Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




455 posts

Ultimate Geek
+1 received by user: 69


# 175877 14-Jul-2015 18:07
Send private message

Sso I'm not gonna URL link this because it is pretty much malicious but I'm getting random URL hijacks in my browser, I've only so far seen this in my machine I haven't had anyone else complain in my household.

I've gone through my programs list, process list and addons for both Firefox and Chrome and I've already done my scans except for MBAM which I will be doing now.

Normally I'm good at fixing my issues(ha I'm qualified I should know :P) but I'm actually quite stumped.

Basically randomly every few days I get this(2nd time) and this has ONLY started when I switched to Spark(coincidence I hope and I hope that this isn't Spark). Hitting back and re-loading the URL I was trying to access works fine after and it's all happy days.

And it looks like this.

Screenshot I can't constrain proportions again.

Anyone else had this issue?





You can also follow me on twitter here @kiwifortw I do twitch streams every now and then at twitch.tv/kiwiforthewin :)

HTTP 404 Sarcasm not found.

Create new topic
22188 posts

Uber Geek
+1 received by user: 4756

Trusted
Subscriber

  # 1343271 14-Jul-2015 19:43
Send private message

Thats just a normal intrusive scam ad.

Happens all the time on the pirate bay if I have no adblocker running, and some other websites that will take ad's from anybody.




Richard rich.ms



455 posts

Ultimate Geek
+1 received by user: 69


  # 1343273 14-Jul-2015 19:44
Send private message

richms: Thats just a normal intrusive scam ad.

Happens all the time on the pirate bay if I have no adblocker running, and some other websites that will take ad's from anybody.


This has happened here on Geekzone, Tomshardware and normal websites every day people would browse. And I am running adblocker.





You can also follow me on twitter here @kiwifortw I do twitch streams every now and then at twitch.tv/kiwiforthewin :)

HTTP 404 Sarcasm not found.

 
 
 
 


22188 posts

Uber Geek
+1 received by user: 4756

Trusted
Subscriber

  # 1343279 14-Jul-2015 19:52
Send private message

Ok well then your PC or router has been compromised.

Many routers have had cross site scripting problems in the past that have allowed a simple bit of html on a page to hit them with new DNS settings, which then get ads displayed if you are logged into the web interface from the same browser, so that would be first place to check, that the router is correclty getting dns from the ISP or is specified to what you want it to be, and then log out of the router. Check you dont have default passwords on it etc.




Richard rich.ms



455 posts

Ultimate Geek
+1 received by user: 69


  # 1343281 14-Jul-2015 19:57
Send private message

richms: Ok well then your PC or router has been compromised.

Many routers have had cross site scripting problems in the past that have allowed a simple bit of html on a page to hit them with new DNS settings, which then get ads displayed if you are logged into the web interface from the same browser, so that would be first place to check, that the router is correclty getting dns from the ISP or is specified to what you want it to be, and then log out of the router. Check you dont have default passwords on it etc.


Yeah router(HG659B) is getting Spark's DNS servers. I also did change that default password the day that I got it(this was before my Spark connection went live which is why I'm still fishy it's something to do with Spark because as soon as the switch over happened from Orcon this happened)

Also I have done a ipconfig /flushdns when I got it the first time hoping it was just some old dns cache record that was still being stored, so that hasn't helped.

Malware scan came back clean. Same with Avast. Should also point out this happens as well on my Debian install and my Windows 10 Insider install.





You can also follow me on twitter here @kiwifortw I do twitch streams every now and then at twitch.tv/kiwiforthewin :)

HTTP 404 Sarcasm not found.

BDFL - Memuneh
63651 posts

Uber Geek
+1 received by user: 14109

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1343411 14-Jul-2015 22:59
One person supports this post
Send private message


455 posts

Ultimate Geek
+1 received by user: 69


  # 1343412 14-Jul-2015 23:00
Send private message

freitasm: It has to be your router or network adapter. Since it happens on Linux as well I'd say router.


Hmm factory resetting the HG659B will be a pain but I guess I can live and spend 30 minutes securing it with a better password and re-port forward the ports I need. It's a task but I can deal with it.

Will report back when I've done it.





You can also follow me on twitter here @kiwifortw I do twitch streams every now and then at twitch.tv/kiwiforthewin :)

HTTP 404 Sarcasm not found.



455 posts

Ultimate Geek
+1 received by user: 69


  # 1348024 20-Jul-2015 20:38
Send private message

Hi there sorry for the long-ish wait.

I ended up just nuking every install and factory resetting the router.

Haven't seen it since.





You can also follow me on twitter here @kiwifortw I do twitch streams every now and then at twitch.tv/kiwiforthewin :)

HTTP 404 Sarcasm not found.

 
 
 
 


1889 posts

Uber Geek
+1 received by user: 317


  # 1348106 21-Jul-2015 01:49
Send private message

I've recently started getting this on my Galaxy S4!

