Why does my browser keep getting re-directed?

CCS

Senior Member
Reaction score
26
I'll be surfing the web, clicking on search results (most recent was a typing tutorial site) and I get sent to a completely different site, which is full of advertising links. I click back, and then click the same site again, and that time I get to where I originally wanted. This happens on almost every 3rd link I click.

I ran a spyware program, and it found nothing.

What is causing this? It is very annoying. And what is the motivation for messing up people's computers like this? Does anyone actually click on any of those links or buy any products? I'd think the lack of sales revenue or sales commissions would deter anyone from taking the time to make such malwear.
 

Bryan

Senior Member
Staff member
Reaction score
42
I have some questions for you:

1) What Web browser are you using? What version of Windows? When did all this first start happening?

2) Can you give me the name of such a link (or where/how to find it) that causes that problem for you? I'll be happy to try it myself, and see if the same thing happens to me!
 

GeminiX

Senior Member
Reaction score
5
It sounds like malware of some kind.

A fairly common one is when your browser gets re-directed to affiliate marketing sites and sites full of adverts, this is usually accompanied by search engine hijacking and AV/Anti Spyware deactivation or crippling it so it says your PC is fine. A tell tale sign is to try and install another anti malware tool and see if it's blocked from installing.

Try rebooting the computer into Safe Mode with networking enabled, see if it works then, or if the computer was configured with a recent version of Windows, log in as the administrator and see if that works.

To be honest, there are so many things to try, it's tricky to diagnose and repair over a forum :)
 

CCS

Senior Member
Reaction score
26
I'm using Windows XP, I think Professional SP2, though I'd have to check by rebooting. I forgot about safe mode. I'll try that. I think delete goes to safe mode, and f8 goes to the bios. I'll reboot under safe mode without networking as administrator and run the anti-spyware again.

I kind of doubt the websites are at fault since so many have this problem, and they are pretty official sites. It has never happened to my bank account site though, but it has happened while researching engineering topics.

This has just started happening within the last few weeks.

I have automatic updates disabled because they tend to slow my computer down and still are not good enough to keep viruses out. I find it much faster to just do a fresh re-install every so often.

I'm using Mozilla Firefox, though I'm not sure which version. It is the latest or the second latest version.
 

GeminiX

Senior Member
Reaction score
5
You really should install the updates, they regularly add critical fixes and close security holes.

XP is also, sadly, broken wide open now. There is no longer a challenge to creating nasty software for un-patched XP machines, script kiddies can build them like lego blocks.
 

CCS

Senior Member
Reaction score
26
I logged on as Administrator in safe mode and ran Spybot. It ran for an hour and found nothing.

I definitely have Windows XP Professional SP2, a legit copy, and am running it on a P4. I still can't find my exact version of Firefox.

I have another problem: sometimes my screen is split so that the top is on the bottom, there is a dark break in the middle, and the bottom is on top. I can move my mouse between the two sections as long as I don't go through the dark zone. This occurred while I was in safemode, and also after my roommate installed Daoblo ('95 video game) on my computer, but only in the Deablo window. The rest of the time my screen is fine. I have another computer I gave a fresh install too, and the screen was fine during installation, but had that same problem once I logged on. It has not been on the internet yet, though it is used. I decided to do a yahoo search for some answers:

I searched: split screen top bottom error

http://search.yahoo.com/search;_ylt=A0o ... ype_param=


I clicked the second link but got sent here:

http://www.usautoinsurancenow.com/welco ... 1705550669

I backed out, clicked it again, and got sent here:

http://thedailyreviewer.com/xphelp/view ... -102448597
 

CCS

Senior Member
Reaction score
26
GeminiX said:
You really should install the updates, they regularly add critical fixes and close security holes.

XP is also, sadly, broken wide open now. There is no longer a challenge to creating nasty software for un-patched XP machines, script kiddies can build them like lego blocks.

XP used to be good. I've avoided upgrading to 7 or 10 because I heard those OS's take huge amounts of ram and have many annoying flaws. I guess I'll activate updates. It has been bugging me to do that for a long time now.
 

Bryan

Senior Member
Staff member
Reaction score
42
CCS said:
XP used to be good. I've avoided upgrading to 7 or 10 because I heard those OS's take huge amounts of ram and have many annoying flaws.

A year or so ago I purchased a nice new eMachines with 6 gigabytes of memory and Windows 7, and it was a REALLY good deal. What's really nice about Windows 7 is that free security service that Microsoft provides for it (I'm forgetting the name of it at the moment, but you probably know what I'm talking about). That, together with the other latest and greatest security features of Windows 7, makes for a lot of piece of mind! :)
 

The Gardener

Senior Member
Reaction score
25
Sounds like a CoolWebSearch browser hijacker. I used to run into this years ago during my internet p**rn days.

Download this CWS Shredder application and run it. It's a Trend Micro product, very high integrity:

http://free.antivirus.com/cwshredder/

Hopefully that does the trick.

Oh, and stop hitting up the p**rn. Don't give us this "well it was my roomate's Diablo" excuse... we ALL know how these browser hijackers propogate.
 

Cassin

Senior Member
Reaction score
78
Bryan said:
CCS said:
XP used to be good. I've avoided upgrading to 7 or 10 because I heard those OS's take huge amounts of ram and have many annoying flaws.

