Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×
Our Newsletter now includes a Sunday edition! Stay updated 7 days a week!

Anyone know about parking.ps/ virus?

davejonesbkk

By davejonesbkk
in IT and Computers

 Share

Recommended Posts

davejonesbkk Gold Member

davejonesbkk

Posted
Posted

Seems I have acquired a browser virus in the last 24 hrs or so, randomly websites redirect to http://parking.ps/, there doesnt seem to be any pattern on how or why, I have noticed that in the last hr its only been doing it in Google Chrome incognito mode while normal mode has been fine.

Ive been Googling and most of the results ask me to donwload a program to clean it which looks very suspicous to me eg:

http://www.cleanpcguide.com/remove-parking-ps-removal-guide-how-to-remove-parking-ps/

Ive been trying to follow the manual instructions to but I havent been able to find any evidence of Parking.ps in my installed programs or processes etc

  • Replies 88
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

RedCardinal Advanced Member

RedCardinal

Posted
Posted (edited)

What ISP are you with.

I'm also seeing this, but it's affecting all devices in my home so I suspect it's a DNS hack. I'm on True cable.

PS do not download anything that looks dodgy - it will probably just double your pain. Stick to MalwareBytes or well known Malware/AV vendors only.

PPS CCleaner doesn't fix malware, ans Adaware wouldn't be a very good anti-malware program IMO.

Edited by RedCardinal
Silurian Advanced Member

Silurian

Posted
Posted

I am getting the same thing across Chrome, Firefox and IE. It appears to be some sort of redirect. From what I researched, it is either a DNS hack, a WEB site hack, flash or javascript hack. One thing that seemed to help me was to clear the cache, history, etc of each browser.

RedCardinal Advanced Member

RedCardinal

Posted
Posted

I am getting the same thing across Chrome, Firefox and IE. It appears to be some sort of redirect. From what I researched, it is either a DNS hack, a WEB site hack, flash or javascript hack. One thing that seemed to help me was to clear the cache, history, etc of each browser.

Who's your ISP? What DNS servers are you using?

Silurian Advanced Member

Silurian

Posted
Posted

I am getting the same thing across Chrome, Firefox and IE. It appears to be some sort of redirect. From what I researched, it is either a DNS hack, a WEB site hack, flash or javascript hack. One thing that seemed to help me was to clear the cache, history, etc of each browser.

Who's your ISP? What DNS servers are you using?

Using True for ISP. I am using Google DNS (8.8.4.4) as my primary DNS and asianet DNS (203.144.207.49) as my secondary DNS server.

After clearing my browser data, I haven't seen the redirect in the past 30 minutes.

I also cleared my cached DNS by issuing "ipconfig /flushdns" in a windows command prompt. But that didn't seem to help.

davejonesbkk Gold Member

davejonesbkk

Posted
  • Author
Posted

IM on True cable also, it only started around 24-36 hrs ago for me, I had downlaoded divx.com free trail just before that but I doubt from there, not done much else different really.

Interesting that other people are getting it and also on True. Im using opendns like always, I did a full cache clear etc an hr ago and after that it seems that this is now only happening in the incognito mode of chrome which is very weird.

I will try flushdns now myself and MalwareBytes.

So I guess if no evidence of it on my actual computer (none so far) then its a DNS hack? If so how worried should I be about passwords etc?

RedCardinal Advanced Member

RedCardinal

Posted
Posted

Lots of Thai users also getting this over on Pantip. Only ISP mentioned is True, so I reckon this is either something that's sitting on their caching servers, or some stupid change they've made.

A couple of years ago they got caught red-handed injecting their own ads into Youtube pages. Suffice to say Google security people were none too happy with them, and it stopped very quickly after Google were alerted.

I use True with Google DNS, cleared caches and still getting it. Will try True proxy to see if that fixes it.

RedCardinal Advanced Member

RedCardinal

Posted
Posted

Open a command prompt and type NSLOOKUP

Then enter a site that's giving you this problem and see what answers.

e.g. www.ibm.com

Won't work. Sites are loading fine, but then redirected after a short delay. It may be an ad network, although I've now seen it on a page without ads. Debugging this is very hard since the redirect is probably being loaded asynchronously into the page, so wont appear in the initial page collateral. Still looking for the actual redirect...

muratremix Gold Member

muratremix

Posted
Posted

I'm also having this problem and using True Ultra cable internet, however I'm not using ISP DNS servers. I use google dns, and now I use local dns server (on Synology Nas) which has no effect. Problem is, I got this redirects on iPad, not my windows laptop. So I found adblock for safari on Jailbreak and installed it, problem solved. I have adblock on firefox so it was blocking this hijack somehow.

It is very annoying and I hardly understand how can they mess things up like this?

muratremix Gold Member

muratremix

Posted
Posted

Oh, I forget to mention. I had this annoying redirects on iPad even when I use a personal proxy server (proxy resolves DNS queries so it should prevent redirects). So problem mostly lies on hacked internet infastructure of True internet.

partington Gold Member

partington

Posted
Posted (edited)

Definitely not a virus. I got this yesterday on a MacBook Pro. Others are getting it on Windows, still others on the iPad OS. Unlikely a virus on three different OS.

The common link is everyone reporting this has True as their ISP, so it's likely something they've done, or security they have failed to do.

Edited by partington
chuckygobyebye Senior Member

chuckygobyebye

Posted
Posted

We have two True cable connections for the office and a backup 3bb ADSL line. We're not getting the effect when we're on the backup line.

