Why are the links I click hijacked? Resolution!!!

D

Duncan.F

Messages
1,452
Name
Duncan
Edit My Images
Yes
Hi All,
This only started a few days ago.... I google something like 'laser levels' and up comes the list. I click on what is clearly a company website name like 'Uk levels co.uk' but instead of the website i get another mini search engine with their suggested websites! This is happening repeatedly even with well known sites I use, dor example HMRC! Any ideas what/why this is?
 
Last edited:
sounds like your infected, hard to know what with or to what extent, I always re-format in these situations just to be safe as it only takes about an hour and a half to get everything re-installed, sorting viruses and the like out always takes much much longer.
 
Yep definitely sounds like an infection. Try spybot - my weapon of choice for dealing with spyware and adware.

Run it, and it will then ask to run before windows starts proper. It will find a hell of a lot, click 'fix selected problems' with all the issues it finds, and bobs your uncles mistress.

Good luck!

If you have issues with it not running once installed, boot in safe mode (press f8 when machine first switches on) and run it in there instead.

:D
 
Hi Guys,
Thanks for the info, tried to download Spybot but it won't download or I can't connect to the website!

Dunc
 
I had this the other week.. I just blasted my computer with AVG, MalwareBytes, Spybot Search & Destroy and Hitman Pro.

I think it was Hitman Pro that got it - and it got a lot of stuff that all the other programs missed.. highly recommend it!

James
 
Duncan.F said:
Hi Guys,
Thanks for the info, tried to download Spybot but it won't download or I can't connect to the website!

Dunc
Click to expand...

I think your best bet is to download it on another computer and copy it across on a memory stick. Install and run. Let's us know if you still have issues.
 
Hi,
Still trying, may have to try the the other computer idea. I can't connect to sites i click on yet any in my bookmarks like TP I can get in in!
Thanks! Will keep you posted.

Dunc
 
You could try using a different browser to connect to the download sites.
 
I once downloaded something dodgy which edited my Hosts file, preventing me from accessing many sites. Your problem might be a different one, but it's worth a look...

Check your Windows Hosts file, probably in C:\WINDOWS\system32\drivers\etc, to see if any of the sites to which you can't connect, have entries in there preceded by '127.0.0.1'. If so, edit the file in Notepad, delete all entries except '127.0.0.1 Localhost' and save.
 
Last edited:
What security software do you have already?

Try running all of them in safe mode.

If no joy then its is another PC and download stuff, eg SpyBot Search and Destroy, Asquared, Malwarebytes - all free.

Dave
 
I usually use Avast and MalwareBytes, and tried Avira + SuperAntiSpyware (both free versions). Avira discovered a trojan in a zip file that Avast had not picked up and SAS pickup up a bit of malware that MalwareBytes missed, it also removed loads of tracking cookies.
 
Well this is still going on! I have downloaded and run pretty much every anti program going. Each has found a little more/different than the previous but the problems still remain. However these problems are not consistent.

So for example I do a search for widgets on google and click on a particular website mostly it all works but some sites for no apparent reason redirect either to another search website or I get some random [?] website pop up. The second strange thing is that I click on one of my frequently used sites and intilally [ie for a couple of seconds] the site loads correctly but then the screen goes blank and in the botton left corner i see 'waiting google analylitics', the site never loads aftermthis point. Again its not consistent nd most of my bookmarks work ok. Bizarrely a game I play on facebook [pool!] also does this!

So after a very frustrating few days I gave it to a computer guy who was recommended. Came back allegedly fixed......not. £80 poorer so he suggested clearing everything off and starting again, not sure that I have the original discs....

Dunc
 
Assuming you are running a Windows OS then the PC should have a sticker with the key code on it.

If so, and you can borrow the same OS discs from a friend, then you can use them. The actual disc doesn't matter, its the code that is important.

Make sure you have saved all the important files.

Also take time in installing all the updates of the OS. This could take hours or longer as the updates you will need do not download altogether, but if you don't get the OS up to latest version with all the downloads there may be problems later when you try to download other stuff.

Dave
 
Hi Tringa,
Ta for that. Running windows vista, the problem seems to be in whatever worm is redirecting the link clicked. Any idea what the google analyitic thing is. Trying to search the google help forums.... guess what can't get on there!!

Dunc
 
interesting, you ran the scans in safe mode?

id also check out your hosts file (c:\windows\system32\drivers\etc), right click "hosts" and open with notepad.. do you have more than about 2-3 lines of numbers in there?

also, fire up msconfig and look at the startup tab. can you do us a screenshot of whats in there..
 
So you're still running a computer with a trojan after, what, three and a half weeks? I do hope you don't have any banking info or other sensitive financial information on your computer. And you don't use online banking, of course?

