Url Hijack

[GregS]

tiny url is at it again. When I try to open the homepage, I am directed there and a malware warning appears. It is then necessary that I shut down that browser and try again.

 

Please fix this, or inform me if there is something I must do to avoid it.

[+Dizledot]

I've been getting this the last few day's too. In fact I was just hit with a virus that redirected my browser every time I tried to search for anything. It took us two weeks and finally re formatting my 2 computers to get back to normal. We've been trying to figure out how we were hit by the virus and I remember we were getting redirected by "Tiny URL" just before everything got redirected. My better half isn't very computer savey and may have clicked something in efforts to get to MMMA.

 

Any ideas what's going on with this....has MMMA been hacked?

 

 

[Guest OxXGarfieldXxO]

This virus isn't passed on via this site. It's well known and can be obtained in a number of ways. I'm not going to get into instructions on how to get rid of this as this isn't a tech forum and no offense, but I don't have the time to solve users computer problems.

 

The best thing to do is get on an uninfected computer and google "browser hijack" Many tech forums provide instruction which in my opinion are very easy to follow. Most will involve HJT (hijack this) and Malwarebytes. The responsible .dll's is often in your /appdata folder. Trying this search on an infected computer will often get yourself routed to a devious website and isn't advised.

 

The worst place I've found this virus coming from in my personal experience is paltalk though it can come from anywhere. It often is hidden code in ads that installs automatically and they always seem to be one step ahead of the most popular virus detection software. I have no idea why these sites running these ads don't find these.

 

One thing I will say is anyone that use IE as a browser is just asking for it. I know it's installed in most everyone's comp, but IE is notoriously bad about fixing it's security holes.

 

I've gotten it too before. To me it isn't that big of a deal and since I don't have to wait for tech forums to reply to my posted log, I have it gone in less then 10 minutes. Most of that time spent in rebooting. Every time I've seen it it always manifest in the same place though always with a different name(always in: userID/AppData/Local (and sometimes in the "Temp" folder in the "Local" folder). After you do get rid of the bugger in "safe mode" it's best to use also use the app "msconfig cleaner" after you go through all the hjt and malwarebytes steps. I never see that step mentioned in the tech forums but it wouldn't hurt.

[ozzrokk]

I too am now getting this. Now when I search for anything via google,yahoo, etc. I get redirected to other places

very anoying

[Guest OxXGarfieldXxO]

I too am now getting this. Now when I search for anything via google,yahoo, etc. I get redirected to other places

very anoying

 

You guys aren't putting 2 and 2 together. If it was this site, we'd all be infected. Not 2-20 people out of say a couple thousand active user.

 

I know people are going to say " I never visit those sites and I'm offended"

 

....but experience tells me more times then not, it's not coming from an inane website like ours. Only ads we run come from google and they are very good about keeping these squashed. Where you get these most times are sites that run their own ad servers and clients can upload and pay via some web page. Here only I put up the ads. There is no "submission" service where ads automatically appear after payment has been made.

 

No html or java is allowed by members, so it's not that.

 

Don't visit porn site

Don't visit warez

Don't visit "lyric sites" (These often seem to be fronts)

 

Maybe you don't visit these sites. But maybe it's your kids or spouse. Once something is in your network all comps are fair game.

 

Regardless this is 100% a client side problem.

 

I suggest learning how to deal with them personally. Sure it's annoying when you pick one up, but you're not dealing with that virus that stormed Iran's nuclear facilities. One click of "scan" with HJT and I can see exactly whats been forced on my system. You get to know what the "good" processes are and which one are "bad" or no reason for them.

 

Good luck guys...

[+Silverblue]

