HD 4000 8gb G. Skill 1600mhz 
Hard DriveOSMonitor
256gb Samsung 840 Pro OSX 10.9 Mavericks 13.3" 1280x800  
  hide details  
Reply
 
Macbook Pro
(7 items)
 
 
CPUMotherboardGraphicsRAM
Intel i5 3210m Apple Logic Board Intel HD 4000 8gb G. Skill 1600mhz 
Hard DriveOSMonitor
256gb Samsung 840 Pro OSX 10.9 Mavericks 13.3" 1280x800  
  hide details  
Reply
post #2 of 19
Edit: I jumped the gun, didn't read the iPhone part.

Some Viruses/Malware change your proxy settings.

Check Control Panel -> Internet Options -> Connections Tab -> Lan Settings button. Clear out the address field and uncheck the box that says Use a proxy server for your LAN.

That's the first thing that comes to mind.
Edited by Evermind - 4/2/12 at 4:52pm
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4ghz EVGA X58 SLI3 SLI MSI GTX 580 XL 3GB 12GB Gskill Ripjaw DDR3 1600 
Hard DriveOSPowerCase
Crucial 120GB SSD / 2x WD6401AALS / 1x WD20EARS Windows 7 x64 Pro Corsair HX1050 Coolermaster HAF932 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4ghz EVGA X58 SLI3 SLI MSI GTX 580 XL 3GB 12GB Gskill Ripjaw DDR3 1600 
Hard DriveOSPowerCase
Crucial 120GB SSD / 2x WD6401AALS / 1x WD20EARS Windows 7 x64 Pro Corsair HX1050 Coolermaster HAF932 
  hide details  
Reply
post #3 of 19
Thread Starter 
not sure if you still want me to do this because you edited it with the iphone part. I'm at control panel and i go to network and internet but I don't see internet options. Am I in the right place?
 
Macbook Pro
(7 items)
 
 
CPUMotherboardGraphicsRAM
Intel i5 3210m Apple Logic Board Intel HD 4000 8gb G. Skill 1600mhz 
Hard DriveOSMonitor
256gb Samsung 840 Pro OSX 10.9 Mavericks 13.3" 1280x800  
  hide details  
Reply
 
Macbook Pro
(7 items)
 
 
CPUMotherboardGraphicsRAM
Intel i5 3210m Apple Logic Board Intel HD 4000 8gb G. Skill 1600mhz 
Hard DriveOSMonitor
256gb Samsung 840 Pro OSX 10.9 Mavericks 13.3" 1280x800  
  hide details  
Reply
post #4 of 19
It doesn't hurt to check it. If you're on Win 7, use the search box or change view from Categories to small or large icons, then you will see Internet Options.

However, that is probably not it if it is affecting your iPhone as well. It could be that your DNS settings got changed on your router.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4ghz EVGA X58 SLI3 SLI MSI GTX 580 XL 3GB 12GB Gskill Ripjaw DDR3 1600 
Hard DriveOSPowerCase
Crucial 120GB SSD / 2x WD6401AALS / 1x WD20EARS Windows 7 x64 Pro Corsair HX1050 Coolermaster HAF932 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4ghz EVGA X58 SLI3 SLI MSI GTX 580 XL 3GB 12GB Gskill Ripjaw DDR3 1600 
Hard DriveOSPowerCase
Crucial 120GB SSD / 2x WD6401AALS / 1x WD20EARS Windows 7 x64 Pro Corsair HX1050 Coolermaster HAF932 
  hide details  
Reply
post #5 of 19
Thread Starter 
Ok, Im at Local Area Network Settings and "Automatically detect settings" is checked, and proxy server is not checked.
 
Macbook Pro
(7 items)
 
 
CPUMotherboardGraphicsRAM
Intel i5 3210m Apple Logic Board Intel HD 4000 8gb G. Skill 1600mhz 
Hard DriveOSMonitor
256gb Samsung 840 Pro OSX 10.9 Mavericks 13.3" 1280x800  
  hide details  
Reply
 
Macbook Pro
(7 items)
 
 
CPUMotherboardGraphicsRAM
Intel i5 3210m Apple Logic Board Intel HD 4000 8gb G. Skill 1600mhz 
Hard DriveOSMonitor
256gb Samsung 840 Pro OSX 10.9 Mavericks 13.3" 1280x800  
  hide details  
Reply
post #6 of 19
Next thing I would do is get into your router then and check your DNS settings.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4ghz EVGA X58 SLI3 SLI MSI GTX 580 XL 3GB 12GB Gskill Ripjaw DDR3 1600 
Hard DriveOSPowerCase
Crucial 120GB SSD / 2x WD6401AALS / 1x WD20EARS Windows 7 x64 Pro Corsair HX1050 Coolermaster HAF932 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4ghz EVGA X58 SLI3 SLI MSI GTX 580 XL 3GB 12GB Gskill Ripjaw DDR3 1600 
Hard DriveOSPowerCase
Crucial 120GB SSD / 2x WD6401AALS / 1x WD20EARS Windows 7 x64 Pro Corsair HX1050 Coolermaster HAF932 
  hide details  
Reply
post #7 of 19
Thread Starter 
ok, will do. now that I think about it a few days ago I tried to open a port for uTorrent because I can't download any torrents, I was trying to download ubuntu. what should i check for in the DNS settings?
 
