December 8, 201411 yr Hi Guys, Not sure if it is just my computer but when I go to the new tech site and try to comment, I am diverted to some Russian game sites. The article I was trying to comment on was the Sony hack traced to Bkk hotel. The initial site I was directed to was: http://vktarget.ru/?ref=162125 My computer is clear with Malwarebytes (Premium) and Norton Internet Security. Cookies and browsing history has been cleared, but still get redirection. Pretty sure I am clean.
December 8, 201411 yr Author <script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script> The server is clean. I think you need to scan your device again. K, cheers George, doing that now
December 15, 201411 yr Hi. Your internet modem is hacked. Reset your modem DNS settings and clear browser cache/cookies. Choose more difficult password for your modem. Sorry for my english
December 20, 201411 yr Max is right. The hack is in your router, not your device. I got it too. Lots of people got infected recently, they seem to be TOT customers.
December 22, 201411 yr Are people with this able to reset their routers DNS entries? I have reset the routers password but cannot save the DNS setttings to my TP-Link device.
December 22, 201411 yr Author Hi Guys, With reference to posts 4 & 5 (Min Max & danbradster) this was my initial thought as well, that the router was compromised. When the initial problem started the ISP was indeed TOT but using a Cisco router and not the one provided by TOT. Checked router setup and DNS (OK) reset password and rebooted. Laptop running Windows 7 Pro, cleared caches, flushed DNS, cleared favourites (IE) and deleted bookmarks (Chrome), deleted all wireless network connections, hard boot. Still had problems with redirection. Since then til now (2 weeks) i have used a total of 18 (yes, i counted) different connections through 3 different ISP's (TOT, 3BB & True) and in more than half of these, i have used the cleaning/flushing/scanning methods, not used favourites or bookmarks, and still have the redirection problem. Chrome (default browser) was uninstalled/reinstalled as an added measure. Conclusion is that i have some nasty little bug residing somewhere on the laptop. Anyone with any suggestions would be greatly appreciated with their comments. BTW George, i believe it was only coincidental that i was on the new tech site when all this happened..................
December 22, 201411 yr Your host file might have been compromised. Have a look here http://www.dslreports.com/faq/10131
December 22, 201411 yr Author <script type='text/javascript'>window.mod_pagespeed_start = Number(new Date());</script> Your host file might have been compromised. Have a look here http://www.dslreports.com/faq/10131 Nope, thanks for the input but the host file seems ok (Windows 7 Pro): # Copyright © 1993-2009 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself.# 127.0.0.1 localhost# ::1 localhost
December 22, 201411 yr Maybe a java exploit? You could check carefully through Task Manager to see if there are any rogue processes running. If there are you may need to boot Windows in safe mode to stop that process and then delete the source.
December 22, 201411 yr Does this help? (remove vktarget virsu from your browsers) http://www.pccaretips.com/blog/best-guide-to-remove-vktarget-ru-pop-up-virus-from-browsers.html Look for the described symptoms, installed software (add ons). Makes me wonder, that your antivirus software says all clear though??? Edited December 22, 201411 yr by KhunBENQ
December 22, 201411 yr Does this help? (remove vktarget virsu from your browsers) http://www.pccaretips.com/blog/best-guide-to-remove-vktarget-ru-pop-up-virus-from-browsers.html Look for the described symptoms, installed software (add ons). It's a scam site. There are many like it. In the beginning they sound kosher but eventually you're asked to download some utility. Don't do it!
December 22, 201411 yr I agree that I would not use the "automatic" removal. But the mentioned "Snap.do" and "Sweet Packs" in the manual instructions seems to be a relevant virus/malware to be removed. I see some trustworthy (well known) sites that describe how to remove. Edited December 22, 201411 yr by KhunBENQ
December 22, 201411 yr It's the router. Classic symptoms. Anything else you are barking up the wrong tree.
December 22, 201411 yr It's the router. Classic symptoms. Anything else you are barking up the wrong tree. The op says that the problem persists even when using different connections and ISP's which presumably are not made through the same router.
December 22, 201411 yr Router or not router? Do as follows: open "cmd" prompt and enter: ping tech.thaivisa.com I get a response like this (sorry for the German language "frame"): Ping wird ausgeführt für pagespeed.googlehosted.com [74.125.200.121] mit 32 Bytes Daten:Antwort von 74.125.200.121: Bytes=32 Zeit=48ms TTL=44 googlehosted.com IP starts with "74.125" Time ("Zeit") is about 40 ms (for users in Thailand). If your response looks similar, than nothing is wrong with the router! A ping to that Russian site would give a result like this: 46.4.100.52: Bytes=32 Zeit=305ms Edited December 22, 201411 yr by KhunBENQ
December 22, 201411 yr Sounds like the OP has more than a single router in play - most likely his DSL modem is the compromised part.
December 22, 201411 yr http://arstechnica.com/security/2014/12/12-million-home-and-business-routers-vulnerable-to-critical-hijacking-hack/
December 23, 201411 yr Max is right. The hack is in your router, not your device. I got it too. Lots of people got infected recently, they seem to be TOT customers. Well today I'm also seeing these redirects on a Mac and a PC browser to the adult site. I've scanned both machines (and both OK), so I guess it's the TOT modem. Trouble is I don't have the access password, so not sure how I can actually sort it out, maybe going to TOT office would be ok, though I also do have a Cisco router, if I can get all the user account details I could use that instead. Hmm, annoying...
December 23, 201411 yr Duh. Exactly what I have been saying from the beginning. There are two routers, one being the modem, and the modem is the one compromised. Go and buy a new modem. The TOT hardware will just get compromised again. Either buy something newer, or a modem/router based on the 'DD-WRT' firmware. You then just need your DSL access name and password to configure it to properly connect to your TOT account.
