Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




455 posts

Ultimate Geek


# 175877 14-Jul-2015 18:07
Send private message

Sso I'm not gonna URL link this because it is pretty much malicious but I'm getting random URL hijacks in my browser, I've only so far seen this in my machine I haven't had anyone else complain in my household.

I've gone through my programs list, process list and addons for both Firefox and Chrome and I've already done my scans except for MBAM which I will be doing now.

Normally I'm good at fixing my issues(ha I'm qualified I should know :P) but I'm actually quite stumped.

Basically randomly every few days I get this(2nd time) and this has ONLY started when I switched to Spark(coincidence I hope and I hope that this isn't Spark). Hitting back and re-loading the URL I was trying to access works fine after and it's all happy days.

And it looks like this.

Screenshot I can't constrain proportions again.

Anyone else had this issue?





You can also follow me on twitter here @kiwifortw I do twitch streams every now and then at twitch.tv/kiwiforthewin :)

HTTP 404 Sarcasm not found.

Create new topic
22602 posts

Uber Geek

Trusted
Subscriber

  # 1343271 14-Jul-2015 19:43
Send private message

Thats just a normal intrusive scam ad.

Happens all the time on the pirate bay if I have no adblocker running, and some other websites that will take ad's from anybody.




Richard rich.ms



455 posts

Ultimate Geek


  # 1343273 14-Jul-2015 19:44
Send private message

richms: Thats just a normal intrusive scam ad.

Happens all the time on the pirate bay if I have no adblocker running, and some other websites that will take ad's from anybody.


This has happened here on Geekzone, Tomshardware and normal websites every day people would browse. And I am running adblocker.





You can also follow me on twitter here @kiwifortw I do twitch streams every now and then at twitch.tv/kiwiforthewin :)

HTTP 404 Sarcasm not found.

 
 
 
 


22602 posts

Uber Geek

Trusted
Subscriber

  # 1343279 14-Jul-2015 19:52
Send private message

Ok well then your PC or router has been compromised.

Many routers have had cross site scripting problems in the past that have allowed a simple bit of html on a page to hit them with new DNS settings, which then get ads displayed if you are logged into the web interface from the same browser, so that would be first place to check, that the router is correclty getting dns from the ISP or is specified to what you want it to be, and then log out of the router. Check you dont have default passwords on it etc.




Richard rich.ms



455 posts

Ultimate Geek


  # 1343281 14-Jul-2015 19:57
Send private message

richms: Ok well then your PC or router has been compromised.

Many routers have had cross site scripting problems in the past that have allowed a simple bit of html on a page to hit them with new DNS settings, which then get ads displayed if you are logged into the web interface from the same browser, so that would be first place to check, that the router is correclty getting dns from the ISP or is specified to what you want it to be, and then log out of the router. Check you dont have default passwords on it etc.


Yeah router(HG659B) is getting Spark's DNS servers. I also did change that default password the day that I got it(this was before my Spark connection went live which is why I'm still fishy it's something to do with Spark because as soon as the switch over happened from Orcon this happened)

Also I have done a ipconfig /flushdns when I got it the first time hoping it was just some old dns cache record that was still being stored, so that hasn't helped.

Malware scan came back clean. Same with Avast. Should also point out this happens as well on my Debian install and my Windows 10 Insider install.





You can also follow me on twitter here @kiwifortw I do twitch streams every now and then at twitch.tv/kiwiforthewin :)

HTTP 404 Sarcasm not found.

BDFL - Memuneh
64780 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber



455 posts

Ultimate Geek


  # 1343412 14-Jul-2015 23:00
Send private message

freitasm: It has to be your router or network adapter. Since it happens on Linux as well I'd say router.


Hmm factory resetting the HG659B will be a pain but I guess I can live and spend 30 minutes securing it with a better password and re-port forward the ports I need. It's a task but I can deal with it.

Will report back when I've done it.





You can also follow me on twitter here @kiwifortw I do twitch streams every now and then at twitch.tv/kiwiforthewin :)

HTTP 404 Sarcasm not found.



455 posts

Ultimate Geek


  # 1348024 20-Jul-2015 20:38
Send private message

Hi there sorry for the long-ish wait.

I ended up just nuking every install and factory resetting the router.

Haven't seen it since.





You can also follow me on twitter here @kiwifortw I do twitch streams every now and then at twitch.tv/kiwiforthewin :)

HTTP 404 Sarcasm not found.

 
 
 
 


1892 posts

Uber Geek


  # 1348106 21-Jul-2015 01:49
Send private message

I've recently started getting this on my Galaxy S4!

I use my phone mainly for mind numbing entertainment and email for when I'm waiting for something.  I typically break my personal "click-bait" rules for something to read.  I initially put it down to these websites being slightly less than legitimate and redirecting me.