You need to disconnect from the net. Beg, borrow, steal or even buy :eek: a copy of your OS - and reinstall.

Or, you could take the view that any sensitive information on your machine is already compromised :shrug:
 
Couple of other things, Dunc.

When the various security apps have found nasties and you have got rid of them, did you turn off the system restore before rebooting?

There is, I read, a chance that the nasties may be backed up in the restore files, so they are then reintroduced to the machine when it is rebooted.

Usual procedure is scan, get rid of nasties, turn off sys restore, reboot and then turn the sys restore on again.

If you are still having trouble try HijackThis. It is free and when run produces a detailed log of your PC.

The log is a bit complicated to read but there are guides on the net.

Alternatively many IT forums will analyse it for you, but even just looking through a HijackThis log may be enough for you to spot something odd, which you can Google (probably best on another machine until you have sorted this problem).

Dave
 
Clutching at straws, but have you tried accessing the web using firefox instead of IE. Perhaps its IE that's causing the problem.
 
neil_g said:
interesting, you ran the scans in safe mode?

id also check out your hosts file (c:\windows\system32\drivers\etc), right click "hosts" and open with notepad.. do you have more than about 2-3 lines of numbers in there?

also, fire up msconfig and look at the startup tab. can you do us a screenshot of whats in there..
Click to expand...

+1 for this.

Malwarebytes full scan in safe mode and you can delete the hosts file safely - you don't need it and it saves explaining what should and shouldn't be in it ;)
 
Islander said:
you can delete the hosts file safely - you don't need it and it saves explaining what should and shouldn't be in it ;)
Click to expand...

Are you sure?
Spybot puts addresses here in the course of its protection.
 
Hi,
I have spent the afternoon in safe mode and have run all of the 'anti' progs again but with no luck. They found various trojans and 184 tracking cookies! But still the problem remains. Yes I do have internet banking!!

Will try the other ideas mentioned.

Dunx
 
Tried to find this 32/host file but all I can find when I open host is a 'sample file' so I am obviously am missing something. Any pointer please?

Dunc
 
Would a Systems Restore, say back a few weeks help do you think
or search for CCleaner which is very good at cleaning up your pc
Dave
 
Last edited:
When I go thro the levels this is what I end up with! The 'host' folder is just 1kb and only has a sample file in it. What do the host file names end with?


.....etc\

hosts
imhosts
networks
protocol
services

Ta,

Dunc
 
Click START on computer
Type in Search Box Notepad
Right click the Notepad icon at top
Click run as Administrator
Click Continue or Yes if prompted
Click FILE>OPEN
Browse to WINDOWS>SYSTEM32>DRIVERS>ETC
Type HOSTS in the File Name box then click OPEN
This will then open the Hosts Folder
 
Last edited:
nikonuser said:
Click START on computer
Type in Search Box Notepad
Right click the Notepad icon at top
Click run as Administrator
Click Continue or Yes if prompted
Click FILE>OPEN
Browse to WINDOWS>SYSTEM32>DRIVERS>ETC
Type HOSTS in the File Name box then click OPEN
This will then open the Hosts Folder
Click to expand...


Get to the hosts bit and then this all thats there!

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost
 
Looks the same as in my Hosts folder - so that isn't your problem.....but I'm no expert!!
Dave
 
gramps said:
Are you sure?
Spybot puts addresses here in the course of its protection.
Click to expand...

Yes, Spybot should rebuild it if necessary. It performs no other function and to be honest should have been removed years ago when DNS took over name resolution.
 
That's a standard hosts file. It's entries like

127.0.0.1 malwarebytes.org

You need to worry about.
 
as above your hosts looks fine..

id be looking more towards registry entries forcing your default search etc.. but you dont want to go fiddling in there if you dont know what youre doing.
 
Islander said:
That's a standard hosts file. It's entries like

127.0.0.1 malwarebytes.org

You need to worry about.
Click to expand...


Yes, thanks for all your help and advice but I have reached the end of my abilities. I think the only realistic way is to find someone who really knows what they are doing!

Cheers,

Dunc

PS My other computer has also started doing the same thing! :(
 
Looks like click-jacking? If you're using IE, it's not great news. Firefox has a plug in called NoScript, which circumvents click-jacking.
 
Duncan.F said:
Yes, thanks for all your help and advice but I have reached the end of my abilities. I think the only realistic way is to find someone who really knows what they are doing!

Cheers,

Dunc

PS My other computer has also started doing the same thing! :(
Click to expand...

Before you pay someone to look at it (and probably reinstall everything :puke:) download and run HiJackThis, and post the logfile results here.

http://free.antivirus.com/hijackthis/

Once we remove the various bits and pieces of crap from that, we can then run the appropriate tool to finish the job.
 
You must log in or register to reply here.
Back
Top