December 23, 201411 yr Duh. Exactly what I have been saying from the beginning. There are two routers, one being the modem, and the modem is the one compromised. Go and buy a new modem. The TOT hardware will just get compromised again. Either buy something newer, or a modem/router based on the 'DD-WRT' firmware. You then just need your DSL access name and password to configure it to properly connect to your TOT account. Well I only just saw this thread today. Anyway I discovered that since I got the modem/router a few weeks ago, the user/password was set to admin/admin, and since this morning I've upgraded the firmware, reset to factory settings, re-entered the settings and changed the user name / password, and hey presto there's no issue now. But, yes I'll probably just buy a different modem that has better and more up to date firmware in the next few days.
December 23, 201411 yr Or, check if your modem/router can be flashed with dd-wrt firmware. Agree that a DD-WRT flashed router has a lot to offer but DD-WRT doesn't support any routers with ADSL built in. But the present ADSL modem could be put into bridge mode and teamed up with a DD-WRT router.
December 23, 201411 yr Actually, what you'd want is to have the modem set up in a static manner, hard-set the DNS in the modem (i.e. do not have it assigned by the provider), assign ONE address to your local router, again hard-code the Name Servers in the router (i.e. do not get the NS assigned from the modem or your ISP), and then use that router to manage your network.This way, you seriously minimize the chance of another compromise.or, pick up a Buffalo WBMR-HP-G300H router with integrated ADSL+ modemhttp://www.dd-wrt.com/site/content/first-adsl-router-with-dd-wrt-support
December 28, 201411 yr Hi Guys, With reference to posts 4 & 5 (Min Max & danbradster) this was my initial thought as well, that the router was compromised. When the initial problem started the ISP was indeed TOT but using a Cisco router and not the one provided by TOT. Checked router setup and DNS (OK) reset password and rebooted. Laptop running Windows 7 Pro, cleared caches, flushed DNS, cleared favourites (IE) and deleted bookmarks (Chrome), deleted all wireless network connections, hard boot. Still had problems with redirection. Since then til now (2 weeks) i have used a total of 18 (yes, i counted) different connections through 3 different ISP's (TOT, 3BB & True) and in more than half of these, i have used the cleaning/flushing/scanning methods, not used favourites or bookmarks, and still have the redirection problem. Chrome (default browser) was uninstalled/reinstalled as an added measure. Conclusion is that i have some nasty little bug residing somewhere on the laptop. Anyone with any suggestions would be greatly appreciated with their comments. BTW George, i believe it was only coincidental that i was on the new tech site when all this happened.................. My computer has the problem, my tablet does, and my wife's brand new smartphone does too. It must be either the ISP or the router. It can't be the devices.
December 28, 201411 yr Hi Guys, With reference to posts 4 & 5 (Min Max & danbradster) this was my initial thought as well, that the router was compromised. When the initial problem started the ISP was indeed TOT but using a Cisco router and not the one provided by TOT. Checked router setup and DNS (OK) reset password and rebooted. Laptop running Windows 7 Pro, cleared caches, flushed DNS, cleared favourites (IE) and deleted bookmarks (Chrome), deleted all wireless network connections, hard boot. Still had problems with redirection. Since then til now (2 weeks) i have used a total of 18 (yes, i counted) different connections through 3 different ISP's (TOT, 3BB & True) and in more than half of these, i have used the cleaning/flushing/scanning methods, not used favourites or bookmarks, and still have the redirection problem. Chrome (default browser) was uninstalled/reinstalled as an added measure. Conclusion is that i have some nasty little bug residing somewhere on the laptop. Anyone with any suggestions would be greatly appreciated with their comments. BTW George, i believe it was only coincidental that i was on the new tech site when all this happened.................. Reinstall the OS. Yeah, it takes a couple of hours but it's worth it. Set up the system with the basic software and patches you need to be current. Then make a disk image of your system. If you ever think your compromised, go back to your original disk image, upgrade it, test it, and reimage. Rinse and repeat. Another suggestion. Use a non-installed, 'live' Linux configuration (bootable Linux USB, KNOPPIX, etc). See if you can replicate the problem. At least you'll know if it's an OS based issue or not as you're eliminating your installed version of Win7 and its associated drivers as the primary problem. Edited December 28, 201411 yr by CALSinCM
December 28, 201411 yr I don't want to throw the cat amongst the fish here, BUT. Multiple AV and Malware missed this. (This is not right). Multiple ISP's involved... Multiple Operating systems being used... I personally know how one of the products operate above, and something like this does not get missed or bypassed. This is what peaked my ears. Two things concern me a little. 1) default username and passwords on DSL devices - Maybe there's a script that can scan, log in and change settings silently for DNS ? (upreading has now dismissed this...sorry) The more worrying one... and this DOES worry me.... 2) With the new "Internet controls" that have been placed within the last few months. I don't know i'm throwing kittens at fans here, if they were compromised then that would be bad - That or one compromised user has cached something that everyone now gets served.
December 28, 201411 yr I just answered a question about ROM-0 exploit in another thread. Seems pretty easy to gain access to TP-Link and Zyxel router's upgrade/backup page and download the settings and discover the password, then log into the web-interface and simply change the DNS settings so they point to a specially compromised server ... or UPDATE THE ENTIRE ROM the device is permanently compromised. Though, why bother. Most users just leave the default ISP or OEM passwords in place, meaning there might as well be no password at all.
January 1, 201511 yr I have been getting the adult web site popping up unexpectedly , I have been reading through the posts and I cannot make head nor tail out of some of the answers ( I am a bit computer thick ) Is there an answer to solve the problem in laymans terms ?
January 2, 201511 yr Can't help you without more details from your end. What internet provider? What router (brand, model)? What computer are you using that sees the pop-ups?
Create an account or sign in to comment