Random redirects to other sites

[Jimmy]

Occasionally, after a page on this forum is loaded, my browser (IE7) randomly redirects me to either a bingo or antispy website, and this happens roughly once a day, and has been for about 2 or 3 weeks now. :/

This used to happen a lot with virtually any site I went to, except I'd only get redirected to bogus antispy/virus cleaner sites. Now it seems to be happening exclusively with Doomworld and the redirects take me to bingo(dot)williamhill(dot)com the most. I think I've even had it happen while I'm in the middle of a post or PM.

It's getting on my nerves, naturally.

Is it some sort of ad? Or a bit of malware or a virus that Avast has failed to detect? Is anyone else getting this? :S

[Quasar]

Try one of the following:

• Disable JavaScript
  
• Add the proper ad host to your Windows\System32\drivers\etc\hosts file and direct it to IP address 127.0.0.1
  
• Change to a better web browser
  
• Get an ad-blocker plugin for said web browser.
  

If nothing on this list works, then it's malware.

[destx]

HELO MY COMPUTER IS NO WORKING RIGHT ALSO I AM USING INTERNET EXPLORER

Oh hey another one of these threads.

STOP USING IE

STOP IT
BAD
NO

[Gez]

Jimmy91 said:

my browser (IE7)

Why, I never had such problem with Firefox+NoScript.

[Reisal]

I would just use Spyboy S&D and A2 Squared to scan and remove any crap that your machine may have picked up (As I once had the same problem before and it was some LOP(dot)com shit, which was some spyware/malware site).

And for crying out loud, use Firefox, Chrome or Opera!

[GreyGhost]

Jimmy91 said:

IE7

• Unplug and dismantle your computer
• Sprinke holy water on the components
• Shoot the hard drive with a silver bullet
• Drive wooden stakes through the CPU and GPU
• Hack everything to pieces with a blessed axe under the next full moon
• Mix those pieces with liberal quantities of concrete in a 44 gallon drum
• Drop the drum down a deep mine shaft
• Problem solved!

Actually, I think Quasar pretty much covered it.

[Aliotroph?]

Yes he did.

lol For a second I thought I read bingo.williammull.com, which would have been extremely funny for obvious reasons. :D

[jon_infektion]

Probably the browser

[Jimmy]

It just happened in Firefox. ¬_¬ Getting NoScript now in case that'll do anything.

I'm sure it's something wrong inside my computer that Norton, Avast, Malwarebytes and CCleaner can't detect, because I've had this problem on at least two computers with at least two different browsers (IE7 and FireFox). But if nothing else, it might just be this site, because I haven't gotten any redirects on any other sites at all. I used to, but not in the last month or so, and since then I've run a number of cleaners and uninstalled a bunch of crap to try and find the problem. Now it seems to be, strangely, only occurring on Doomworld.

Also, I don't feel inclined to permanently change browsers or stop using IE just because the problem occurred in IE. :/ I don't like to assume OH IT MUST BE THE BROWSER. It's worked fine up until recently.

[Reisal]

Stop using IE.

[fraggle]

You've picked up some spyware. Try running AdAware and see if you can clear it out.

[Hellbent]

My computer has been going through stages of operating normally to struggling playing music on rhapsody and doom slowing to a crawl (even the music and sfx slow down). All on the same boot it can go from bad to normal to bad again. It's been progressively getting worse (now seems majority to be running in sluggish mode). I closed every non essential process in task manager but it doesn't have any effect. I use "The Shield Deluxe". What's the best freeware solution? I checked my host file and appears to be how it should be:

127.0.0.1 localhost
::1 localhost

Oh, and yeah, it's been loading random webpages when I click on links. If I click back on my browser and think click the link again, it will load normal most of the time--sometimes I have to go back a few times before it loads the way it should.

I use Firefox primarily, although I started using Google Chrome kinda recently.

[Super Jamie]

Like fraggle said, you've picked up some spyware. I don't know what's good for cleaning that as I haven't used Windows in years, but try everything you can.

