0

I am always getting redirected to some page that shows ads, on several webpages (Microsoft, Linkedin, Yahoo). However, Facebook and Gmail are working fine. I deleted all cookies, but I am facing the same issue.

What type of attack is this? How to fix it?

Note: I'm having the same issue with all browsers.

(Click to enlarge)

Tamara Wijsman
  • 57,083
  • 27
  • 185
  • 256
talktopk
  • 1
  • 1
    Time to reinstall Windows? :-3 – deceze Jan 07 '12 at 23:54
  • hey don't joke please:), first time i saw this type of issue – talktopk Jan 07 '12 at 23:56
  • You have a virus. – SLaks Jan 07 '12 at 23:58
  • I am using windows xp. – talktopk Jan 07 '12 at 23:58
  • 1
    they might be tracking you via IP adress... try changing that – Jon Valentine Jan 07 '12 at 23:58
  • Highly recommend to install [Ad-block plus](https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/). Keeps the browsing experience uncluttered. –  Jan 07 '12 at 23:59
  • i connected to VPN, that changes my IP, but same problem, – talktopk Jan 07 '12 at 23:59
  • @hesse, just now i installed Ad-block plus, but i guess it's too late. Forefox still have issues. – talktopk Jan 08 '12 at 00:04
  • Open run in start menu and type `cmd` there. Note the path on the left. Go to that directory using windows explorer. After that type `tracert www.microsoft.com > tracert.txt` in cmd (feel free to replace microsoft with some other website that's not working) and wait for a while until you get the prompt back (if nothing happens for say 5 minutes, press enter in CMD). A file called tracert.txt will appear in the directory you're in in Windows Explorer. Post the contents here. We'll be able to see if the problem is in browser or if the virus is hijacking DNS. – AndrejaKo Jan 08 '12 at 02:20
  • *"You have a virus. – SLaks", "I am using windows xp. – talktopk"* Sorry, somehow that's the funniest thing I've read in a while, it's so redundant. ;-D – deceze Jan 08 '12 at 03:08
  • [Computer is infected by a virus or a malware, what do I do now?](http://superuser.com/q/100360) – Sathyajith Bhat Jan 08 '12 at 09:12

3 Answers3

3

This seems to me like a virus. What anti-virus do you use and is it up to date and used?

soandos
  • 24,206
  • 28
  • 102
  • 134
Xavierjazz
  • 8,160
  • 13
  • 68
  • 96
1

I can think of at least nine ways to achieve this effect, off the top of my head:

  1. A malicious plug-in.
  2. A malicious proxy auto-configuration script.
  3. A change to the proxy settings that directs all requests to a proxy HTTP server that is under the control of the advertiser.
  4. A whole list of new entries in your hosts file pointing to a content HTTP server that is under the control of the advertiser.
  5. An ISP that requires authentication before letting IP traffic go anywhere other than a network controlled by the ISP.
  6. A change to the DNS client library settings that directs all requests to a proxy DNS server that is under the control of the advertiser.
  7. A problem on some other machine that your machine relies upon for proxy DNS service, proxy HTTP service, or IP connectivity.
  8. A malicious DHCP server on your LAN handing out leases that have bogus DNS proxy or HTTP proxy settings.
  9. A malicious host on your LAN that has been registered as wpad, and that is handing out bogus PAC scripts.

There's not enough information in your question to eliminate any of these. I'm discounting the possibility that you're living in a country whose government decides what companies on Internet its citizens can talk to, on the grounds that you wouldn't need to ask about that. Malice for profit is more likely than malice for ideology, in this case.

First, remove the malware/machine that did this. SuperUser has a general question on this subject, which I'm not going to repeat here. Then clean up the problems that it left behind. You'll have to go through all of the configuration settings for plug-ins, PAC scripts, HTTP proxies, and DNS proxies and check that they are appropriately set. See this question for cleaning up DNS hijacking.

Community
  • 1
JdeBP
  • 26,613
  • 1
  • 72
  • 103
0

From my experience, it's likely spyware/malware/adware. I would suggest trying the following.

Use Malewarebytes, Spybot and Ad-Aware to scan for malware, spyware and adware. Use all three because some get things the other doesn't.

To be double sure it's not a virus, make sure you have the latest updates for your McAfee and also do an online scan at ESET.

CharlieRB
  • 22,566
  • 5
  • 56
  • 105