I can reliably reproduce the effect with news.bbc.co.uk and linkedin.com, doesn't happen on any https sessions, so it's code injection somewhere along the line.

elfpattaya Senior Member

elfpattaya

Posted
Posted (edited)

I also had this problem, maybe something to do with True ?? Found it very annoying. Tried Avast, Malware Bytes, SUPERantispyware and tried removing it manually but no joy.

I found that both Chrome and Firefox have an Add On called "HTTPS Everywhere". I installed this and it seems to have cured the problem.

Edited by elfpattaya
Chicog Star Member

Chicog

Posted
Posted

Switching to True's Proxy also resolves this issue. Not a great solution, but at least until they fix it on their end it removes this painful redirect.

Perhaps that is the MICT's intention.....

  • Like 1
chuckygobyebye Senior Member

chuckygobyebye

Posted
Posted

Problem fixed at our end.

It turns out our loadbalancer was assigning fixed DNSs to the workstations. True updated their DNSs last year or something and changed the addresses. When we switched to the new servers the problem vanished.

I expect what's happened is that True have left these creaky old DNSs on as a courtesy but haven't been patching them and they've been hacked/poisoned.

RedCardinal Advanced Member

RedCardinal

Posted
Posted

Problem fixed at our end.

It turns out our loadbalancer was assigning fixed DNSs to the workstations. True updated their DNSs last year or something and changed the addresses. When we switched to the new servers the problem vanished.

I expect what's happened is that True have left these creaky old DNSs on as a courtesy but haven't been patching them and they've been hacked/poisoned.

Don't think so. A few posters in thread use Google DNS. I do also. This is something else. I suspect that a bad file served via an ad network is probably cached in True's caching infrastructure, and that's why it keeps appearing. Either that or True are trying to do something clever and doing it really badly.

partington Gold Member

partington

Posted
Posted

Problem fixed at our end.

It turns out our loadbalancer was assigning fixed DNSs to the workstations. True updated their DNSs last year or something and changed the addresses. When we switched to the new servers the problem vanished.

I expect what's happened is that True have left these creaky old DNSs on as a courtesy but haven't been patching them and they've been hacked/poisoned.

Don't think so. A few posters in thread use Google DNS. I do also. This is something else. I suspect that a bad file served via an ad network is probably cached in True's caching infrastructure, and that's why it keeps appearing. Either that or True are trying to do something clever and doing it really badly.

Yes, I was using the Google DNS when it began for me too.

BWPattaya Gold Member

BWPattaya

Posted
Posted

I was talking to a friend last night who had the same issues. He emailed me today to say:

After praising True I think I've just realised that they were the reason why my pages were being redirected to Parking.ps, after spending most of the day trying to fix this with various antiviruses etc.
Anyway I found a cure using an Add On with Firefox and Chrome called "HTTPS Everything".
This looks like a good Add On as it opens everything on the browser securely and seems to work really well, I think I shall keep it even though True seems to have cured the problem.
HardenedSoul Platinum Member

HardenedSoul

Posted
Posted

Has True actually solved the problem, though?

I didn't have the issue on Chrome but on IE9 instead. I tried to do a system restore but although the last backups are there, this virus seems to prevent access to them via the restore function.

Does anyone have a definitive cure for this?

partington Gold Member

partington

Posted
Posted (edited)

It's NOT a Virus!!!!! It's originating from something within the True servers.

AdBlock may possibly stop it as it seems to be some kind of flash ad loading then redirecting when the flash fails to open (somewhat guessing here).

You can read about parking domains here http://en.wikipedia.org/wiki/Domain_parking

It seems like someone has set up a link to an ad that fails to open, and this is designed to redirect your browser to a site which someone gets money for hits on?

Edited by partington
sfm Explorer Member

sfm

Posted
Posted

PS do not download anything that looks dodgy - it will probably just double your pain. Stick to MalwareBytes or well known Malware/AV vendors only.

PPS CCleaner doesn't fix malware, ans Adaware wouldn't be a very good anti-malware program IMO.

That is a damned important piece of advice!

Got the problem myself, and googling for it took me to a number of websites.

Some of them just suggested downloads, some others suggested a manual removal method first that appeared to deliberately make things so complicated that nobody will try it.

If you download solutions from companies you don't know, yes, you are in for it. Fake virus-removers are the oldest trick in the book.

Clearing all history seems so far to have fixed it for me.

I agree with those who say it may be a problem outside the PC.

kotsak Gold Member

kotsak

Posted
Posted

Occurred to me also on two different computers. LinkedIn website seems to always redirect to parking.ps. Looks like there is a Google URL shortener that is responsible for the redirect.

Tried different DNS servers but it made no difference..

ignis Ruby Member

ignis

Posted
Posted

The only time I ever see it is on here.......... like a few seconds ago....

All webpages load as soon as I click them, just ThaiVisa takes it time loading and in the waiting this parking website replaces the ThaiVisa page that is trying to load...

It has appeared a few times but only ever on ThaiVisa

I just thought it was yet another ThaiVisa problem........... getting so used to a ThaiVisa problem being fixed which causes another problem or 3...... so appear this Parking thing is not from ThaiVisa ? and maybe from TRUE.... True + Google DNS

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






ASEANNOW

ASEANNOW (formally ThaiVisa) is Thailand's oldest and most popular expat and foriegner forum. Sign up today and have your say!

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...