Constant redirects

Avatar

Please consider registering
Guest

Search

— Forum Scope —






— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

Register Lost password?
sp_Feed sp_topic_old
Constant redirects
Avatar
carbonterry2
Member
Forum Posts: 239
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
1
May 5, 2011 - 12:51 am
sp_Permalink sp_Print

My friend is running XP SP3, FF 3.6.xx
We've run Mals, AVG, MSE etc.
When doing a search he clicks on a link he is redirected to a page titled "Jump" instead of what he had selected.
What am I missing?

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
2
May 5, 2011 - 4:24 am
sp_Permalink sp_Print

Hey CT - IMO this is definitely malware, most likely a persistent rogue cookie. I would suggest to keep trying with different scanners; try [url=http://www.superantispyware.com/:1ma0ox6v]SUPERAntiSpyware[/url:1ma0ox6v] and [url=http://www.microsoft.com/security/scanner/en-us/default.aspx:1ma0ox6v]Microsoft Safety Scanner[/url:1ma0ox6v].

What browser is being used by default?

Once we get that information we may be able to suggest using settings to ban cookies from certain sites.

Cheers....Jim

Avatar
carbonterry2
Member
Forum Posts: 239
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
3
May 5, 2011 - 11:15 am
sp_Permalink sp_Print

Firefox 3.6.?? is the default browser.

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
4
May 5, 2011 - 11:48 am
sp_Permalink sp_Print

Okay CT - The difficult aspect of this is trying to identify which cookie(s) are to blame.

Open Firefox and go to [b:2undf4ak]Tools>Options[/b:2undf4ak] and then open the [b:2undf4ak]Privacy [/b:2undf4ak]tab.

Now you will see options for handling cookies. Click on the [b:2undf4ak]Show Cookies[/b:2undf4ak] button and review what is listed there.

There are a couple of things you can try:

Delete all cookies and then disable the options to [b:2undf4ak]Accept cookies from sites [/b:2undf4ak]and [b:2undf4ak]Accept third-party cookies[/b:2undf4ak]. See if that stops the 'jumping'. There will be side affects with those options disabled, not serious ones; log-on to 'member' sites will not be persistent so the user will need to log-on each visit. Other user-specific settings will be lost. But it should also let you know if a cookie (or cookies) are responsible.

*You can use the 'exceptions' feature to "allow" known safe cookies, and particularly those which are related to sites which require log-on (while still blocking all others).

Or, if you can identify the rogue cookie(s) you could leave those options enabled and just "Block" the rogue cookie(s) via the 'exceptions' feature.
[click on the[b:2undf4ak] Exceptions [/b:2undf4ak]button to access that feature]

Did you find anything with the other scanners?

Cheers....Jim

Avatar
carbonterry2
Member
Forum Posts: 239
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
5
May 5, 2011 - 11:54 am
sp_Permalink sp_Print

Thanks Jim,
Using Mal's we found 3 trojans and deleted them.
I will try the cookie method later today.
Thanks for your time & expertise.

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
6
May 5, 2011 - 11:59 am
sp_Permalink sp_Print

You are most welcome CT.

Let us know how you get on please.

Avatar
carbonterry2
Member
Forum Posts: 239
Member Since:
February 17, 2010
sp_UserOfflineSmall Offline
7
May 5, 2011 - 11:43 pm
sp_Permalink sp_Print

Tonight I ran Super Anti Spyware after deleting cookies thru the Tools/Options menu.
The computer had a bit under 2,000 warnings !!!!
I deleted those and all seems to be working OK now.
Thanks for the help.

TRW/CT

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
8
May 6, 2011 - 5:49 am
sp_Permalink sp_Print

SUPERAntiSpyware Does It Again!!!!!!

Great to hear all is now well CT. Thanks for letting us know.

Avatar
Flying Dutchman
Member
Forum Posts: 278
Member Since:
September 2, 2010
sp_UserOfflineSmall Offline
9
May 6, 2011 - 4:53 pm
sp_Permalink sp_Print

Glad to hear you managed to solve the issues, carbonterry2.
Since your friend uses Firefox, he could install a cookie managing addon, that'll allow him to easily manage cookies from the status bar without having to go through Tools>Options>Privacy.

People often argue that Malwarbytes' is superior to SUPERAntiSpyware, but from my experience, the best practice is to keep them both as they seem to nicely complement eachother.

Jim, have you tried out Microsoft Safety Scanner? Opinion?

I am human

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
10
May 6, 2011 - 5:38 pm
sp_Permalink sp_Print

[quote:evn8glzp]People often argue that Malwarbytes' is superior to SUPERAntiSpyware, but from my experience, the best practice is to keep them both as they seem to nicely complement eachother.
[/quote:evn8glzp]Agree 100% FD. There is nothing to pick between them, both are excellent. SAS will often flag more items after MBAM has cleaned and MBAM will often flag more items after SAS has cleaned, so to argue over which is best is pretty silly. As with all such security products conventional wisdom applies; no single program is going to identify 100% all malware.......but these two come closer than most.