A year or so ago I purchased a nice new eMachines with 6 gigabytes of memory and Windows 7, and it was a REALLY good deal. What's really nice about Windows 7 is that free security service that Microsoft provides for it (I'm forgetting the name of it at the moment, but you probably know what I'm talking about). That, together with the other latest and greatest security features of Windows 7, makes for a lot of piece of mind! :)
I bought one as well. No bloated software! Love it.
 

Bryan

Senior Member
Staff member
Reaction score
42
<GROAN>

I said "...makes for a lot of piece of mind" in my previous post, when I should have said "...PEACE of mind"! :mrgreen:
 

somone uk

Experienced Member
Reaction score
6
unless you have the habbit of installing lots of toolbars/addons i wouldn't say it's malware

websites can be vandalised and i have seen it before, if you can access the html files you could add something like this to the top of all the html page:
Code:
<html>
<head>
<title>arire tbaan tvir lbh hc</title>
<meta http-equiv="REFRESH" content="0;url=http://www.youtube.com/watch?v=oHg5SJYRHA0"></head>
</html>

and poof, website becomes redirect and when you press back you go back to the page redirecting you, thus sending you back to the page
(open notepad, save this as a somthing.html and open in browser if you're really that curious )

idk if there is a way to set a browser to ignore html redirects or not :dunno:, i have never tried

a definitive way though to see if the problem is your computer is to boot an ubuntu live cd (it's on the install disk) and run that, it won't save anything to hard drive but it runs an OS without any viruses etc, if the page behaves in the same way then you know it's the website
 

GeminiX

Senior Member
Reaction score
5
No offence Someone UK, but don't you think it's more likely that CCS has a malware infection than someone has been going around hijacking all his favourite sites?

Typically, infecting an unpatched and vulnerable client is *way* easier than inserting malicious HTML into a website, especially a security fortress like a search engine; never mind the effort in first finding out which sites and searches the victim visits then planning ahead and compromising them all. Also there's the fact that this kind of malware is very well known and one of the most common attacks.

Early un-patched versions of XP can be infected simply by having a connection to the internet, and within a few moments of powering on after a clean install; no toolbars or additional software needs to be installed by the user.

Of course, what you're suggesting would be an amazing way to really mess with someone's head :)
 

Cassin

Senior Member
Reaction score
78
It's malware.

100% sure.

You can't rely on just one program since they all handle this a bit differently.

run spyware. Reboot. Run it again. Reboot. Then run ad-aware. reboot. Then run it again.

Should take an hour or two.

Then run through a full virus check and clear the cache and history from every browser.
 

somone uk

Experienced Member
Reaction score
6
GeminiX said:
No offence Someone UK, but don't you think it's more likely that CCS has a malware infection than someone has been going around hijacking all his favourite sites?

Typically, infecting an unpatched and vulnerable client is *way* easier than inserting malicious HTML into a website, especially a security fortress like a search engine; never mind the effort in first finding out which sites and searches the victim visits then planning ahead and compromising them all. Also there's the fact that this kind of malware is very well known and one of the most common attacks.

Early un-patched versions of XP can be infected simply by having a connection to the internet, and within a few moments of powering on after a clean install; no toolbars or additional software needs to be installed by the user.

Of course, what you're suggesting would be an amazing way to really mess with someone's head :)
tbh i only skimmed through this thread when i posted that
in my experience is that 90% of the time someone says a problem is due to malware/viruses/Trojans etc... it isn't

after reading the thread i have concluded it's run of the mill adware possibly cause by firefox addons

ccs do you get this problem in other browsers?
 

GeminiX

Senior Member
Reaction score
5
Well typically this kind of attack is browser agnostic, so it's more likely to be a running service than a browser plugin.

I'm fairly sure that in all the cases similar to this that I've seen, the infection has been a result of a user clicking "yes" to something which popped up and the payload then hicjacks the client DNS, usually inserting hosts redirects. Also in a couple I've seen, they have completely prevented the installation of any anti-spyware apps, though in the last case like this I saw the system was so incredibly slow with the amount of malware on it I nearly had to do a system re-install (something I consider to be a failure on my part if I ever (rarely) do).

Is several cases I've seen, there has been no software fix either requiring me to manually remove files or stop and disable malicious services, though every time someone had already written a handy guide on where the payload had embedded itself.

CCS, there are numerous ways the infection could have happened, from visiting a site which exposed a vulnerability in Flash, to agreeing to install some security software in a popup or even running some infected downloads.

Have you been able to resolve the problem yet? Gardner posted a useful looking link to try.
 

CCS

Senior Member
Reaction score
26
It was malware. I downloaded Adaware and it found 4 of them in 45 minutes. I'm amazed how they are named according to their tasks. I also downloaded updates for spybot. I have not had any problems since. I still have not done windows updates. One thing I don't like about updates is they often patch a program I never use, which then slows down my computer.

I'm really surprised no one has sent around a key stroke sniffer to get people's passwords and credit info. All the malware I've encountered just sends me to some dumb site. Maybe the worst ones are out there, but are just mroe hidden.
 

GeminiX

Senior Member
Reaction score
5
Glad you got it sorted :)
 
Top