Help! I been redirected from ATS constantly

reply to post by easynow


Same thing happened to me just moment ago, when I hit the back button I was back on ATS for a moment then it did it again.

No warnings or alerts, nothing in the logs... I did grab the URL that I was redirected to:

www.rewardsadvantage.us.com...:186943:

reply to post by easynow


Same here. Very annoying.

I keep getting logged out. I have also been redirected to other sites. One is some yellow book page and the other was some adult porn site. We have very good firewalls and a scan runs everyday at noon to remove spyware at work so i don't know how this could be my computer

reply to post by METACOMET


yes it is...

since i posted that picture i have been redirected two more times to the same exact thing.


does that prove that it is something in the advertisements here ?

i dunno..hope someone figures it out soon though !

ok you can now make that 3 more times while logged in and three times while logged out...i was looking at the ATS page while logged out.

it doesn't happen unless i am looking at the ATS page

[edit on 6-2-2009 by easynow]

I've been redirected to this page twice today...


www.rewardsadvantage.us.com...:186943:


Running Ubuntu / Mozilla Firefox

Pretty annoying

I was having problems with hidden advertisements in the posts of threads. The one I was getting the most was an ad for La Quinta. I would try to reply or quote someone and there would be a hidden advertisement there.


Im running Ubuntu/Opera. I redownloaded Opera and I dont seem to have a problem with the ads now. If you haven't, try redownloading your browser.

[edit on 6-2-2009 by A NeWorlDisorder]

Just happened again..this time my browser redirected to:

www.clipngocoupons.com...

Seriously people.
First off, ditch IE.
Second, quit installing uncounted toolbars.
1 and 1 only, and never my way or the numerous other toolbars that are very well known spy/ad/malware/highjackers.
Just google the ones you have installed and see for yourself.
Don't click on anything that has the word "free" or "you just won" or "shoot the duck for your prize".
Though you may not like it, IE8 works like firefox, so you might consider getting used to it. (I am currently beta testing Windows 7 64 bit Ultimate @ the moment---with IE8)
Firefox has numerous plugins to disable scripting, java, active-x and such, and still allow static advertising--I presume that would not be a violation of any TOS, but a mod might have to check on "approved" methods.
Lastly, a complete protection suite is best, IMHO, but if you wish to use different vendors-----1 anti virus, 1 antispy/malware, 1 firewall. Any more than one of each type causes conflicts and headaches, except for rare exceptions where something makes it through your layers of protection, and then install a removal prog for that instance only.

Trust me, I do know of what I speak.

Originally posted by gotrox
Seriously people.
First off, ditch IE.
Second, quit installing uncounted toolbars.
1 and 1 only, and never my way or the numerous other toolbars that are very well known spy/ad/malware/highjackers.
Just google the ones you have installed and see for yourself.
Don't click on anything that has the word "free" or "you just won" or "shoot the duck for your prize".

Trust me, I do know of what I speak.

Not to deflate your overactive ego here, but you're making assumptions. The redirect is also happening to experienced linux users who don't install "uncounted toolbars" or click on shoot the duck ads.

It's more than likely just a bad script that one of the ads here uses to gather info for storage in an sql database, or something similar. Accidental or intentional, it's still annoying and wouldn't hurt to have it looked into.

It's a full redirect and not a pop-up, so it doesn't fit the MO that most of those annoying windows I/E infections usually employ.

Peace

This problem is being caused by TDSSserv.sys, which is a system driver that is forcing redirects to your own system. It is hidden so normal directory scans won't find it.
Here is what you need to do:

Go to Start, then Control Panel, then System, then Hardware, then Device Manager, then View, then Show Hidden Devices.

Scroll down to Non-plug and Play Drivers

Click + to expand them.

Find TDSSserv.sys

If it is there, that is your problem.

Now right click and DISABLE it.

DO NOT UNINSTALL IT, because the virus will simply reinstall it again.

Then reboot. The problem should go away.

Well this is happening again. I tried to find the culprit according to Profemeritus but I couldn't find the one entry that he said was responsible. This is a huge problem affecting many, many users not just while on ATS, but other sites.

Can anyone at all shed some light on what the fix or problem is. I see many suggestions saying it is this or that, but nothing seems to get rid of the problem.

Why isn't there more information online about this? Someone please post the solution.

reply to post by ProfEmeritus

Find TDSSserv.sys

thanks for the instructions to look for that but...

i don't have that on my list and ... i have not been redirected at all since yesterday.

so this confirms for me that i do not have a virus or malware

Originally posted by lernmore

Not to deflate your overactive ego here, but you're making assumptions. The redirect is also happening to experienced linux users who don't install "uncounted toolbars" or click on shoot the duck ads.

It's more than likely just a bad script that one of the ads here uses to gather info for storage in an sql database, or something similar. Accidental or intentional, it's still annoying and wouldn't hurt to have it looked into.

It's a full redirect and not a pop-up, so it doesn't fit the MO that most of those annoying windows I/E infections usually employ.