Macbook Pro
(7 items)
 
 
CPUMotherboardGraphicsRAM
Intel i5 3210m Apple Logic Board Intel HD 4000 8gb G. Skill 1600mhz 
Hard DriveOSMonitor
256gb Samsung 840 Pro OSX 10.9 Mavericks 13.3" 1280x800  
  hide details  
Reply
 
Macbook Pro
(7 items)
 
 
CPUMotherboardGraphicsRAM
Intel i5 3210m Apple Logic Board Intel HD 4000 8gb G. Skill 1600mhz 
Hard DriveOSMonitor
256gb Samsung 840 Pro OSX 10.9 Mavericks 13.3" 1280x800  
  hide details  
Reply
post #8 of 19
Redirects can be related to the TDS rootkit. Download and run TDSSKiller here and see if you have that.
http://majorgeeks.com/Kaspersky_TDSSKiller_d6895.html

Malwarebytes is still good but not as good as it used to be, give combofix a shot, it does a much better job with rootkits.
http://www.bleepingcomputer.com/download/anti-virus/combofix

Also, check your hosts file under this folder C:\Windows\System32\drivers\etc and see what it says in it. All it should say is this:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost


Also, what browser are you using? If just IE, check allowed popups in IE and also Safe sites in your internet options. Some malware will put entries in there that will cause redirects.
post #9 of 19
If you didn't change it yourself, then on most routers there is a setting that says something like "Automatically get DNS settings from ISP"

If that is not checked, and instead, the Primary and Secondary DNS servers are specified with numbers that you aren't familiar with, then either:

Change it back to the auto setting

or

Configure it yourself using other trusted DNS servers. Most popular ones are probably:

Google:
8.8.8.8
8.8.4.4

OpenDNS:
208.67.222.222
208.67.220.220

Comodo Secure DNS:
8.26.56.26
8.20.247.20
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4ghz EVGA X58 SLI3 SLI MSI GTX 580 XL 3GB 12GB Gskill Ripjaw DDR3 1600 
Hard DriveOSPowerCase
Crucial 120GB SSD / 2x WD6401AALS / 1x WD20EARS Windows 7 x64 Pro Corsair HX1050 Coolermaster HAF932 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4ghz EVGA X58 SLI3 SLI MSI GTX 580 XL 3GB 12GB Gskill Ripjaw DDR3 1600 
Hard DriveOSPowerCase
Crucial 120GB SSD / 2x WD6401AALS / 1x WD20EARS Windows 7 x64 Pro Corsair HX1050 Coolermaster HAF932 
  hide details  
Reply
post #10 of 19
Thread Starter 
Quote:
Originally Posted by UsedPaperclip View Post

Redirects can be related to the TDS rootkit. Download and run TDSSKiller here and see if you have that.
http://majorgeeks.com/Kaspersky_TDSSKiller_d6895.html
Malwarebytes is still good but not as good as it used to be, give combofix a shot, it does a much better job with rootkits.
http://www.bleepingcomputer.com/download/anti-virus/combofix
Also, check your hosts file under this folder C:\Windows\System32\drivers\etc and see what it says in it. All it should say is this:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Also, what browser are you using? If just IE, check allowed popups in IE and also Safe sites in your internet options. Some malware will put entries in there that will cause redirects.

I just did that and it says the exact same thing as that does in my Drivers folder. Right now i'm using Firefox and have adblock + as an extension.

I'm going to do what evermind said about the DNS and if that doesn't fix it ill try those programs. Thanks a lot guys.

Also i'm editing the OP because I THINK I might know what caused this..
 
Macbook Pro
(7 items)
 
 
CPUMotherboardGraphicsRAM
Intel i5 3210m Apple Logic Board Intel HD 4000 8gb G. Skill 1600mhz 
Hard DriveOSMonitor
256gb Samsung 840 Pro OSX 10.9 Mavericks 13.3" 1280x800  
  hide details  
Reply
 
Macbook Pro
(7 items)
 
 
CPUMotherboardGraphicsRAM
Intel i5 3210m Apple Logic Board Intel HD 4000 8gb G. Skill 1600mhz 
Hard DriveOSMonitor
256gb Samsung 840 Pro OSX 10.9 Mavericks 13.3" 1280x800  
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security