Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential hijack? utrack.pw


  • Please log in to reply
6 replies to this topic

#1 Kirin

Kirin

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 08 August 2015 - 10:49 PM

Hi there, got a little problem here that I hope you guys might be able to help me out with. For the past few days I've been getting random (and very rarely, truth be told) redirections to a website called utrack.pw. It happens very rarely, usually when opening a new tab (rarely when navigating within an existing tab) such as from a bookmark or from an existing tab. There is usually a delay between the opening of a new tab and the redirection, e.g. on Youtube it loads up a second or so of the video before redirecting me to the ads. I also believe it to be responsible for occasional freezing of my computer, which happens without rhyme or reason and only within the timeframe for the redirections. 

 

Here is a puu.sh screenshot to a sample of the page: http://puu.sh/jtwGO/f933e3f3fa.jpg

 

I've got no real clue how this got onto my system, and relatively thorough Google searches have been turning up virtually nothing (http://puu.sh/juEEc/161e2daa35.png), leading me to believe this is a fairly recent development. I've run thorough scans with Malwarebytes and Microsoft Defender, both of which turn up nothing. 

 

Oh, I'm on Windows 10. 

 

Note: utrack.pw is not the only site I have been redirected to, although it is by far the most prominent. Out of the roughly 10 redirections I've had, 9 of them were to utrack.pw, and one was to some website I don't recall off the top of my head, since I killed the window pretty much straight away. 

 

So... uh... help, please? 

 

Edit: More info. This problem has been mostly on Google Chrome, both in normal and in incognito modes. Since it happens so sporadically, I haven't had the chance to reproduce the redirections on the three other browsers I have but rarely use: Mozilla Firefox, Microsoft Internet Explorer and Microsoft Edge. Will update if I do.

 

Second Edit: Was surfing as usual on Firefox and got redirected. So it's there as well.

 

Third Edit: Redirected to a third website: MusicBoxNewTab.com (http://puu.sh/juJlF/f2640bf7ba.png) This one came when surfing through Skyrim mods on the Nexus website. Seems to be a fairly typical adware, if only I can root it out. 

 

Fourth Edit: Yet another redirection website. Interesting. It was pretty much only utrack.pw before, but now I'm getting a bunch of different sites. This next one was spaces.slimspots.com, which then further redirected me to onlineprizedraws-aussie.com. Starting to get annoying. 

 

Fifth Edit: Got the one I mentioned earlier as being unable to recall: ilividnewtab.com/ As with the fourth edit, this was a double redirect: First a redirection to searchpeak.com, which then redirected me to ilividnewtab.com. If you're wondering why I'm listing all these sites out, I'm hoping that other people with the same problem encountering the same sites would be able to find this topic. =D

 

Sixth Edit: In what may or may not be related, I've also been getting strange popups in Japanese on various Wikia websites. Here's a sample image: http://puu.sh/juLRv/eaabec6049.png Roughly translated, it means "This community is waiting for the input of fans like you!" or so I'd guess. The link translates to "Let's try and edit the page =>" and actually does lead to the edit function for the page. It's really strange though, because the website in that screenshot was linked to me by a friend of mine who just accessed it and didn't receive the popup, while I did. Googling the text: 

"このコミュニティは貴方の様なファンの投稿を求めています! " shows me that random Wikia pages have it in their pages as well (http://puu.sh/juPn1/28588a8b72.png). Not sure if this is related to the previous issues though. 


Edited by Kirin, 09 August 2015 - 02:44 AM.


BC AdBot (Login to Remove)

 


#2 Wuhp

Wuhp

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 09 August 2015 - 02:39 AM

I got the same problem

 

i already tried to run a virus scan but nothing showed up and all the websites i get via google dont help at all 

 

i need help its really getting annoying and im not sure what else is there to this "virus" or whatever it is



#3 thezerog82

thezerog82

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 09 August 2015 - 05:14 AM

Hi have a similar redirecting issue too, happens on chrome, edge, ie. Happens when I click on shopping site like amazon, sears, bestbuy, etc....I was able to quickly capture the URL that it was redirecting to:

 

http://prosperent.com/affiliate/click/r?url=http%3A%2F%2Fwww.anrdoezrs.net%2Flinks%2F7328505%2Ftype%2Fdlg%2Fsid%2F415012M1M150809040040EFW%2Fhttp%3A%2F%2Fsears.com%2Ftvs-electronics-televisions-lcd-tvs%2Fb-1231474467&h=9114346aedac2ab09ad183c8576ddd6f&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F42.0.2311.135+Safari%2F537.36+Edge%2F12.10240

 

I ran every antispyware program on bleepingcomputer, nothing was found...


Edited by thezerog82, 09 August 2015 - 05:14 AM.


#4 thepspgamer

thepspgamer

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 10 August 2015 - 03:49 PM

i am in the same boat, and i am totally stumped

 

I only seem to get the redirects in IE and very very rarely in firefox (its even affecting my steam overlay occasionally)

 

I have run every malware/redirect killer i know that has worked for me (MBAM, TDSS, Hitman, Rougekiller, ADW) in the past. They all came up clean other than a few junk files etc

 

Kinda stumped on this one...



#5 Kirin

Kirin
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:27 AM

Posted 11 August 2015 - 02:50 AM

Since I was sort of in a hurry to get it fixed (Needed to handle sensitive data and no one was replying within the 3 days before I could bump it), I 'fixed' the problem by doing a full format and reinstall of Windows 10. Not the most optimal solution, but eh, it works. 

 

Leaving this topic up for the people who're having problems, unless the rules say they need to start their own topic. 



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:27 PM

Posted 11 August 2015 - 07:39 PM

This is difficult. Formatting always works. If tho you want to get it fixed we should get a deeper look. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 songoffire

songoffire

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:27 PM

Posted 17 August 2015 - 04:14 PM

I had the same issue -- I checked my etc/hosts file and found all kinds of badness in there which would explain why this happens for me in all my browsers, but my antivirus isn't finding anything.  Resetting my etc/hosts file back to normal fixed the issue for me.

 

good etc/hosts content:

127.0.0.1 localhost loopback
::1 localhost

 

in Windows etc/hosts is at:

C:\Windows\System32\drivers\etc\hosts

 

FYI - To change this I needed to open my text editor with admin privileges.  hope that helps!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users