Hi I hope it's ok too share some ideas here. Get Mozilla Firefox and these programs: noscript, and adblock/adblockplus, there's another one called https eveyhwhere, and one called better privacy, make sure your browser is in private browsing mode. None of these are 100% foolproof but they are a stronger defense. Some of those programs may work with IE but IE is not as well made as Firefox, which gets updated a lot more than IE does. These programs are addons to Firefox. The browser needs to be configured, too. I don't accept 3rd-party cookies, that'll help, also. I block sites I'm visiting before I go there, to prevent them dumping cookies on me if I don't need them to log in. Another sinister tracking device is called a "web bug" or "Web beacon." The browser has settings to not allow them, among other things. Learn what "click jacking" and clear click protection are, among other terms. The flash player site tracks users, too, if you don't want that there's ways of denying them access. Some of these require being an admin on your computer, but don't let the admin account get online unless it's absolutely necessary, that's how stuff gets in, too, there's a way to run the program without being in the admin account. The User account is better for surfing the net. Keep sensitive items out or strongly protected. Even a recycle bin needs protection. Get security alerts, too. Secunia and US-CERT are 2 very good ones. Protect each account on your system with a password and change it occasionally. I'm no techie but figured those programs out well enough to use the basic functions. After installing them, they need to be set up, you'll have to decide how they will work. This is a bit of work but it will stop a lot of that stuff. Especially the 1st 2 programs, if you go to an unsafe site the browser will warn you or maybe even prevent you from going there. Secunia will warn you if you need a patch and if your program is secure or not, if you download their program. If you configure the setting on noscript to be warned when a site tries to redirect the browser, it'll show a message that it prevented the action and you can decide if you want to allow it after that or not, depends if it was someplace you did want to see. The programs have to be configured and they will update if you tell them to; and they will reveal a lot about what happens at each site you're on and you can decide if you want that to be allowed. For example, noscript will tell you of any other site that's lurking at the site you're visiting and you can mark it as untrusted, you can temporarily allow it or allow it permanently. Adblock lets you block photos as well as ads. It takes awhile to set all this up but it's worth it. Someone here told me about those first two and I found others through the addon page for firefox. Update antivirus and spyware programs often, daily at least, and scan every day, have a firewall, too, make sure all your programs are set for the best protection and functionality, some sites won't work right with a particular program, you'll find that out through experience. Say your privacy setting is high, some sites may not work with that so you have to lower it to medium or medium high. Even for us non-techies we need to know enough to set our systems up before getting online. I hope all this helps. Many sites do their best to be secure but we all must do our part, too. Pop-up blockers also help. Stay protected and as safe as possible. Others here can help with details I may be unable to explain or understand well.

 

Sb

[tasty]

Same issue here...

[Kingdiamond]

Same issue here...

I run webroots spysweeper it auto detects browser hijacks im running smoothly and get no hijack warnings from my system .

[Kingdiamond]

I run webroots spysweeper it auto detects browser hijacks im running smoothly and get no hijack warnings from my system .

UPDATE

 

I tried logging in on my wifes pc the tiny url appeared on her machine once i tried going into the forums.

[+420Atheist]

I see two or three computers a week with viruses. I never have to rebuild anything. Just follow these instructions.

 

Download combofix from http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

You may have to do this from a non infected PC. Run combofix and say yes to installing the Microsoft Console.

 

Let combofix run. It may look like nothing is happening but do not reboot. It may take an hour or more to run.

 

Combofix may reboot and run again. If it does let it.

 

Once combofix is done google malwarebytes and download that. Update it then run a complete scan. Remove any virus found and run again until clean.

 

If you don't have a good antivirus Avast is good and there is a free home version available that works fine.

 

Do not use Tiny URL. Get to this web site by going to http://michiganmedicalmarijuana.org Tiny URL can redirect you to anywhere.

[GregS]

Did a little homework. It appears my particular hijack came from: http://www.letsgowings.com/forums/topic/60205-tinyurl4info-redirect/

[Ionic7]

Did a little homework. It appears my particular hijack came from: http://www.letsgowings.com/forums/topic/60205-tinyurl4info-redirect/

 

Protip dont post a link to a site thats gives out viruses

[+Dizledot]

You guys aren't putting 2 and 2 together. If it was this site, we'd all be infected. Not 2-20 people out of say a couple thousand active user.

 

I know people are going to say " I never visit those sites and I'm offended"

 

....but experience tells me more times then not, it's not coming from an inane website like ours. Only ads we run come from google and they are very good about keeping these squashed. Where you get these most times are sites that run their own ad servers and clients can upload and pay via some web page. Here only I put up the ads. There is no "submission" service where ads automatically appear after payment has been made.

 

No html or java is allowed by members, so it's not that.

 

Don't visit porn site

Don't visit warez

Don't visit "lyric sites" (These often seem to be fronts)

 

Maybe you don't visit these sites. But maybe it's your kids or spouse. Once something is in your network all comps are fair game.

 

Regardless this is 100% a client side problem.

 

I suggest learning how to deal with them personally. Sure it's annoying when you pick one up, but you're not dealing with that virus that stormed Iran's nuclear facilities. One click of "scan" with HJT and I can see exactly whats been forced on my system. You get to know what the "good" processes are and which one are "bad" or no reason for them.

