Help ATS with a contribution via PayPal:
learn more

Strange redirect, possible virus issue--need help figuring this out.

page: 1
1

log in

join

posted on Sep, 21 2012 @ 09:34 AM
link   
I have a possible virus that has taken over my machine over the past 6 months or so. I say possible because I didn't realize it could be a virus until today.

What's been going on is all ads, and I mean ALL ads from all sources in any browser, are blocked. Not just blocked--they're simply non-existent. About the only thing I can see are the links for ads that come up in the first search results but I cannot click on them, they go nowhere. I don't see any advertising in Youtube videos, no flashy, annoying ads on this site and just nothing anywhere.

At first, I thought it was a browser setting and knowing that ad-blocking software is frowned upon for ATS, i tried to find out what might be going on. Well, I use Opera and couldn't find anything anywhere that I may have checked or unchecked, but then I realize that I have the same issue in any browser. I use Opera primarily but I also use FireFox, Chrome and IE for work (unfortunately.). This "problem" spans over any browser.

It's actually kind of nice. I can't fix it, I don't know what I did to cause it and, in all honesty, it really isn't that bad.
I have four computers in my home, and it only occurs on my laptop.

Over the past couple of months, I have noticed a strange redirect issue when I try and click on a google link, like maybe one that someone posted in a thread here. It will take me to google.com/webhp. It doesn't happen every time, just once in a while so I just paid it no attention.

Last night, it was happening again and I really wanted to see what was at a link but couldn't get to it. So I searched for this "webhp" redirect issue and discovered it could possibly be a rootkit virus! Ouch.

But I'm not finding anything. I installed a few rootkit killer programs, have run antivirus, anti-spyware and have searched through my running processes and just cannot find anything at all. I also haven't seen any nefarious actions against my machine, such as stolen passwords or account hacking and my computer is running just fine.

Does anyone know how to find out if that's what I have and how to get rid of it? I've been messing around trying to solve this for hours and am getting nowhere. I should also add I have tried running spyware and adware programs while in safe mode, and even in safe mode, I still get the ad-blocking thing and redirect to the webhp thing happening.

I am running an older dell with Windows Vista, 32bit. Has anyone every encountered anything like this before? It's odd---yet not that bad. lol That doesn't mean there's nothing sinister going on that I just haven't found out about yet, so I'd like to get rid of it, if in-fact it is a virus. I just don't know where to look, I guess. Thanks in advance for any thoughts.




posted on Sep, 21 2012 @ 09:46 AM
link   
lookup what your isp's dns servers are supposed to be and in a command prompt do an "ipconfig /all" and make sure they are the same for you network link, there will be others listed but ignore them

also check your /windows/system32/etc/drivers/hosts file and see if theres anything in there other than the basic 127.0.0.1 localhost (stuff with a # at the start is just comments)

that should give you a good start since you've done a good virus scan/malware etc run
edit on 21-9-2012 by Maxatoria because: didnt see one part



posted on Sep, 21 2012 @ 09:54 AM
link   
try to back up
what ever you can...
safely


Then whack the drive
re-install operating system

& stop surfing pron



posted on Sep, 21 2012 @ 09:56 AM
link   
reply to post by CoherentlyConfused
 

I have had to deal with these types of things as a System Admin. It is really pretty easy to remove, provided that there is something there. I assume that you are running Windows as you have a virus, so if you will boot Windows into safe mode with networking by tapping F8 at boot up (before the Windows logo appears) and from there try to go to the websites you were previously trying to get to, and if they don't redirect then you know there is something that is "hijacking" the connection. You can try running a Malwarebytes scan while in safe mode and most of the time it catches just about everything. If you need any more help or if it is still acting up, I will do my best to help you out.

Later,
Kasei



posted on Sep, 21 2012 @ 09:57 AM
link   
First Run Process Explorer, which can be found here: procexp.exe

Check to see if any program does not have a [company name] and if the file name is a mix of numbers and letters that have no reason, if you find it, right-click and check its properties to see where the file path leads.
Most lead to the temp folder or a folder under Documents and Settings or to the Internet Temp Directory. If this is the case, then copy this directory path to notepad, and save it. Boot to safe mode, delete the file and directory; disable or delete the entry in the MSConfig under the startup tab (this can be ran from the RUN box; windows key+R).

Check your internet options under the control panel under the [connection] tab, and see if a Proxy is enabled, if it is, then uncheck it, get rid of the proxy settings, etc. Reboot, and see if it fixes the issue.



posted on Sep, 21 2012 @ 09:59 AM
link   
reply to post by spoonbender
 


Well, I've never surfed pron before, but i'll keep that in mind, thanks! And I don't surf porn, either.


For the person who mentioned the hosts file--that must be what it is. I have an EXTENSIVE hosts file. But i have one for a reason, so maybe that's it. I didn't even think of that, thank you!



posted on Sep, 21 2012 @ 02:23 PM
link   
just copy/rename the hosts file and see if everything works and if so then its time to get personal with the file



posted on Sep, 21 2012 @ 09:59 PM
link   
reply to post by Maxatoria
 


Yes, thank you! I put back my original hosts file, and that seemed to fix the problem. I had made changes to it for a reason a while ago and the list of blocked hosts I used included a ton of ad servers. I no longer need it now but completely forgot I had made changes to it.

You caused one less gray hair to sprout on my head today.
edit on 21-9-2012 by CoherentlyConfused because: (no reason given)





new topics

top topics



 
1

log in

join