Peace

I didn't mean to sound egotistical, but after more than a decade of fixing just these types of problems----and paid well to do so-- I DO know of what I speak.
Just the fact that I don't get these problems should indicate that I probably know a bit about configuring security.
But even if you still think I am full of puffery, please take point #1 to heart.
A very large percentage of surfing problems can be eliminated by not using I.E, and the rest (except for rare occasions, as bugs are constantly evolving) can be eliminated by using a AV or AS/AM prog that requires your input before installing or changing any files or programs.
Spybot S&D has a very nice "immunize" feature that can prevent browser hijacks, and several AV products contain safe search/surf protection.

My current config for surfing safely includes Firefox browser with the NoScript plug and AVG Internet Security, though I have evaluated security progs from AVG to Zone Alarm over the years.
If you are running a Unix based O.S and getting these problems, I don't know what to tell you. An experienced alt. OS user should be able to prevent or fix these easily.
As for bad script for collecting info, sorry---doesn't cut it, a redirect script is a different animal.
Sounds more like "Cool Web Search" or the like, and as the site owners and numerous users indicate they are not having this problem, it appears to be hosted on individual users systems.
Though it is impossible to tell without actually having the offending system at hand, the fact it is not site wide to all users makes my assumptions very viable.
And btw, a full redirect is exactly what the vast majority of IE malware employs. Revenue generation from ads is a prime mover, and if you can get more people to go to your page, you make more money. The more sinister redirect you to driveby download sites to install PW stealers and trojans.

reply to post by gotrox


I agree with gotrox. Even a full redirect can be done by spyware/malware. There are many that do full redirects when you try to go to certain websites. Smitfraud and Vundo variants do full redirects to antivirus 2009.
If you attempt to go to www.safer-networking.org... and lavasoft.com the spyware/malware will redirect you to their own 'antispyware' garbage.

As for linux users I would assume you are still able to be susceptible to _javascript attacks. Which is how much malware is installed. I know linux is susceptible to root kits and now 2 viruses. So I can't say with any uncertainty that they are also susceptible to malware/spyware or at least redirects.

No Script for Firefox is the best add on to have in your spyware arsonal. It gives you full control over who and where a java script is allowed to run.

Also, on the windows side, other than Spybot S&D immunize feature download and us Spywareblaster. It's the immunize feature on steriods and it's free.

Originally posted by gotrox
As for bad script for collecting info, sorry---doesn't cut it, a redirect script is a different animal.

Redirects are no big deal actually, I've been writing code for more than a dozen years and use them all the time. In one case, while converting a site from htm to php, the owner wanted to maintain their old host while gathering browsing habit data while the work was in progress. A simple redirect and back allowed me to make use of the php/mysql for future use.

I didn't elaborate on the type of script (php, _javascript, perl, activeX, dhtml etc.) that actually triggered the redirect, but still maintain that I suspect an AD here on ATS, as it only happened on this site a couple times. (no rootkits found, and frssh java install)

After posting yesterday I did see a new interesting thread topic however...

Literally millions of internet users are occasionally being redirected away from the site they are browsing to an offsite webpage. The pages are usually a search results type page like yellow pages with a search filled in that you didn't even search for. Sometimes it is local search results for the city you reside in. I have also heard about being redirected to a porn results webpage. This is affecting more than just ATS sites, it has happened several times while playing poker on pureplay.com, and while browsing other webpages. This is happening to millions even with the most up to date anti-virus and anti-spyware protecting their computers.

www.abovetopsecret.com...

Not sure what to make of that, as it only happened twice yesterday here on ATS, and not since. I didn't have the noscript addon enabled however.
I'll reinstall the browser, java, and enable the plugin just for good measure. I suspect that will be the end of it.

Peace

Originally posted by Walkswithfish
reply to post by easynow

 

Same thing happened to me just moment ago, when I hit the back button I was back on ATS for a moment then it did it again.

No warnings or alerts, nothing in the logs... I did grab the URL that I was redirected to:

www.rewardsadvantage.us.com...:186943:

I got redirected to the exact same site and I'm using Opera.

Redirects are no big deal actually, I've been writing code for more than a dozen years and use them all the time.

A HA!!!
We've found the culprit who haz been messing up teh internets since windows 95!

reply to post by gotrox


Ah ha! I think a public lynching is in order here.

Life in an afghan prison if he was involved in the script that will not let you escape a web page once you are there.

That has happened several times today while surfing some blog sites, one of them was a page I was redirected to (advertisement)...

Originally posted by gotrox

A HA!!!
We've found the culprit who haz been messing up teh internets since windows 95!

Actually, it was windows 3.1 when I made my first web page
We used to fly simulators online even before that. DOS Rules!
Kids are spoiled these days,it used to be you had to do things the hard way.
autoexec.bat...config.sys...highmem
Back then if you had 16 megs of RAM you were the envy of the block.
I think I still have my first 286 in storage somewhere.
Anyone remember Kali, Kahn? Hehe my ICQ number only has 5 digits...god I'm old! Thanks for reminding me.

Edit to add: It was an accident, I swear! Doesn't intent come into play when determining guilt? Statute of limitations maybe? There has to be a grandfather clause in there somewhere..you know...when we still had RIGHTS!


P.S. Do not hit your BACK button!



[edit on 8-2-2009 by lernmore]

16 whole megs of ram?
And I'll bet you had one of those massive 640 meg HD's too.
Damned rich people.

I had to make do with a TI99 and a tape drive.