A place to keep my work.
All three browsers affected. Firefox, Internet explorer and Chrome......JEEZ!!!
Published on February 16, 2012 By Uvah In Personal Computing

     Yesterday it was an issue with Windows update. I thought it was solved. It started out with two of my browsers not loading correctly. Today however its something more serious. IE, Chrome and FF are all being redirected to the Comcast billing site. No matter what link I click on or site in my speed dial they all go to Comcast. I believe it started when I opened yahoo. There was an ad on the page for comcast that didn't fully load. When I clicked on mail it started. I ran all of my utilities thinking I caught a bug but neither of them found anything. I opened MalwareBytes to run that one and as usual it needed to update its virus definitions, no problem as I've done that many times before. This time though an error message came up saying that there are files missing or corrupt. So In uninstalled MalwareBytes hoping to go for a fresh install. No go.

     I used the system restore and took my laptop back to the 13th. thinking whatever is on it would be gone. Nope! Its still there and when I tried to open Windows update another error message saying it cannot access any updates. Windows update is not working, browsers are being redirected, uninstalling FF and rolling back to a previous version didn't work. Right now I can't use my laptop at all on the net. Is anyone else having this issue with browsers being redirected or is it a bug on my system. The only thing I can think of to do is use my rescue disk and pray it works. 


Comments (Page 1)
7 Pages1 2 3  Last
on Feb 16, 2012

It does sound like some 'heavy duty' mischief is taking place.  Sorry to hear this.  I believe you know what you are up against, unfortunately it sounds like a clean install might have to be done. 

Someone like yrag will see this and I'm sure be able to help.

on Feb 16, 2012

Who is your ISP?

If it is comcast then it may be they believe you have not paid your bill or have used too much bandwidth and so are directing you to that page.

EDIT : As DrJBHL correctly points out below, you should be very careful it is not some sort of scam site trying to get your private info.

on Feb 16, 2012

It started out with two of my browsers not loading correctly. Today however its something more serious. IE, Chrome and FF are all being redirected to the Comcast billing site.

Do as Neil suggests, but make sure that's the real Comcast site, Uvah. Check the url, and make sure it's https.

on Feb 16, 2012

DrJBHL
It started out with two of my browsers not loading correctly. Today however its something more serious. IE, Chrome and FF are all being redirected to the Comcast billing site.

Do as Neil suggests, but make sure that's the real Comcast site, Uvah. Check the url, and make sure it's https.

Good point.  It could be a hack to redirect you to a site to harvest your private info.

If it is just happening on the one machine then I would assume something has compromised the entire machine and a wipe and reinstall is probably the best policy.  Afterall if it has messed with dns, who knows what else it has messed with that you do not know about...

on Feb 16, 2012

Will the rescue disk do it as that is the only disk I have for the laptop. Either that or use the Win7 Pro disk I have and no, I don't have Comcast. Don't have a TV either. My ISP's are all hotspots around town. Oh and it is a https. I did notice that the only thing it asked for is a phone number. Then a button to 'mt account'. That parts funny as hell as I don't have one. Gonna visit the little boys room and get started but first ..... need to back stuff up. I'll let you know how it works out.

on Feb 16, 2012

Will the rescue disk do it as that is the only disk I have for the laptop. Either that or use the Win7 Pro disk I have and no, I don't have Comcast. Don't have a TV either. My ISP's are all hotspots around town. Oh and it is a https. I did notice that the only thing it asked for is a phone number. Then a button to 'mt account'. That parts funny as hell as I don't have one. Gonna visit the little boys room and get started but first ..... need to back stuff up. I'll let you know how it works out.

If your ISPs vary, have you tried picking a different wireless network in case the one you are using is broken?

on Feb 16, 2012

One of the Hotspots may be the villain.

on Feb 16, 2012

A lot of the trends now--though they are still small in number--is "extortionware".  Your machine is infected and you're directed to a site to purchase "remedy software".

I'd contact your cable company and ask for input.

on Feb 16, 2012

There is no cable company. That said, I found this or rahter MSE grabbed this as I was doing a backup. Idiot that I am I ran all but MSe on my machine. Right now I'm using the Acer. Here's a screenshot.

on Feb 16, 2012

HijackThis may be able to find your problem...unless your IIS got screwed, I'm not sure what could be re-directing all URL's.  Have you tried connecting directly to an IP address?  208.185.127.40 is the IP address for About.com, you may want to see what happens

on Feb 16, 2012

There is no cable company. That said, I found this or rahter MSE grabbed this as I was doing a backup. Idiot that I am I ran all but MSe on my machine. Right now I'm using the Acer. Here's a screenshot.

