Jump to content
Sign in to follow this  
markcynt

Page Redirect

Recommended Posts

I think that's what it's called. Twice now in the last two weeks I've done a search and while browsing through the results I opened a link only to find out that the original web page the link was intended for had the AntivirusXP 2009 two weeks ago and AntivirusXP 2008 today. Is there any way to stop my browser from opening these pages? I use Firefox mainly, but I'll even switch browsers if that's what it takes.

 

Thanks

 

Mark

Share this post


Link to post
Share on other sites

Run SUPERAntispyware & a-squared in SM. Malwarebytes is often recommended as a removal tool. Try online scanner Housecall, but it sounds like you may need a HJT advisers help.

Edited by law9933

Share this post


Link to post
Share on other sites

As far as blocking "bad websites" you need to get a good host file program, as here> http://www.mvps.org/winhelp2002/hosts.htm most questions answered> http://www.mvps.org/winhelp2002/hostsfaq.htm

 

Use this with your host file> http://www.funkytoad.com/content/view/13/31/ Both are 100% free, and will block over 20,000+ bad sites. This is great for the goggle page misdirects issue. This also does not use much resources, if any. This will allow most web pages to load much faster as it blocks the advertising embedded within the web pages.

 

I would suggest you to get this free program as well to go along with your host file> http://www.javacoolsoftware.com/spywareblaster.html this will block over 12,,000 more bad websites.

 

Now to remove the antivirus 2008/2009, use this manual fix> http://www.bleepingcomputer.com/malware-re.../antivirus-2008

 

What is is> Antivirus 2008 is a rogue( meaning fake ) anti-malware program that displays false results and requires you to first purchase the software before you can remove anything. When installed, Antivirus 2008 will scan your computer and list a variety of infections found on your computer. When most anti-malware programs, and even rogue ones, scan your computer they will list the infections as specific registry keys or files. Antivirus 2008 moves away from this tradition and instead is very general about what is infected.

 

If you still have issues you will then need HJT. But try the manual fix first, as the HJT forum is very busy an could take days before someone can help you.

 

I also highly recommend to get the host file an the programs above to help protect your pc further than antivirus software can. :)

 

Wademan

Share this post


Link to post
Share on other sites

Keep in mind I was talking about two totally separate instances ( different searches and links). Both times I used Task Manager to close the offending windows.

 

I updated my hosts file and have been downloaded the HostsXpert. I already use Spyware Blaster + Spyware Guard and Spybot. I also use WinPatrol and Avira.

 

I do not believe I've been infected. My computer shows no symptoms and all scans come up clean (Avira, Spyware Terminator, Malware Bytes, Super Antispyware, Spybot, and A-Squared), all run in Safe Mode.

 

I used to use the hosts file with IE but it made the IE back button act up and none of the solutions on the MVPS site worked. Now I use Firefox. The hosts file works with FF?

 

Thanks Wademan, you too law

 

Mark

Edited by markcynt

Share this post


Link to post
Share on other sites

Hi Mark,

Well having a host file even tho you use Firefox ( I do too unless a site I need has to use IE ) is useful in the fact, once malware is on your PC it will use IE to access its "home/base" even many times ,without your knowledge. If you have the host file it will bounce back to your pc an will show 'not found",as if your pc doesn't even exist.

 

Read this great post by Morbius> http://help.lockergnome.com/general/Mvps-H...opict42324.html scroll down to post #5 a very good post regarding your question about Firefox an why its important to use a host file even if you use only Firefox.

 

You have lots of pc protection Mark, and it would be somewhat hard for malware to get on your pc, however sometimes all it takes is a re-direct from a bogus goggle link, and if your av software isn't updated many times per day you can get infected.

 

I use Kaspersky Suite, version 2009. It ranks the highest for top pc security suites most of the time in rigid testing.. The nice thing is, it updates many times every day, vs say 2-3 times a week as most other av programs do. Plus it even monitors for changes in every single program on your pc, and blocks any changes unless the user allows it. Even Kaspersky though cant protect against every single type of malware, as no av software can. A very good reason to use several types of protection, as you already do Mark.

 

It is another reason a host file could help anyone, no matter how much protection they have, is the fact their protection isn't updated enough. Not even Kaspersky can protect against every single type of malware, as new types of malware comes out dozens of times a day if not more often that that.

 

I remember your issue with the back button using a host file. Others had the same odd problem, I researched it and could not find a fix for it yet, Ill keep looking later today for one.I will let you know if I find the fix for it, I know there is one, just haven't found it yet.

