Naked Science Forum
Non Life Sciences => Geek Speak => Topic started by: Glyph on 30/04/2009 04:57:44
-
I upgraded from IE7 to IE8 about a week ago.
Today for the first time ever IE automatically redirects from the page I want to “doubleclick.net”:
the browser is being hijacked, (I never experienced this with IE 7).
I believe this hijack is some sort of Adware.
Has anyone had this problem and solved it ?
Is there a simple way of getting this rid of this redirect, like uninstalling and reinstalling IE8 ?
[I have abandoned IE and am using Firefox to post this]
-
So far as I am aware, these hijackers are a swine to get off your computer. If you can find the downloaded programme and remove it, it will duplicate itself, so you can never get shot of it. If you are an expert, you can remove all its elements from the root directory, but unless you know what you are doing, I would not recommend you attempt this.
I don't think uninstalling and reinstalling IE will have any effect at all. You could take your computer to an expert to have this removed or buy an antivirus/anitadware programme such as Norton, McAfee, Webroot and AVG or try one of the free downloadable programmes. AVG has a free download at http://free.avg.com/ (http://free.avg.com/)
-
I don't think uninstalling and reinstalling IE will have any effect at all. You could take your computer to an expert to have this removed or buy an antivirus/anitadware programme such as Norton, McAfee, Webroot and AVG or try one of the free downloadable programmes. AVG has a free download at http://free.avg.com/ (http://free.avg.com/)
Thanks for the reply Don.
McAfee was running when the infection occurred.
I've ran Microsoft's malicious software removal tool (kb890830-v2.9) and the much recommended Malwarebytes, neither detected any malicious items.
Any other suggestions welcome for reliable extraction tools, (ones which don't add more malware !)
The intermittent IE redirect is always to "doubleclick", it has yet to occur with Firefox.
-
There's an excellent bit of free software called "Spybot - Search and Destroy" which has always helped me when these things happen. There's also "HijackThis" which is a little less easy to use, but very good at it's job.
It's also worth deleting your cookies, incase there's something in there...
-
Spybot is working..
-
I may be speaking too soon, but resetting my router seems to have solved the problem.
This is done on my "BT Hub" router by inserting a pen into an orifice to activate a recessed switch.
The hacker who wrote the code should have pens inserted into all his orifices.
-
The hacker who wrote the code should have pens inserted into all his orifices.
I don't like the term hacker referred to as a bad guy, hacker is just a term so I will let it go. If you want to know what a real hacker is read Hackers: Heroes of the Computer Revolution by Steven Levy
I agree with you that the cracker that did this needs something put into his orifices, but I don't think pens to the trick. I'm thinking m80's and a lighter. [;D]
-
Hi Glyph
This is probably not quite as sinister as it seems (or at least not in the way you're thinking).
doubleclick.net is a seriously major advertising enterprise on the internet (I believe Google bought them a year or so back). A huge number of websites have advertising or other things served via doubleclick.net
This does cause privacy concerns as they do leave cookies behind which potentially can track your visits to doubleclick-participating websites. But that's an aside.
A few websites are actually doing click-throughs via doubleclick - you think you're clicking to a payment or paypal page or whatever and it actually sends you on a merry detour to doubleclick (with a custom URL which tells it where to take you next) then back to where you were going.
Personally I block a few ad sites at a low-level - but this means I can never get past the click-throughs worked in this weird way.
I suspect you were probably doing the doubleclick click-through on whichever site it is you are concerned about even with IE7, but that IE8 works slightly differently and thereby makes it more visible.
I see Microsoft is pushing IE8 through Windows Update since Tuesday. I'll hold off for a few weeks until any teething troubles are fixed (or at least known about) before I upgrade!
Hopefully your browser itself is not actually hijacked with anything sinister...
-
I may be speaking too soon, but resetting my router seems to have solved the problem.
This is done on my "BT Hub" router by inserting a pen into an orifice to activate a recessed switch.
If you have reset your router, don't forget to re-set the admin/configuration password to something complicated and to set up encryption (WPA if at all possible) if you use WiFi. Otherwise you're inviting bigger problems...
-
Go into your cookie folder an delete those for doubleclick.
Also click on Tools and then internet options.
When the options page opens click on privacy and then sites.
In the box type in doubleclick.net and click the Block tab.
May sites, even one's that you would consider good will put doubleclick cookie on your PC, they make money from it.
Double click were i believe taken to court to try and stop their activities but won.
-
I've had another thought.