[quote:evn8glzp]have you tried out Microsoft Safety Scanner?[/quote:evn8glzp]
No, I haven't FD. Haven't actually been presented with an infected machine for some time......my 'clients' must be getting the message...finally!!! LOL

MS Safety Scanner does not operate in quite the same manner as the other two. Before using either SAS or MBAM all one need do is update the definition database (unless, of course, there has been a major program update in the meantime). However, MS Safety scanner expires every 10 days, after which time the user needs to download the full program all over again. The download is 70+ MB, so MS Safety Scanner is definitely a ....download on-demand only proposition.

Cheers.....Jim

Avatar
Flying Dutchman
Member
Forum Posts: 278
Member Since:
September 2, 2010
sp_UserOfflineSmall Offline
11
May 6, 2011 - 6:17 pm
sp_Permalink sp_Print

Hi Jim,
[quote:3rzc5b9x]but these two come closer than most[/quote:3rzc5b9x]
I also have Hitman Pro (the quick scan is unbelievably ... quick ) due to the variety of scan engines it uses.

MS Safety Scanner sounds a lot like in the lines of Dr.Web CureIt! I always wondered about this type of scanners, does the scan engine update that often that you need to redownload the whole thing every time?

I think Malwarebytes', SUPERAntiSpyware and Hitman Pro are arsenal enough.
Of course, as Dave once said:
[quote:3rzc5b9x]The number 1 security tool you have available at any cost? The one between your ears![/quote:3rzc5b9x]

I am human

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
12
May 6, 2011 - 7:36 pm
sp_Permalink sp_Print

[quote:37p8lzbm]Of course, as Dave once said:

The number 1 security tool you have available at any cost? The one between your ears![/quote:37p8lzbm] Yes, Dave tends to use all my best material!!

[quote:37p8lzbm]I also have Hitman Pro[/quote:37p8lzbm]
But it is not free, at least not for removal....is it?

[quote:37p8lzbm]I always wondered about this type of scanners, does the scan engine update that often that you need to redownload the whole thing every time[/quote:37p8lzbm]
I believe it has something to do with portable versus installed (both Dr. Web & MS Safety Scanner are portable). Although, why the portable apps could not include a button link to manually download updates is beyond me.

Avatar
Flying Dutchman
Member
Forum Posts: 278
Member Since:
September 2, 2010
sp_UserOfflineSmall Offline
13
May 6, 2011 - 7:49 pm
sp_Permalink sp_Print

[quote:3rue17fs]Yes, Dave tends to use all my best material!! [/quote:3rue17fs]
Copyright dispute?

[quote:3rue17fs][quote:3rue17fs]I also have Hitman Pro[/quote:3rue17fs]
But it is not free, at least not for removal....is it?[/quote:3rue17fs]
No, removal is not free. I regard it as a reliable "scanner", though it never came up with anything. If it would, I'd use another app for removal, preferably the one using the engine that caught the baddy in the first place.

[quote:3rue17fs]I believe it has something to do with portable versus installed.[/quote:3rue17fs]
You're probably right here, now that I think about it, even SUPERAntiSpyware portable needs to be downloaded each and every time. But, since I'm not a programer, can't say if and how difficult it would be to just update the defs.

I am human

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
14
May 6, 2011 - 8:12 pm
sp_Permalink sp_Print

[quote:18shybzp]since I'm not a programer, can't say if and how difficult it would be to just update the defs[/quote:18shybzp]
Me too, but I use Sumatra portable for simple PDF reading and whenever that starts it offers me updates (if/when there is one available). So I can only assume it would be feasible and not too difficult.

Avatar
Chad Johnson
Mod
Forum Posts: 867
Member Since:
August 11, 2011
sp_UserOfflineSmall Offline
15
May 6, 2011 - 10:08 pm
sp_Permalink sp_Print


Me too, but I use Sumatra portable for simple PDF reading and whenever that starts it offers me updates (if/when there is one available). So I can only assume it would be feasible and not too difficult. [/quote:23o4yfss]

I'm not really a programmer, but I would imagine that the updates Sumatra is offering are just downloading replacement a replacement file as well. When you have an all in one portable file, it's very very difficult to update specific portions of it without simply replacing it.

Forum Timezone: America/Indiana/Indianapolis

Most Users Ever Online: 188

Currently Online:
15 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Member Stats:

Guest Posters: 10

Members: 1272

Moderators: 3

Admins: 4

Forum Stats:

Groups: 8

Forums: 19

Topics: 1538

Posts: 11824

Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas

Moderators: Judy Novotny, Jason Shuffield, Mail Poet