 

I am still concerned that you might be infected, but its your call as to whether or not you choose to use HJT or not. You did say you used Malwarebytes, did it come up 100% clean?

 

You said

I updated my hosts file and have been downloaded the HostsXpert

and then later you said

I used to use the hosts file with IE but it made the IE back button act up and none of the solutions on the MVPS site worked.

so do you use the MVPS host file or not?

 

Is your spyware blaster updated now? Read this and see if yours also has Antivirus 2008 unchecked> http://www.wilderssecurity.com/showthread.php?t=215516 That user uninstalled spyware blaster all because he "was tired of it showing unprotected items" what a terrible idea. This could also help to see if your infected, if you have same issue he did, then you are most likely infected.

 

I hope this helps you some Mark, just trying to help make sure you don't have that crazy antivirus 2008 mess.

 

And Faith thanks for posting those two links, very good information. :tup:

 

Wademan

Edited by Wademan

Share this post


Link to post
Share on other sites

Faith - Thanks for the links they provided for some very interesting reading and confirmed a lot of what I suspected was true.

 

Wademan- Thanks for the link. That helps, and yes I did download and install the MVPS hosts file. I ran all of the scans I mentioned and they all came up 100% clean, not even a tracking cookie.

 

I'm 99% positive that I'm not infected and I'm always looking for signs of infection and I just don't see any. I checked my processes, my startup entries, my services, my ActiveX, and my installed BHO's and toolbars and can find nothing suspicious. Both IE and FF are working fine and my computer is not sluggish.

 

I check for updates every day for all of my security programs at least daily, and if I'm feeling paranoid, more than that. I have not noticed any problems with Spyware Blaster. I would have noticed the problem about unprotected items because I read about it in another security forum.

 

Like you said earlier, the HJT forum is very busy so I don't want to bother them with this. They have their hands full with some real bad stuff.

 

Mark

Share this post


Link to post
Share on other sites

Well, one full day of using the hosts file and I'm already irritated. Pc Pitstop's main page and all of the pages linked to it cause both IE7 and FF to crash every 2 or 3 minutes.

 

I deleted all of the blocking lines in the hosts file and both browsers had no problems whatsoever. I restored all of the blocking lines and presto, the problem returned.

 

With IE a box would pop up saying that Flash was the reason for the crash. As for FF, it would just freeze and I assume it's the same thing.

 

This hasn't happened with any other websites so I'll give it a few more days and see what happens.

 

Mark

Share this post


Link to post
Share on other sites

Hi Mark,

Wow I am sorry you are having problems with the host file. Only does it at PcPitStop ? That sure is very strange. I am thinking somehow PcPitStop got put in the host file by mistake, However I have tried and can not see any problems with this site in IE or Firefox.

 

I know the log is huge but maybe scroll through it and see if PcPitStop is somehow in the host file. If so, you can remove it an add to the trusted sites. It is odd Firefox also does this.

 

You can remove it an simply do without a host file, that is your call. You will see Tom ( TeMerc ) here updates the MVPS host file regularly here, why? ( http://forums.pcpitstop.com/index.php?showtopic=98961 ) Because he knows the huge importance of having one and how much it helps block malware. He even has his own website, dedicated to fighting malware. So, many in the pc security field recommend a host file.

 

I said all that to point out that I am not one of a few that recommend it, I would say 90%+ pc security experts recommend a host file. The only ones who don't are usually the same ones who say you need no AV, no windows updates, no firewall. And there are those who really say that.

 

You can read through here for a possible answer> http://www.mvps.org/winhelp2002/hostsfaq.htm#Verifying You will see there that fox news got added to the host file, why? Because fox news decided to add commercials in their videos, and many of which, can redirect a user to a malware infected site. I wonder if PcPitStop some how got on the list, since it has added more an more adds to the site.

 

I do know, sometimes there have been files added to the host file by mistake, it is very rare though, what is the latest version you have? If it is and older version than the August 2008 update, then updating could fix it.

 

You said IE noted that the crash of IE was due to Flash. Did it give any more information? Is your flash player updated?> http://www.adobe.com/support/flashplayer/downloads.html On the right you will see "get the latest version , click on it, then update. I would de-select the goggle toolbar if I was you. If your Flash player is very old it could cause IE to crash, it also opens up a hole for malware to enter, so its very wise to get the latest version in the link above.