 

Good luck guys...

 

 

 

I didn't mean to imply it was this site that I picked up the virus from was just suprised to see that tiny URL pop up every once in a while over the last few days. One of my employees used my corporate PC and picked it up. It was a bugger to get rid of because I didn't have that last step mentioned by Garfield until 2 weeks latter, but yes its easily cleaned up.

 

Dizz

[phaquetoo]

This virus isn't passed on via this site. It's well known and can be obtained in a number of ways. I'm not going to get into instructions on how to get rid of this as this isn't a tech forum and no offense, but I don't have the time to solve users computer problems.

 

The best thing to do is get on an uninfected computer and google "browser hijack" Many tech forums provide instruction which in my opinion are very easy to follow. Most will involve HJT (hijack this) and Malwarebytes. The responsible .dll's is often in your /appdata folder. Trying this search on an infected computer will often get yourself routed to a devious website and isn't advised.

 

The worst place I've found this virus coming from in my personal experience is paltalk though it can come from anywhere. It often is hidden code in ads that installs automatically and they always seem to be one step ahead of the most popular virus detection software. I have no idea why these sites running these ads don't find these.

 

One thing I will say is anyone that use IE as a browser is just asking for it. I know it's installed in most everyone's comp, but IE is notoriously bad about fixing it's security holes.

 

I've gotten it too before. To me it isn't that big of a deal and since I don't have to wait for tech forums to reply to my posted log, I have it gone in less then 10 minutes. Most of that time spent in rebooting. Every time I've seen it it always manifest in the same place though always with a different name(always in: userID/AppData/Local (and sometimes in the "Temp" folder in the "Local" folder). After you do get rid of the bugger in "safe mode" it's best to use also use the app "msconfig cleaner" after you go through all the hjt and malwarebytes steps. I never see that step mentioned in the tech forums but it wouldn't hurt.

 

 

huh? were you speaking in english? lol

 

the only time i have a prob getting on the site, i believe you may be tweaking something, and the site mite not be accesable at that time?

 

so i just wait and refresh till it works, usualy in the morn,,,no viruses for me, and i only use the free stuff, i think maybe a router is good also!

 

Not sure! Im a disabled painter, not a computer geek!

 

Peace

[Guest OxXGarfieldXxO]

Reading about this you may want to try this free application. It seems to have done a lot of people some good.

 

http://www.superantispyware.com/

 

I installed this on my computer to test it out. It always a danger telling people to download something, so I wont tell you to do anything I haven't. I think I've had this on some of my machines before as I remember this tray icon (a little lady bug). People complaining specifcally about the tinyurl hijack are heaping praises upon it. I think it's safe and it' ll help you guys, but you do so at your own risk.

 

Also I guess I wonder why your using google to search this site? Much better off using the sites own search. But people will do what they want.

[caregiver123]

Not to further fuel this fire, but I get the tiny url hijack only when I log onto this site. It happens on this computer and now on my phone as well. I have never had any problems with viruses etc. If it isn't at all related to this website, then why is this the only website it comes up on - on two diff operating systems on top of it?? btw i use mozilla with private browsing.

[Guest OxXGarfieldXxO]

Not to further fuel this fire, but I get the tiny url hijack only when I log onto this site. It happens on this computer and now on my phone as well. I have never had any problems with viruses etc. If it isn't at all related to this website, then why is this the only website it comes up on - on two diff operating systems on top of it?? btw i use mozilla with private browsing.

 

Your not fanning any fire.

 

You're telling me that when you click the login button on this site you're being redirected?

 

Or are you clicking on a link from google or some other search engine to get here and are redirected?

 

Best

[caregiver123]

If I type in michiganmedicalmarijuana.org in the url bar the site comes up fine. If I search for mmma using google, yahoo, etc, then click the link to michiganmedicalmarijuana.org that's when I get redirected. I just hit back and click the link again and it works fine, it's not a huge deal, it's just annoying, and like I mentioned only happens when trying to get to this site. Exact same situation on my phone (htc eris, android).

[Guest OxXGarfieldXxO]

Exactly.....Not our fault. This virus attacks google, and you may not yet, but you'll find this isn't he only sites URL's that gets redirected. And from what I hear it isn't all the time even.

 

But the problem is client side. Not this site. You've picked up something somewhere and it's going to continue to do it till you get rid of it.

