Rising Sun Member Forums  

Go Back   Rising Sun Member Forums > Toyota 4x4 > General Chit Chat

Reply
 
Thread Tools
  #1  
Old 02-24-2009, 12:09 AM
Hulk's Avatar
Hulk Hulk is offline
Cruise Moab Committee
 
Join Date: Aug 2005
Location: South Side!
Posts: 11,308
Send a message via AIM to Hulk
Default Click redirect -- another virus?

Here's what is going on:

I go to Google and type in a search: canon 40d vs 50d

I click on the 3rd link down, called "The Canon EOS 40D vs 50D: We Review & Compare | Spot Cool Stuff: Tech". It's supposed to take me here:
tech.spotcoolstuff.com/photography/digital-camera/slr-showdown-40d-50d-canon-eos/

Instead, when I click it, it takes me here:
http://www.ave99.com/search.php?q=ca...40d%2Bvs%2B50d

The next time, it takes me here:
http://www.dexknows.com/search.ds?ne...o=checked&qCD=

Then it took me here:
http://biassickness.info/search.php?...50d&ipr=&rej=1

Finally, it took me here:
http://www.google.com/undefined

One more click and it took me where I actually want to go.

Any idea what's going on?
__________________
Matt Farr, Centennial, Colorado | Webmaster: TLCA.org
1996 FZJ80 TLCA #4189 WRDY
www.rustybrain.com/cruisers my Rising Sun bio Facebook Twitter Need satellite Internet? Check out: Exede Internet

If you think you can or think you can't, you're right.
Reply With Quote
  #2  
Old 02-24-2009, 12:36 AM
Hulk's Avatar
Hulk Hulk is offline
Cruise Moab Committee
 
Join Date: Aug 2005
Location: South Side!
Posts: 11,308
Send a message via AIM to Hulk
Default

I changed from the Qwest DNS to OpenDNS, thinking Qwest was the cause of the problem. But even after rebooting my modem/router, I clicked the same link above and ended up here:
http://www.ibuydigital.com/product/?...rt_id=21760711

Aha. It sounds like it is a trojan:
http://answers.yahoo.com/question/in...4093138AAEKpVQ
__________________
Matt Farr, Centennial, Colorado | Webmaster: TLCA.org
1996 FZJ80 TLCA #4189 WRDY
www.rustybrain.com/cruisers my Rising Sun bio Facebook Twitter Need satellite Internet? Check out: Exede Internet

If you think you can or think you can't, you're right.
Reply With Quote
  #3  
Old 02-24-2009, 12:42 AM
pmccumber pmccumber is offline
Hard Core 4+
 
Join Date: Sep 2008
Location: Longmont, CO
Posts: 545
Default

I got the first link (the correct one) on two of my home computers.

I always tell people to check their hosts table and see if anything looks odd:
C:\WINDOWS\system32\drivers\etc\hosts

Mine simply has the localhost defined. If somebody were trying to spoof another site they could do so by falsifying an entry in this table.

Other than that, it seems odd that the clicks yielded somewhat relevant destinations. When you mouse over these hyperlinks, do you get the address you expect? If you're using Firefox, right click and copy the link location and paste that into a text buffer somewhere and look at it.

Seems odd.
Reply With Quote
  #4  
Old 02-24-2009, 05:44 AM
DaveInDenver's Avatar
DaveInDenver DaveInDenver is offline
Hard Core 4+
 
Join Date: Jun 2006
Location: Larimer County
Posts: 6,380
Default

Clicked the link and got the correct page, no redirects here. Running Qwest DSL using qwest.net for my ISP. Checked with Firefox and Safari, no difference I could see.
__________________
'91 Pickup

"Why does the U.S. care which flag will be hoisted on a small piece of land thousands of miles away?" -- Ron Paul
Reply With Quote
  #5  
Old 02-24-2009, 07:35 AM
Hulk's Avatar
Hulk Hulk is offline
Cruise Moab Committee
 
Join Date: Aug 2005
Location: South Side!
Posts: 11,308
Send a message via AIM to Hulk
Default