 

 

Ill do some more researching for this, since I am up and cant sleep anyways :rolleyes:

 

It sure is odd you are having this problem. :cr@sh:

 

Wademan

Share this post


Link to post
Share on other sites

This one is coming from the CNN spam. The name of the file after the download is "get_flash_update.exe" and is delivered by javascript.

 

URL: http://virscan.org/report/570934f2da62f609...dc60d4e7f7.html

 

More information. URL: http://isc.sans.org/diary.html?storyid=4828

URL: http://garwarner.blogspot.com/2008/08/cnn-...-news-spam.html

Share this post


Link to post
Share on other sites

Hi Faith,

Wow :blink: These stupid malware writers are getting more an more tricky :angry::boxing: And Mark, just so you don't get confused, the flash update site I gave you in the link above is the real/legitimate flash update site.

 

This is even more of a reason to update your flash player ASAP in the link I gave you. Older versions can allow malware to slip through, unto your pc ( http://www.adobe.com/support/flashplayer/downloads.html ) update is upper right side.

 

I would also make sure your Java is up to date, here is latest version> http://java.sun.com/javase/downloads/?intcmp=1281 scroll down to Java Runtime Environment (JRE) 6 Update 7

The Java SE Runtime Environment (JRE) allows end-users to run Java applications. Use the windows offline installation on the page after you select the platform and the agreement.

 

Download the offline installation to your desktop, close all browser windows, you can then uninstall older versions through your control panel, then select Add/remove programs, then remove all older versions of Java., then reboot your PC.

 

Next, install the new version of Java from your desktop, then you can delete the "installer' of Java from your desktop.

 

 

 

Thanks a lot Faith for pointing this out! The stupid spam with that looks like a real CNN site. :angry: I bet many will get infected with that, :(

 

Wademan

Edited by Wademan

Share this post


Link to post
Share on other sites

I have the latest Flash and Java. I always go directly to Sun and Adobe to get the updates. And like I said, get rid of the blocking lines and no problems whatsoever.

 

It's not actually the main page that's giving me problems it's the newsletter page and all the pages linked to that. I spent an hour trying to read what should have taken me ten minutes.

 

Luckily, spam is not something I really need to deal with and I never click on links in emails unless I have to, like the ones in a confirmation email.

 

Thanks

 

Mark

Share this post


Link to post
Share on other sites

Hi Mark,

I see you in anonymous mode here now ( waves ) :shifty: Are you able to run the new PcPitStop test? Or does that also have problems. This is sure is odd, I spent last hour or so looking for a solid answer for you. I also know you are very good about updating and keeping your pc malware free, I was just double checking and found some who had crashes with IE that was linked to old version of flash.

 

Wademan

Edited by Wademan

Share this post


Link to post
Share on other sites

I see you in anonymous mode here now

Shhh, I'm anonymous. B)

 

No problem. I'm giving the hosts file a while longer to see how much they interfere with my web browsing. If it's really really sporadic, then I'll keep the hosts file. It only takes about 5 seconds to delete the blocking lines and to restore them. As long as I don't have to do that more than once a day I can deal with it.

 

I'll try the pit test and see what happens.

 

Thanks Wademan

 

Mark

Share this post


Link to post
Share on other sites

Turns out putting Sproutbuilder in my Adblock plus list solved the problem with FF.

There must be a similar solution for IE7.

 

http://forums.pcpitstop.com/index.php?show...p;#entry1519770

 

Mark

 

That was an interesting read , glad you making some progress on this unusual issue. I also see the OverDrive test works, good. :tup: The IE 7 must have a fix, just a matter of finding it. Boy, I am tired, been awake 22 hours..so bedtime soon, lol

 

Wademan

Share this post


Link to post
Share on other sites

I installed IE7Pro and added *sproutbuilder* to the ad blocking component of IE7Pro and that worked for IE7. Hopefully there aren't a lot of websites that use Sproutbuilder.

 

Thanks for the time and effort Faith and Wademan. :tup:

 

Mark

Share this post


Link to post
Share on other sites

I installed IE7Pro and added *sproutbuilder* to the ad blocking component of IE7Pro and that worked for IE7. Hopefully there aren't a lot of websites that use Sproutbuilder.

 

Thanks for the time and effort Faith and Wademan. :tup:

 

Mark

 

You welcome, and wow great news! Everything ok now? BTW, I forgot all about ie7 pro, I will get that for myself, thanks for finding it for you and me, lol I don't use ie7 that much, but that will be a big improvement. :)

 

Wademan

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...