All of a sudden I open Google, I'm typing away and I get immediately re-directed to a random over-seas page, advertising company website, or websites far less safe for work!  Quite embarrassing when you're trying to show someone something.

I've looked all over the internet and it looks as if the only solution is a factory reset. :|

Now that you mention it being the router, it does seem to only ever happen at work, never really at home.  I'll have to investigate further!





Sometimes what you don't get is a blessing in disguise!



455 posts

Ultimate Geek


  # 1348107 21-Jul-2015 01:50
Send private message

DravidDavid: I've recently started getting this on my Galaxy S4!

I use my phone mainly for mind numbing entertainment and email for when I'm waiting for something.  I typically break my personal "click-bait" rules for something to read.  I initially put it down to these websites being slightly less than legitimate and redirecting me.

All of a sudden I open Google, I'm typing away and I get immediately re-directed to a random over-seas page, advertising company website, or websites far less safe for work!  Quite embarrassing when you're trying to show someone something.

I've looked all over the internet and it looks as if the only solution is a factory reset. :|

Now that you mention it being the router, it does seem to only ever happen at work, never really at home.  I'll have to investigate further!


Are you also on Spark? Do you also happened to be hooked up to a HG659B?
edit Removing the Answer because this hasn't been closed yet I'd like to see this issue resolved fully





You can also follow me on twitter here @kiwifortw I do twitch streams every now and then at twitch.tv/kiwiforthewin :)

HTTP 404 Sarcasm not found.

1892 posts

Uber Geek


  # 1348109 21-Jul-2015 01:56
Send private message

kiwikiwi:
DravidDavid: I've recently started getting this on my Galaxy S4!

I use my phone mainly for mind numbing entertainment and email for when I'm waiting for something.  I typically break my personal "click-bait" rules for something to read.  I initially put it down to these websites being slightly less than legitimate and redirecting me.

All of a sudden I open Google, I'm typing away and I get immediately re-directed to a random over-seas page, advertising company website, or websites far less safe for work!  Quite embarrassing when you're trying to show someone something.

I've looked all over the internet and it looks as if the only solution is a factory reset. :|

Now that you mention it being the router, it does seem to only ever happen at work, never really at home.  I'll have to investigate further!


Are you also on Spark? Do you also happened to be hooked up to a HG659B?
edit Removing the Answer because this hasn't been closed yet I'd like to see this issue resolved fully


Slingshot at home on a Netgear DG834G V3 at home.  100/50 Fibre at work (not Spark) on a Draytek router.  Just did some surfing on the phone now, not a single re-direct.  But it's usually the first thing I have to stop when I hook up to the WiFi at work when trying to use my standard browser.  Everyone else but me is an Apple user, so I'll ask around.

I wonder how many of these virus/adware applications can cross platforms?  Surely if someone else is experiencing a problem on an Apple device, it would be network based.  I have no experience with these things though.  It's actually the only IT related issue I haven't been able to solve in years and I'm feeling totally defeated!





Sometimes what you don't get is a blessing in disguise!

BDFL - Memuneh
64780 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1348120 21-Jul-2015 04:01
Send private message

Your case is different. One thing is a URL go to wrong address due to DNS hijacking, another thing is the phone showing signs of a malware running. Reset your phone, buy an antivirus and don't open crap. Same rules for PCs apply to smartphones now. Don't open unknown files, don't click links you don't know about.




Mr Snotty
8906 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 1348163 21-Jul-2015 08:31
Send private message

If it wasn't DNS changed on the router I wonder what was changed and what was used to exploit it?




1892 posts

Uber Geek


  # 1373655 25-Aug-2015 11:00
Send private message

Just an update on my case specifically.

My S4 recently went in for warranty repair and I have a loan phone for the time being.  Before sending it, I factory reset the phone and was STILL redirected.  I removed a file from the android folder that somehow survived the reset (or perhaps installed shortly after) and it went away.

Anti-virus/anti-malware was doing absolutely nothing apart from badly draining my battery life.

Now this loan phone I have is experiencing exactly the same issue, so my guess is it's the router.  As much as I'd like to believe that, it happens when using mobile data too!  Perhaps my router(s) are compromised and once the file (or whatever it's putting on my phone) continues the problem regardless of what network I use it on.

I have a fibre connection at work.  I don't know much about ONT systems.  Is it possible that it could be compromised as well as the router attached to it?
I have changed the password on the router (which I've read will stop the issue) but not sure how to proceed next.

Talk about annoying!





Sometimes what you don't get is a blessing in disguise!

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41


Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30


BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14


Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24


2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35


New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13


OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32


Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27


D-Link launches Wave 2 Unified Access Points
Posted 24-Oct-2019 15:07


LG Electronics begins distributing the G8X THINQ
Posted 24-Oct-2019 10:58



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.