Sometimes you pick up some stuff that's so well written you can't get rid of some it, or at least get to the stage where it's quicker and easier to just back your shit up, format your hard drive and reinstall from scratch.

As much as you might love IE, it really does have too many security vulnerabilities and is tied into the OS too much to be a safe daily driver. I rarely use Windows but when I do, Firefox and NoScript is the only way to roll.

Given all the music software you run, I doubt Linux is an option for you, but that would be my recommendation for a "just using the internet, listening to music and doing photo stuff" computer.

[J-selva]

There's a procedure you can use involving the program, Combofix. I'm unfamiliar with this.

I recommend several of the PC Help forums out there that generally have success in helping out the people who post there (otherwise, the people who post often solve it themselves :P).

Although I can't list all the best ones, I might suggest:

Safer Networking Forums
lavasoftsupport
bleepingcomputer
5-star support forum (just a name)
majorgeeks support forums
techguy
geekstogo forum
theeldergeek forum

[Aliotroph?]

There's a Combofix tutorial on Bleeping Computer. Combofix is a clever tool, but it's still a gamble as to whether it will find the problem. When it does it's just damn good and I tend to run it on everything I come across with an infection.

As for regular spyware scanners, I don't have any recent knowledge of which ones are the best. They tend to change every few months. I quite like Spybot S&D and also Ad-Aware (the free one of course). There's also one called Super Antispyware that was quite good in 2007, but nobody seems to use it now.

Another thing to keep in mind is these things exploit the fixes in Windows patches. Their authors like to reverse engineer the patches and find out what things they can exploit on non-patched machines. This means it's absolutely imperative that you do all the high-priority updates in Windows Update. Based on your statement about IE7 it sounds like you don't have all the updates (IE8 has been out for a long time).

[Maes]

If you can actually pinpoint which are the troublesome files that make up the threat (directory, name, extension) then, even if you can't delete them from inside windows (and neither will many normal spyware tools, as long as the host OS is running) you can easily eliminate them by firing up an Ubuntu live CD and simply deleting them. There's just nothing they can do to prevent ano

You may get some bitching as startup programs and plugins break on the next windows boot, but in general this method is as effective as a clean format, without the data loss, and, if you know what you're doing, much quicker than using scanning tools.

[Gez]

Jimmy91 said:

It just happened in Firefox. ¬_¬ Getting NoScript now in case that'll do anything.

Firefox without NoScript is just as vulnerable as IE. (Well, a tiny bit less.)

[kristus]

Quasar said:

Add the proper ad host to your Windows\System32\drivers\etc\hosts file and direct it to IP address 127.0.0.1

I've mentioned this before, but I think it can be mentioned again since IMO it's the best way to protect your computer there is.

There's a wonderful little program called Hostsman which will allow you to automatically upgrade your hosts file to block out an awesome number of ad and malware sites by simply hitting the button "update hosts".

The program also has an UI that will let you manage your hosts file as well. Like if it is blocking out something you want to access. (Myspace for instance) You can simply go into the "manage hosts" section and do a search for the server name then mark anyone you want to excuse with a checkbox.

Since I got it, I've not experienced any ads at all when I browse the internets.

http://www.abelhadigital.com/

[GreyGhost]

Jimmy91 said:

But if nothing else, it might just be this site, because I haven't gotten any redirects on any other sites at all. I used to, but not in the last month or so, and since then I've run a number of cleaners and uninstalled a bunch of crap to try and find the problem. Now it seems to be, strangely, only occurring on Doomworld.

If all else fails - stop visiting Doomworld! Just kidding.

Firefox and NoScript are a lethal combination, the main downside is the ongoing task of adding sites to Untrusted or Whitelist. SpyBot S&D's hosts list also helps.

