Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

website redirect


  • Please log in to reply
4 replies to this topic

#1 cosy

cosy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 29 September 2009 - 03:42 PM

A few years ago I started with a website for a shop wich sells stuff for Patchwork and quilting. (www.thecosycottage.be)
Lately users of the site have sporadically problems opening the site, they are sometimes redirected to a malware site with one of the following adresses : mycompscanner22.com or mycompscanner2.com, or mycompscanner42.com, and maybe other variants. This website then shows a popup screen wich says that the pc is infected with lots of trojans and viruses.
At first we thought the pc was infected with spyware, but after running different antispyware and anti malware programs like a-squared, spydoctor, spyhunter, malwarebytes... nothing could be found.
So we think that somehow a connection to our website is intercepted and then redirected to another website.
As far as we could establish, this happens only with internet explorer , we have no reports from it happening in firefox and flock.
Does anyone has an idea what is happening and most of all, what can be done to stop this ?
The problem was already reported to the company where we host the website, but they didn't answer yet.

BC AdBot (Login to Remove)

 


#2 Mopfog

Mopfog

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 02 October 2009 - 03:35 AM

Hi,

You may want to try Spyware Blaster and Spybot S&D, which are probably better than most of the programs you used. If you still don't find anything on the host machine, then perhaps the owner of the shop is a target for electronic harassment? Rebuild the website on a different url and see if it happens again.

#3 cosy

cosy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 02 October 2009 - 03:57 PM

I got an answer from the host, they did a complete scan of the server and checked the website but they didn't find anything.
I also changed the FTP password, searched all de php files on the server for malicious code, but found nothing so far.
The funny thing is that it happens maybe only once a day and I'm pretty sure only with internet explorer (6,7 or 8 makes no difference).
It seems that someone hacks into the website for a short time and then everything is normal again.

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:16 AM

Posted 02 October 2009 - 04:31 PM

You might want to post in Am I Infected?
You could possibly have a rootkit infection
The scan tools you listed might not have seen it
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 cosy

cosy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 08 October 2009 - 11:12 AM

I contacted the people from the company where the website is hosted again, and yesterday they told me that they found and solved the problem.
It seemed that the server was hacked.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users