Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

very bizarre firefox redirect malware?


  • Please log in to reply
1 reply to this topic

#1 Lemmy_K

Lemmy_K

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 05 April 2018 - 10:28 AM

Hello,

 

i've run into a problem that has me stumped.

 

running Win 10 build 16299.309. latest updates, firefox 59.0.2

 

when I try to load a specific website (in this case dnsstuff.com) I get a redirect that's trying to send me to

 

"/search/tcerider.php?f=http%3A%2F%2Fbtprmnav.com%2Fclick%3Fdata%3DYXJtSy1nSmFIOFluUk9DdTF0dGdFbk44LU52R1FiYXFncE9ZMlRzRmdaRy1VMXd0Sl9JZFV5X3ZiOGFDaEhLb2x6aUUzYldHLTktTk9mX3p6VEVOZkdJZmJVVEI5NzJDS1N2RW12RGhKQWo1eVZOd3NBU09kTkRHcW1YVVVocjZKN3Nqd2RTaVJqaV8wbEFkMm1fNmh3Mg2%26id%3D49ec16a8-f6d4-481e-8731-8a728be0a253&v=NTczODZhYjg2ZjE4MWZlOWEzMGM0NDc0ZjlhN2ViMjYJMQlkbnN0dWZmLmNvbTVhYzYzZGFlMzYxNjYyLjU4NTgyODk3CWRuc3R1ZmYuY29tNWFjNjNkYWUzNjFhMzMuMzIyNDA3OTcJMTUyMjk0MTM1OAlhZF8zNV8w&l=NglBRFMJM2M0YTA0NzRkMzEwNWM0YTM4OWQ4ZTBkNWZiOGUwNzkJMAkxMwkJMzEJMQkxCTAJODcwMmIxM2Q1OTBmZTI0NTBjZDZmMzVkMWU0NzNjYjUJCTIxMTkwMTg4MQljCTY4MDE3NgkJd2ViIGhvc3RpbmcJMTEwMQkzNQk1CTYwCTE1MjI5NDEzNTgJMC4wMDI2MTYyNQlOCTAJMAkwCQkJCQkJZG5zdHVmZi5jb201YWM2M2RhZTM2MTY2Mi41ODU4Mjg5NwkwCQkxCTgzMAkxMTI0CTExNTU2NjI3CQk3NC4yMTYuMjE5LjQw"

 

oddly, this only happens with this specific site, none other.

 

Does not happen when using IE or Chrome, so i assume it's browser dependant

 

so far i have:

  • uninstalled, reinstalled Firefox
  • removed all extensions and add ons
  • deleted profile
  • ran malwarebytes

 

I;m at a loss to explain this, or find the source.


Edited by hamluis, 05 April 2018 - 10:35 AM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:57 PM

Posted 06 April 2018 - 08:41 AM

Welcome to BC...

 

What happens when you click on this....DNS tools | Manage Monitor Analyze | DNSstuff  ?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users