[Reisal]

A preventative measure once the crap you have is removed - SpywareBlaster

[fraggle]

Jimmy91 said:

Also, I don't feel inclined to permanently change browsers or stop using IE just because the problem occurred in IE. :/ I don't like to assume OH IT MUST BE THE BROWSER.

Sorry, but it's just the truth: in all likelihood it is IE. These things often exploit security holes in your browser to worm their way into your computer. Internet Explorer is well known for being vulnerable for this sort of thing, and it's the most targetted because it's the most popular browser.

Like absolutely everyone else in this thread has already suggested, dump IE and get a better browser. Firefox, Opera and Google Chrome are all much more secure than IE, and as an added bonus they're faster and have added features!

[Patrick]

I've had a similar problem, but what happens is I get what looks like the old-ass version of the google search engine. I fixed that problem by dumping IE and going to FireFox, and getting AdBlock Plus.

[Maes]

I always wondered -and still do- if this kind of malware is actually profitable, or is just meant to be annoying and nothing more.

I mean, just because some malware redirects google into some random-ass wannabe-search engine that screams from a mile away "THIS IS A BROWSER HIJACKING!", which returns only chinese scam sites, and will likely trigger a removal reaction upon minutes, is anyone actually making a profit of even a single penny from it? If so who's paying?

Even adware - where someone is obviously paying to be advertized through this channel, how can it be considered profitable if the medium is so annoying and reviled?

[Aliotroph?]

The Chinese scams are paying. :p

It scares me how many people "fix" the problem by switching browsers and disabling scripts. That does nothing to remove whatever infected the computer, which could be more than just a crappy browser hijack.

[Maes]

Aliotroph? said:

The Chinese scams are paying. :p

They must have some pretty innovative marketing scheme then -else how could they expect an investment return from sending chinese spam with random chinese letters to a guy e.g. in Greece?

Or perhaps they don't really give a fuck. Heh. Talk about the "losing face" concept they often tout as their "strength".

[Aliotroph?]

Maybe the Chinese scammers are getting scammed.

[GreyGhost]

Maes said:

They must have some pretty innovative marketing scheme then -else how could they expect an investment return from sending chinese spam with random chinese letters to a guy e.g. in Greece?

Or perhaps they don't really give a fuck. Heh.

Heh - ask me about "Your Canadian Pharmacy". Like other Internet scammers, the Chinese engage in shotgun marketing and since the bulk of it's delivered using hijacked mailservers and hacked websites I think it would be fair to say they don't give a fuck how the message reaches it's destination. With most of their marketing costs being paid by third parties - unwittingly - they probably only need 1 in a 1000 recipients to buy something in order to turn a profit.

[Super Jamie]

I have often wondered how spammers actually make money. I mean doesn't everyone spam filter or at least delete the messages? I assume not, nobody would go to all the trouble of waving rolex/viagra emails in your face if it didn't actually work.

[Maes]

GreyGhost said:

they probably only need 1 in a 1000 recipients to buy something in order to turn a profit.

That is, if their spam was in proper English so that this 1 in 1000 who's likely to read an email ad may at least understand WTF is that weird email about. Or they expect me to run a babelfish translation to find out who they are and how I can buy their rolex etc.?

I mean, whatever the message was, even if it was written in the best of the best of the Queen's English, due to the channel it arrived in it would be hard to take it seriously and really picking up the phone/fax/whatever to do business with the company behind it or whatever.

[fraggle]

Maes said:

I mean, just because some malware redirects google into some random-ass wannabe-search engine that screams from a mile away "THIS IS A BROWSER HIJACKING!", which returns only chinese scam sites, and will likely trigger a removal reaction upon minutes, is anyone actually making a profit of even a single penny from it? If so who's paying

It depends on the nature of the adware. In this case the money probably comes from the ad impressions - I wonder how much William Hill is paying for this. I've heard that some malware pops up windows actually saying "malware detected, click here to remove it", whereupon you are taken to a website where the authors of the malware will sell you software to remove it.

It's not hard to see how people who are only partially computer literate could be taken in by things like this.