How did I know.

Uvah... get busy changing all your email/etc. passwords.

Keep a very close watch on your credit card account/s. Consider changing the card/s number/s.

on Feb 16, 2012

Have MSE remove. Disable Backup and Restore and re-enable. Control Panel/ Java/ Clear Temporary files cache. Un-install Java.

Re-boot and install: http://www.oracle.com/technetwork/java/javase/downloads/index.html

 

That said, personally, I don't think you're going to recover this to normality....or at least anything you can trust.

on Feb 16, 2012

Have MSE remove. Disable Backup and Restore and re-enable. Control Panel/ Java/ Clear Temporary files cache. Un-install Java.

Re-boot and install: http://www.oracle.com/technetwork/java/javase/downloads/index.html

 

That said, personally, I don't think you're going to recover this to normality....or at least anything you can trust.

I agree. The Java vulnerability has been exploited... and there are many variants of that baddy.

Needs a total, really low level wipe and reinstall and use only the latest Java.

Reinstall only what you really need.

I wouldn't trust any backups... unless made on an external drive well before any of this started happening.

Before doing the wipe, Uvah... give RefreshPC a shot. It's free. http://www.xp-smoker.com/refreshpc.html

 

on Feb 16, 2012

Well, as now, there is around 400 million computer infected with the virus DNS changer... now, internet browser is redirected randomly at various time to other site... but the 7 March 2012, FBI will shutdown the fake DNS server that they have setup in 2011 when they have arrest the hacker, result will be that people who are infected will not be able to surf the internet at all after the 7 March 2012... 

For test if you are infected, go to http://www.dns-ok.be/ ... if you have a big green "V", everything is ok... if you have a big red "X", it mean that you are infected... in case of infection, there is info and link for removal tool... sorry, it is in French of Dutch...  more detail at http://www.dns-ok.be/dnschanger_fr.html ...

Well, you have maybe not these virus but your symptom are very similar...

If is always useful to have something like SARDU ( sardana antivirus rescue disk utility ) near you... for SARDU, go to http://www.techmixer.com/multiple-antivirus-bootable-rescue-cd-utility-shardana-antivirus-rescue-disc-utility/ or for SARDU2, go to http://www.techmixer.com/sardu-2-create-multiple-antivirus-utility-rescue-disk-usb/ ...

With SARDU2, you have :

- Antivirus Rescue Disk: Avira AntiVir Rescue System, BitDefender antivirus Rescue CD, Dr.Web Live CD, PC Tool AOSS, AVG Rescue CD, F-Secure Antivirus Rescue, GDATA Rescue CD, Kaspersky ‘Kav Rescue CD’ and Panda Safe Cd.
- Utility: Floppy win98SE, Gparted, NT password Recovery, Parted Magic, Ophcrack, Redo Backup Live, Trinity Rescue CD, System Rescue CD, Ultimate Boot CD and CloneZilla.
- Linux: Austrumi, Damn Small Linux, LiMP, Puppy Linux, xPUD, ubuntu, kbuntu and Slax.
- Windows PE: LiveXP, MegalabCD, WindowsPE, UBCD4WIN, and VistaPE. 

A other good one is Trinity ( http://www.techmixer.com/repair-and-rescue-windows-os-using-trinity-rescue-kit-live-cd/ ) :

"Inside the live CD. you can see a lot of tools like resetting password tool that allow user restore and clear the password of windows and Linux operating system which user can set the password as they want on next OS login. Meanwhile, a tools to remove viruses which it equipped with 4 different virus scan products (ClamAV, AVG, F-Prot, BitDefender) integrated in a single uniform command line with online update capability.

Plus more, it can simple allocated all local files system with a simple script entry and then clones an NTFS partition to another PC over a network, a mass undeleter that tries to recover every deleted file on the drive. In addition, Trinity Rescue Kit (TRK) Live CD also provides for recovering data off a formatted or dying disk, two tools for fixing master boot record repair programs, and hardware diagnostics.

This Trinity Rescue Kit live CD can be bootable within three method like burn into ISO files, USB stick installable or network over PXE.

The best part of this Trinity Rescue Kit live CD can use on all windows and Linux to for repair and rescue purpose."

As you can see, the recent trend in rescue boot CD/DVD/USB is to be Windows/Linux compatible... beware that these linux/windows version are minimal with only diagnostic/repair tool... similar CD/DVD/USB exist for other task like by example diagnose and test a network for security... personaly, i think that they are a must have for any owner of computer... don't wait until you cannot boot anymore for think about these tools...

on Feb 16, 2012

Thoumsin we already know which virus... look at the screen shot.

7 Pages1 2 3  Last