 

I feel for you guys as this seems to be an epidemic. News of this is all over the place so it seems to be very wide spread.

 

But there's just nothing I can do for you guys other then try and point you in the right direction to be rid of it.

 

Good luck

[2d]

Exactly.....Not our fault. This virus attacks google, and you may not yet, but you'll find this isn't he only sites URL's that gets redirected. And from what I hear it isn't all the time even.

 

But the problem is client side. Not this site. You've picked up something somewhere and it's going to continue to do it till you get rid of it.

 

I feel for you guys as this seems to be an epidemic. News of this is all over the place so it seems to be very wide spread.

 

But there's just nothing I can do for you guys other then try and point you in the right direction to be rid of it.

 

Good luck

 

>>sometimes search for Kahr Talk redirects to xxxxxxtinyurl4.info/ec24d6b3 Report abuse

 

redjak

Level 1

7/5/10

Sometimes on first search for Kahr Talk I click on first link (Kahr Talk Home) and instead of going to http://kahrtalk.com I end up at xxxxxxxtinyurl4.info/ec24d6b3 (I don't know if the tinyurl link is a safe site. I browse using a standard user account, not administrator, so it doesn't seem to hurt anything on my computer).

 

Operating System is Windows 7 Home Premium

 

Problem occurs with both Internet Explorer 8 (latest version with all Microsoft Update patches) or FireFox 3.6.6 (latest version).

 

To fix problem I click on search icon in upper right corner of browser window again (either IE or FF). Clicking on first link returned goes to http://kahrtalk.com. The re-direct problem will not occur again during that browser session.

 

To make problem re-occur, close browser and re-open, search for Kahr Talk. Note that both IE and FF on my computer are configured to forget all history when closed.

 

Google is not the problem. I can make this problem occur with Bing.

 

Microsoft Security Essentials is running on this desktop computer. MSE quick scan finds no issues. Hitman Pro 3.5 downloaded and run on this computer. Hitman Pro quick scan finds no issues.

 

Anyone seen anything like this?

 

>Anyone seen anything like this?

 

Yes ... often. It appears that the site has either been hacked or may have ads that cause the redirection. It is often possible for the redirect to only occur when the referrer is one or more of the popular search engines. The code can also be written in such a way as to happen sometimes (or for some visitors) and not others.

 

If this is your site, you will probably want to post in the Malware and Hacked Sites section of the Webmaster Help Forum.

 

Google Webmaster Help Forum:

http://www.google.com/support/forum/p/Webmasters?hl=en

 

If you are just a visitor, you will probably want to stay away from it until it has been fixed (just in case it may be causing a problem that you have not detected on your computer.) You can report suspicious/malicious sites through the following so that Google can check them and place a warning in the search results:

 

Report malicious sites

http://www.google.com/safebrowsing/report_badware/

 

As a visitor, you could also notify the site owner/admin and report the problem you are experiencing so that they can evaluate the situation. <<

 

http://www.google.com/support/forum/p/Web%20Search/thread?tid=23ab13ce67d828ed&hl=en

[Guest OxXGarfieldXxO]

As an after thought you guys may want to try this as well. Malware family Rootkit.Win32.TDSS by kaspersky

 

I dl'ed it and tried it. Of course I didn't find anything but I'm not having problems with re directions either....

 

reputable site.

http://support.kaspe...s?qid=208280684

[GregS]

Protip dont post a link to a site thats gives out viruses

 

Okaay. It is a Detroit Red Wings promo site.

[Guest OxXGarfieldXxO]

It's highly doubtful you guys will ever figure out exactly where you got this.

 

You guys may want to read the Google (and don't get there via a search) forums too. They seem to be bursting with these threads.

 

But a link from here to a Redwings site will be inane. I might not trust a link from Google to a Redwings site if you're having these troubles, but then Google shouldn't be used at all till you get your rig under control. Even that search bar in your browser. The one that's actually searches Google even though you're not on their site.....yah, quit.

 

Google itself isn't infected. Just the malicious users in our world know that 90% of the people out there use that search engine....so it's what they target with their script that takes over your browser.

[upperline]

Just throwing in my 2 cents - I've encountered the same problem with this website over the past couple of days. Sometimes when I click on the link from Google it redirects me to the tinyurl site. I haven't experienced it with any other sites. No biggie, just putting it out there.

[Guest OxXGarfieldXxO]

I don't know what else to say other then quit using this site then. Peace and good luck Let me know if you want your account deleted.....

 

Best