For the past six weeks or couple of months I've noticed that after I've hand-typed a URL in the addressbar in my IE7, when I press return or click the green button to load the page the address blinks extremely quickly as if it momentarily goes elsewhere. When I first noticed this I was quite worried about it, but I checked everything over and all was clean - and there's been no other symptoms. I've gradually come to ignore it. For me, the address-bar flashes too quickly for me to see where it goes (and knowing how slow my connection is, I doubt it actually gets anywhere). It seems to happen to all URLs hand-typed, whether it's thenakedscientists or internet banking. [>:(]
I'll try and watch *really closely* in future.
I suppose it could be some (Google?)toolbar/phishing filter/stats gathering/...?
Can you describe more precisely what you're seeing, Glyph?
-
Can you describe more precisely what you're seeing, Glyph?
Same as el dudo
SOS! Keep getting redirected to ad.uk.doubleclick.net
--------------------------------------------------------------------------------
I have this problem for a while now and haven't managed to shake it despite trying a wide range of anti-virus software. I have also run panda and bitdefender and nothing unusal shows up. The problem is as follows: when i visit a website (eg streetmap.co.uk, newsnow, btinternet, yahoo etc etc)i automatically get redirected to the dell google page and get told that i searched for a website and it didn't exist. eg (http://ad.uk.doubleclick.net/adi/N37...2262151.3%3Bsz). i think the search term changes, but it is a page on ad.uk.doubleclick.net. any ideas? this is driving me cravzy!!
http://forums.majorgeeks.com/showthread.php?t=132682
The computer scans don't detect anything because the problem is occurring in the router, apparently.
No recurrence of the "doubleclick" redirect as yet in my case, prodding the router with a biro seems to have got rid of it.
Two of the addresses which appeared in my case were "http://ad.uk.doubleclick.net/adi/N4189.Yahoo/B3567964%3Bsz”,
and "http://ad.uk.doubleclick.net/adi/N530.Yahoouk/B3412750%3Bsz". Just because the addresses include the words DoubleClick does not mean that the problem was created "Double click" corp.
It now seems more like a fault than a deliberate attempt to hijack. The pages I was trying to see did include adverts probably from DoubleClick Corp, despite not clicking on them IE was redirecting me to a corrupted version of their address, which didn't exist.
So not a malignant redirect, but nevertheless it did make IE inoperable.
-
Some ISPs are configuring their routers so that the DNS is hosted by ad companies. When you therefore click on a target site, if no result is returned instead you get a page of adverts, allegedly to "help" you find what you are looking for.
I found that my network was connecting to some other IP address last year. Initially I thought I'd been hacked, but when I investigated it turned out to be tiscali routing all my traffic requests via an ad agent.
Why this is a pain in the arse is that when you request another computer on your own network the delay can be hideous whilst the address is checked with the external agency first...
I have since switched providers, although not for this reason. I now have a business service, which is must more stable because the line contention is really low.
Chris
-
There's also "HijackThis" which is a little less easy to use, but very good at it's job.
Anyone planning to use "HijackThis" should look at this video first
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
"HijackThis" shows all the programmes running on your computer, not just nasties.
Don't delete any of them unless you are absolutely sure they are malware.
-
Some ISPs are configuring their routers so that the DNS is hosted by ad companies. When you therefore click on a target site, if no result is returned instead you get a page of adverts, allegedly to "help" you find what you are looking for.
I found that my network was connecting to some other IP address last year. Initially I thought I'd been hacked, but when I investigated it turned out to be tiscali routing all my traffic requests via an ad agent.
...
Thanks Chris for passing on that tidbit of information. It's something I'll definitely keep my eyes open for.
Some of these ISPs and advertisers are almost as bad as the spammers in trying to force advertisements down our throats without asking or explaining - and causing no end of collateral damage. [>:(]
While talking of Phorm (ok, actually we weren't but the previous sentence made me think of it), has the Naked Scientists website taken the step of actively opting out of Phorm profiling?
For anyone who doesn't know, Phorm is a particularly intrusive advertising system based on the concept of equipment installed at an ISP to intercept all of each customers' internet traffic and keyword-profile all the websites they access. Phorm also does serious redirection of web traffic in order to jump through technical hoops (to circumvent normal blocks) to place tracking-cookies in your browser for every single site you visit.
Prof. Richard Clayton from Cambridge University computer-security department investigated Phorm's technical approach and wrote a paper on the subject. http://www.cl.cam.ac.uk/~rnc1/080518-phorm.pdf
-
Best soultion, use Mozila firefox instead, much better safer browser. see information and download at: http://www.mozilla-europe.org/en/firefox/
Hope this helped ~sHiMmY