Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect to .tk


  • Please log in to reply
6 replies to this topic

#1 Skillful

Skillful

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 22 May 2018 - 10:28 AM

Hey everyone,

 

Windows 8.1 pro, firefox quantum 59.

I searched for tailor made tshirt. I'm not sure of the exact name for this, but I think it's google places? Google something... you know how google has a bunch of places listed when you search for something? I will attach a screenshot to show what I mean once someone replies, won't let me attach a screenshot yet.
 
Earlier I clicked on the link, and instead of going to budgetscreenprinting.com.au it went to
 
likethestroke.tk
 
and then asked for a username and password in a popup box. I went cancel, and it then had a fake message on that tab saying windows defender detected infection call this number bla bla. So I figure that's fake.
 
Here is the URL that I think was clicked originally:
 
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=2ahUKEwjs3ar__pjbAhUMoJQKHQ1BBbAQ_UUwAHoECAEQAQ&url=https%3A%2F%2Fbudgetscreenprinting.com.au%2F&usg=AOvVaw3uUNV1LNY5LfrRH73p844m
 
That link, is that normal, or is that a bad redirect link?
 
I just did the search again, and when I hove my mouse over the budgetscreenprinting googleplaces or google list, the link in the bottom left of firefox shows the exact link to budgetscreenprinting, as it should do. But earlier straight after this happened, I think it showed that URL that was clicked originally.
 
Is it possible that earlier, for some infection reason? Temporarily, the link was wrong. Unless it was wrong on googles end for a second there but I doubt it.

 

The other thing is, when going to this website for clothes

https://www.bullring.co.uk/shoponline/product/19f92cd73ea8/selected-hommes-stripe-tshirt

 

If I hove my mouse over any of those images for shirts eg the green stripes etc, I get a link to the below

 

https://www.awin1.com/pclick.php?a=158752&clickref=hkduymggg&m=2479&p=21819952085

 

Ublock origin stopped that from opening when I clicked it. I'm unsure if that's a legit affiliate or if that's more issues like my first paragraph.


Edited by Skillful, 22 May 2018 - 10:38 AM.


BC AdBot (Login to Remove)

 


#2 clueloss

clueloss

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 23 May 2018 - 03:46 PM

I'm not a pro or anything but seen you had no reply and if was me I know how much any reply is instead of none so I would suggest looking into your host file.

 

Found here C:\Windows\System32\Drivers\etc

Google will be able to show you what's in a normal host file which is basically nothing unless you've added stuff.
If I was you i'd run malware bytes and spybot aswel as locking the host file.

 

if you see any ip addresses and then google beside it there's a good chance you're being redirected by hosts.

 

It could also be some kind of toolbar or malware in your browser so I still suggest scanning with malware bytes.

 

I checked using a website where does link redirect too and it says budgetscreenprinting.com.au redirects to budgetscreenprinting.com.au so sounds like you have something.



#3 buddy215

buddy215

  • Moderator
  • 13,322 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 AM

Posted 23 May 2018 - 05:39 PM

Welcome to BC....

 

Use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 Skillful

Skillful
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 06 June 2018 - 05:12 PM

Hi everyone. 1 week ago, did HDD wipe after making this thread 2weeks ago. Then few days ago had a redirect and this time I checked the host file. I've copied and pasted below. Is this all looking normal for a host file?

 

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#    127.0.0.1       localhost
#    ::1             localhost
 


Edited by Skillful, 06 June 2018 - 07:59 PM.


#5 Skillful

Skillful
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 06 June 2018 - 05:20 PM

In that etc folder are a total of 5 files

hosts

Imhosts.sam

networks

protocol

services

 

Do I need to look inside of them as well?

 

The redirect that happened a few of days ago was from a google search iirc, and it took me to a .loan domain, with survey on it.

Now, before my HDD wipe, I did visit a website that turned out to be a scam website, and maybe thats what caused the redirect back then, it was a website selling cheap clothing that turned out not to be legit. They didn't get my details, although they would have gotten my IP address if that makes a difference.

 

The website that I went to that redirected to a few days ago ie after the HDD wipe, was houzz.com. I went there again and it loaded fine, so I'm unsure if that redirect was from google, or if maybe houzz.com is actually infected itself?


Edited by Skillful, 06 June 2018 - 07:58 PM.


#6 Skillful

Skillful
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 10 June 2018 - 03:40 PM

So I ran the programs that buddy suggested, except eset says downloading virus signature and at 51% says cannot download file. Is proxy configured? Tried again same thing. Did a reboot, and a windows update, and then tried again and it started at 50% then gave same message at 75%. So rebooted and started again at 50% currently at 67% and taking ages. Sure enough it failed again, at 75% execpt took twice as long to fail.

 

Also, is this link

http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

 

 

If I go here

https://www.eset.com/us/home/online-scanner/

 

Theres two links and I'm guessing its this one because your link is smart scanner

https://download.eset.com/com/eset/tools/installers/live_essp/latest/eset_smart_security_premium_live_installer.exe?intcmp=online-scanner-page-essp-trial

 

The other one is this

https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner_enu.exe

 

So how do I get this eset to actually get the database updated to actually scan? Cheers



#7 buddy215

buddy215

  • Moderator
  • 13,322 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:11:41 AM

Posted 10 June 2018 - 03:46 PM

This Forum has been closed. For more help in removing the malware/ adware please follow directions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users