Suspicious browser redirects

[opethdisciple]

This morning/afternoon, Im quite suspicious about some of the behaviours of my pc.

I've had 3 redirects to dodgy sites in the space of 1 hour.

Computer is clean! I've scanned it and it's cleaned, fully patched up etc...

I was browsing the gigabyte website looking at drivers, then a separate Japanese bride website loaded, I was on the nvidia site and fake update your Firefox page loaded, and I was just on the bbc website left it ideal for a min and came back to a 'update your java' fake page.

I’m fairly* confident my pc is clean, but what could be causing these redirections?

(I scaned it using MSE)

 

[d_brennen]

Malwarebytes that mofo. If you're using IE, have a word with yourself. After it's cleaned up, install Adblock Plus

 

[Steampunk]

(I scaned it using MSE)

There's your problem right there. Try using MalwareBytes, Combofix or something decent. You sure you haven't installed some toolbar/adware kind of thing?

 

[KIA]

Any browser plug-ins and extensions loaded?

 

[opethdisciple]

In the end I believe it's the page I am visiting, as the same thing happens at work.

I believe newsnow has some random redirections... (unless its the gigabyte site causing the problem)

It's not very consistent tho.

 

[Steampunk]

There were some malware redirects being served by Yahoo supplied ads over the Christmas/New Year period.

 

[KIA]

In the end I believe it's the page I am visiting, as the same thing happens at work.

Highly unlikely. You shouldn't be seeing these things on the BBC and NVIDIA websites.

 

[Raumarik]

Listen to KIA buddy, this is unusual behaviour, get scanning with Malwarebytes, only takes 10 mins to download, update and run.

Then make a cuppa

I'd be surprised if there wasn't a couple of entries in the add/remove program control panel for toolbars though.

 

[d_brennen]

If it's happening in two locations, it's worth looking at browser extensions. Chrome in particular, synchronises addons. Are you logged into Chrome by any chance?

 

[linktoinsanity]

(I scaned it using MSE)

Errr....

I'd suggest using another antivirus (I use Avast personally) as well as checking browser extensions and running Malwarebytes as well. It is not the websites you are using, especially not the BBC or Nvidia sites as otherwise there would be much wider reports.

 

[ShakenNstirred]

Its not the sites I went on to them and nothing happened in ie11 and chrome


Posted from Overclockers.co.uk App for Android

 

[FoxEye]

Errr....

I'd suggest using another antivirus (I use Avast personally) as well as checking browser extensions and running Malwarebytes as well. It is not the websites you are using, especially not the BBC or Nvidia sites as otherwise there would be much wider reports.

I switched a couple of people onto MSE (because it's quick, free and unobtrusive for the user), and it's let things through.

Whilst no AV is 100% effective, I don't think I trust MSE any more than AVG to be honest.

I'm using it on my machine at home, but that's because I'm reasonably confident in my own ability not to introduce malware onto my machine

For anyone else, I'm going back to Avast or Avira. Although both are a pain in terms of asking users to upgrade manually, or asking them to renew their (free) licence, or other crap. Or serving ads :/

 

[Rainmaker]

ADWCleaner is what you need. MalwareBytes won't hurt, either, but it's rather ineffective against the types of toolbar, search and page hijacks that this type of malware tends to bring to the party. ADWCleaner will sort it out in no time. Also while Kia disagrees with me, I find MSE about as useful as a wet tissue. It consistently fails (and comes dead last) in AV-C, AVTest etc.

 

[Steampunk]

Good AVs can be had pretty cheap. I just bought a 1 year/3 PC Kaspersky Internet Security for less than £20. £6.66 per PC for a years subscription is not a lot as part of your general anti-malware armoury. Relying on the most basic free product or included MSE is a bit of a false economy if you do get caught out.

At the least it's wiping and reinstalling your system, at the worst it's identity theft and empty bank accounts to deal with.

 

[Surfer]

i think this fake java thing is doing the rounds again.

A quick Google search for the IP address listed in the attack ("69.162.111.227") shows that this is a very recent breach in one or more ad networks that is affecting a large swathe of websites and not just the Nexus. As such, we're going to disable our ad code tonight and then re-enable it tomorrow at some point when, hopefully, the attack will have been patched up and fixed where ever the breach has happened in one or more of the ad networks.

Taken from Nexusmods forums. Im getting the redirect from the site itself directly so unable to download any Skyrim mods
Note just 2 days prior i was able to download mods no problem.

But i am currently checking each of the mods i downloaded to see if something was injected maybe....

Already done pc antivirus scan, malwarebytes scan, HitmanPro scan, checked chrome extensions, checked for adware in installed programs. Found nothing.

 

[CaNsA]

As above, Malware bytes.

But use it along with Spybot search and destroy 1.6.2. and let Spybot immunize your system.

The hosts file helps protect you from loadsa guff.

 

[Surfer]

Its not my pc.

Have done the following in safe mode.

av scan
MalwareBytes
HitmanPro
Spybot search and destroy

found nothing. Dont think its my pc its some websites being affected.

 

[opethdisciple]

This has disappeared for me now. Haven’t seen it for a while. It's the websites not your computer dude.

I’m as certain as the next man that my PC is malware free.

 

[KIA]

Its not my pc.

Have done the following in safe mode.

av scan
MalwareBytes
HitmanPro
Spybot search and destroy

found nothing. Dont think its my pc its some websites being affected.

Are you running adblockplus?

 

[mmj_uk]

A lot of sites over the last few days have been showing adverts which trigger this, as long as you don't download and run the .exe you should be okay at your end.