My hosts file only shows this:
127.0.0.1 localhost
__________________
Matt Farr, Centennial, Colorado | Webmaster: TLCA.org
1996 FZJ80 TLCA #4189 WRDY
www.rustybrain.com/cruisers my Rising Sun bio Facebook Twitter Need satellite Internet? Check out: Exede Internet

If you think you can or think you can't, you're right.
Reply With Quote
  #6  
Old 02-24-2009, 08:27 AM
pmccumber pmccumber is offline
Hard Core 4+
 
Join Date: Sep 2008
Location: Longmont, CO
Posts: 545
Default

Another one is running a trace of the route the packet took to get to the destination. I did a trace on my computer. I have a router downstairs, the cable modem which is also a router, and comcast. So once comcast has it, where they inject it into the Al Gore's WAN might be different than other providers. But, you doing this should show the offender somewhere in the process, just finding it might be tough.

Here is my trace:

C:\Documents and Settings\Dad>tracert tech.spotcoolstuff.com

Tracing route to tech.spotcoolstuff.com [69.4.229.209]
over a maximum of 30 hops:

1 2 ms <1 ms <1 ms 192.168.1.1
2 * * * Request timed out.
3 9 ms 9 ms 10 ms GE-2-2-ur01.longmont.co.denver.comcast.net [68.8
6.104.225]
4 32 ms 25 ms 50 ms te-0-8-0-5-ar02.denver.co.denver.comcast.net [68
.86.103.154]
5 20 ms 20 ms 9 ms pos-0-4-0-0-cr01.denverqwest.co.ibone.comcast.ne
t [68.86.91.17]
6 13 ms 14 ms 12 ms pos-0-10-0-0-cr01.denver.co.ibone.comcast.net [6
8.86.86.22]
7 27 ms 26 ms 26 ms pos-0-9-0-0-cr01.dallas.tx.ibone.comcast.net [68
.86.85.174]
8 44 ms 26 ms 28 ms softlayer-cr01.dallas.tx.ibone.comcast.net [75.1
49.228.34]
9 33 ms 29 ms 29 ms po2.dar01.dal01.dallas-datacenter.com [66.228.11
8.205]
10 67 ms 68 ms 66 ms te2-2.cer01.sea01.seattle-datacenter.com [66.228
.118.194]
11 64 ms 65 ms 64 ms po01.fcr01.sea01.seattle-datacenter.com [67.228.
118.134]
12 67 ms 67 ms 65 ms ans67.midphase.com [69.4.229.209]

Trace complete.
Reply With Quote
  #7  
Old 02-24-2009, 09:55 AM
Hulk's Avatar
Hulk Hulk is offline
Cruise Moab Committee
 
Join Date: Aug 2005
Location: South Side!
Posts: 11,308
Send a message via AIM to Hulk
Default

OK, I think I have killed this virus. I did some searching using IE for "clickfraudmanager" and found this geeks to go thread. Someone else had the same problem. I used the GooredFix program that he mentions in post #22. He says the problem was "the new variant of the XUL Cache infection."

Looks like my redirect problem is solved.
__________________
Matt Farr, Centennial, Colorado | Webmaster: TLCA.org
1996 FZJ80 TLCA #4189 WRDY
www.rustybrain.com/cruisers my Rising Sun bio Facebook Twitter Need satellite Internet? Check out: Exede Internet

If you think you can or think you can't, you're right.
Reply With Quote
  #8  
Old 02-25-2009, 07:18 PM
kvanoort's Avatar
kvanoort kvanoort is offline
Lifted
 
Join Date: Oct 2006
Location: Lafayette, CO
Posts: 188
Default

Quote:
Originally Posted by Hulk View Post
OK, I think I have killed this virus. I did some searching using IE for "clickfraudmanager" and found this geeks to go thread. Someone else had the same problem. I used the GooredFix program that he mentions in post #22. He says the problem was "the new variant of the XUL Cache infection."

Looks like my redirect problem is solved.
Thanks for posting this up Matt. I currently have this same problem on my home computer and will check out this link. I've just been using Blackle.com with no problems.
__________________
Kent Van Oort
Lafayette, CO
1972 FJ40 Current Project, 1978 FJ40 Sold Project, 1975 FJ40 High School Cruiser
TLCA #17904
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -6. The time now is 12:36 AM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.