I use my phone mainly for mind numbing entertainment and email for when I'm waiting for something.  I typically break my personal "click-bait" rules for something to read.  I initially put it down to these websites being slightly less than legitimate and redirecting me.

All of a sudden I open Google, I'm typing away and I get immediately re-directed to a random over-seas page, advertising company website, or websites far less safe for work!  Quite embarrassing when you're trying to show someone something.

I've looked all over the internet and it looks as if the only solution is a factory reset. :|

Now that you mention it being the router, it does seem to only ever happen at work, never really at home.  I'll have to investigate further!





Sometimes what you don't get is a blessing in disguise!



455 posts

Ultimate Geek
+1 received by user: 69


  # 1348107 21-Jul-2015 01:50
Send private message

DravidDavid: I've recently started getting this on my Galaxy S4!

I use my phone mainly for mind numbing entertainment and email for when I'm waiting for something.  I typically break my personal "click-bait" rules for something to read.  I initially put it down to these websites being slightly less than legitimate and redirecting me.

All of a sudden I open Google, I'm typing away and I get immediately re-directed to a random over-seas page, advertising company website, or websites far less safe for work!  Quite embarrassing when you're trying to show someone something.

I've looked all over the internet and it looks as if the only solution is a factory reset. :|

Now that you mention it being the router, it does seem to only ever happen at work, never really at home.  I'll have to investigate further!


Are you also on Spark? Do you also happened to be hooked up to a HG659B?
edit Removing the Answer because this hasn't been closed yet I'd like to see this issue resolved fully





You can also follow me on twitter here @kiwifortw I do twitch streams every now and then at twitch.tv/kiwiforthewin :)

HTTP 404 Sarcasm not found.

1889 posts

Uber Geek
+1 received by user: 317


  # 1348109 21-Jul-2015 01:56
Send private message

kiwikiwi:
DravidDavid: I've recently started getting this on my Galaxy S4!

I use my phone mainly for mind numbing entertainment and email for when I'm waiting for something.  I typically break my personal "click-bait" rules for something to read.  I initially put it down to these websites being slightly less than legitimate and redirecting me.

All of a sudden I open Google, I'm typing away and I get immediately re-directed to a random over-seas page, advertising company website, or websites far less safe for work!  Quite embarrassing when you're trying to show someone something.

I've looked all over the internet and it looks as if the only solution is a factory reset. :|

Now that you mention it being the router, it does seem to only ever happen at work, never really at home.  I'll have to investigate further!


Are you also on Spark? Do you also happened to be hooked up to a HG659B?
edit Removing the Answer because this hasn't been closed yet I'd like to see this issue resolved fully


Slingshot at home on a Netgear DG834G V3 at home.  100/50 Fibre at work (not Spark) on a Draytek router.  Just did some surfing on the phone now, not a single re-direct.  But it's usually the first thing I have to stop when I hook up to the WiFi at work when trying to use my standard browser.  Everyone else but me is an Apple user, so I'll ask around.

I wonder how many of these virus/adware applications can cross platforms?  Surely if someone else is experiencing a problem on an Apple device, it would be network based.  I have no experience with these things though.  It's actually the only IT related issue I haven't been able to solve in years and I'm feeling totally defeated!





Sometimes what you don't get is a blessing in disguise!

BDFL - Memuneh
63651 posts

Uber Geek
+1 received by user: 14109

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1348120 21-Jul-2015 04:01
Send private message

Your case is different. One thing is a URL go to wrong address due to DNS hijacking, another thing is the phone showing signs of a malware running. Reset your phone, buy an antivirus and don't open crap. Same rules for PCs apply to smartphones now. Don't open unknown files, don't click links you don't know about.




Mr Snotty
8692 posts

Uber Geek
+1 received by user: 4573

Moderator
Trusted
Lifetime subscriber

  # 1348163 21-Jul-2015 08:31
Send private message

If it wasn't DNS changed on the router I wonder what was changed and what was used to exploit it?




1889 posts

Uber Geek
+1 received by user: 317


  # 1373655 25-Aug-2015 11:00
Send private message

Just an update on my case specifically.

My S4 recently went in for warranty repair and I have a loan phone for the time being.  Before sending it, I factory reset the phone and was STILL redirected.  I removed a file from the android folder that somehow survived the reset (or perhaps installed shortly after) and it went away.

Anti-virus/anti-malware was doing absolutely nothing apart from badly draining my battery life.

Now this loan phone I have is experiencing exactly the same issue, so my guess is it's the router.  As much as I'd like to believe that, it happens when using mobile data too!  Perhaps my router(s) are compromised and once the file (or whatever it's putting on my phone) continues the problem regardless of what network I use it on.

I have a fibre connection at work.  I don't know much about ONT systems.  Is it possible that it could be compromised as well as the router attached to it?
I have changed the password on the router (which I've read will stop the issue) but not sure how to proceed next.

Talk about annoying!





Sometimes what you don't get is a blessing in disguise!

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01


Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24


Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24


Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10


Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.