1. Attachments are working again! Check out this thread for more details and to report any other bugs.

Google Redirect?

Discussion in 'PriusChat Website Questions' started by Politburo, Feb 1, 2012.

  1. Politburo

    Politburo Active Member

    Joined:
    Feb 15, 2009
    971
    208
    0
    Vehicle:
    2009 Prius
    Twice in the past two days I have come to PC via a Google search and have been redirected to something like shorturl.info. I close the tab quickly when this occurs, so that likely isn't the correct URL. It doesn't happen every time and I can't seem to recreate it. Redirect may not be the correct term either.. it's not clear if I'm getting to PC and getting redirected, or if Google is doing it (since when you click on a google search result, the URL is not the actual site but to Google for tracking, then you get redirected to the site you clicked on).

    This has happened on completely different computers on completely different networks so I don't think it's my machine/configuration. I haven't had it happen for any other sites on either machine.

    Anyone else seeing this?
     
  2. cwerdna

    cwerdna Senior Member

    Joined:
    Sep 4, 2005
    12,544
    2,122
    1
    Location:
    SF Bay Area, CA
    Vehicle:
    2006 Prius
    Yes. I've started seeing this recently but didn't make a note of the URL.

    I clicked on links on Google searches that definitely should have led to the proper page on Priuschat.com but got sent to the wrong page. I'm unable to reproduce at will. Virus scans on my machine turn up clean. I too have been worried about some Trojan/zero day attack. I've been using Firefox 9.0.1 and now I've just been updated to 10.

    I'll try to take a screenshot the next time it happens.

    I tend to do a lot of searches on Google for site:priuschat.com (my search terms here).
     
  3. The Critic

    The Critic Resident Critic

    Joined:
    Oct 28, 2005
    3,193
    2,315
    0
    Location:
    CA
    Vehicle:
    2011 Prius
    Model:
    Three
    Probably have a Trojan.

    MB860 ?
     
  4. Stev0

    Stev0 Honorary Hong Kong Cavalier

    Joined:
    Sep 23, 2006
    7,201
    1,073
    0
    Location:
    Northampton, MA
    Vehicle:
    2022 Prius Prime
    Model:
    Plug-in Base
    I get that, too - two days in a row it tried to send me to something called dollartrade.com. Fortunately, since I'm running Firefox and NoScript, it didn't succeed.
     
  5. Danny

    Danny Admin/Founder
    Staff Member

    Joined:
    Nov 24, 2003
    7,093
    2,100
    1,174
    Location:
    Charlotte, NC
    Vehicle:
    2013 Prius Plug-in
    Model:
    Plug-in Base
    I found a maliscious script on the server the other day. Please let me know if you see this issue any more.
     
    1 person likes this.
  6. dustoff003

    dustoff003 Blizzard Brigade #003

    Joined:
    Dec 27, 2010
    1,371
    335
    0
    Location:
    Waianae, HI (Oahu)
    Vehicle:
    2011 Prius
    Model:
    Five
    Could this have contributed to or caused the recent slowness?


    Posted from my iPhone via the Tapatalk app.
     
  7. cwerdna

    cwerdna Senior Member

    Joined:
    Sep 4, 2005
    12,544
    2,122
    1
    Location:
    SF Bay Area, CA
    Vehicle:
    2006 Prius
    I've hit another case of this today. I don't think I've seen this ever since Danny said he cleaned it up, until today. I pretty frequently do Google searches of site:priuschat.com [what I'm looking for], w/o issue.

    I did a query for https://www.google.com/search?q=sit...s=org.mozilla:en-US:official&client=firefox-a (for site:priuschat.com "prius c" stages) and clicked on I believe the first link to that was supposed to lead to http://priuschat.com/forums/prius-c-technical-discussion/106256-prius-c-warm-up-stages.html.

    Instead, I was sent to MyFilestore.com - Your File Hosting. Of course, this doesn't repro anymore. I also then got some attack warning from Norton Antivirus. Unfortunately, I didn't grab a screenshot from that but this looks like it was it as I see nothing else from around that time.
     

    Attached Files:

  8. hoddy4

    hoddy4 New Member

    Joined:
    Jun 8, 2009
    118
    18
    0
    Location:
    NC
    Vehicle:
    2012 Prius v wagon
    Model:
    Three
    try malwarebytes anti-malware from ninite.com
     
  9. cwerdna

    cwerdna Senior Member

    Joined:
    Sep 4, 2005
    12,544
    2,122
    1
    Location:
    SF Bay Area, CA
    Vehicle:
    2006 Prius
    I've never heard of ninite.com but I do have Malwarebytes Anti-Malware installed already. I'm updating and rerunning a scan now. I seriously doubt it's my machine. My computing practices are pretty safe, I'm always up to date w/critical updates and I don't run software from untrusted sources.

    (I've had a HUGE headache w/having to clean up my dad's machine (physically in a different house) w/him downloading and installing a whole bunch of malware/spyware on his machine like Funmoods, iLivid, Produtools, random crap that apparently originates from Cyprus, Israel and Malta, etc. that altered his search engines, added BHOs, random add-ons and plugins, etc. :mad: It required multiple legitimate anti-spyware/anti-malware apps to clean it up, e.g. Ad-Aware, Malwarebytes, Spybot Search and Destroy, etc. along w/a a LOT of wasted time.)

    edit: Malwarebytes scan found nothing suspicious or malicious. Ditto for Ad-Aware and Spybot Search and Destroy, other than cookies, which are (to me) are bogus false alarms and not spyware.
     
  10. fuzzy1

    fuzzy1 Senior Member

    Joined:
    Feb 26, 2009
    17,035
    10,010
    90
    Location:
    Western Washington
    Vehicle:
    Other Hybrid
    Model:
    N/A
    Same thing happened to me a few minutes ago. I rarely use Google to get to anything on PC, but after an unrelated matter (exploring mobile versions of websites with a nonmobile machine) altered some cookies, I checked it to get back to the PC home page. The link sent me to the same site you mentioned.

    No virus warning. I don't know it that is because McAfee is terrible, or the other firewalls stopped it, or if NoScript and other FF plugins stopped it.
     
  11. CPSDarren

    CPSDarren CPS Technician

    Joined:
    Aug 9, 2009
    533
    112
    0
    Location:
    Chicago
    Vehicle:
    2010 Prius
    Model:
    II
    I've had similar issues recently with various Google search results.

    I did find a trojan eventually, something not prevented or detected by Microsoft Security Essentials. Malwarebytes removed the active virus/trojan (isecurity.exe). Now that it's gone, something is still remnant on my desktop trying to "phone home" when I do Google searches. I even went so far as to remove MSIE and switched to Chrome to no avail. Both Avira and Malwarebytes are blocking the requests to access the remote IP address (in Europe) when I search. I've also added it to a firewall block. Still, I can't find the source of the problem yet, but I suspect it is likely related to the search result redirects. isecurity.exe is known to be related to these redirects, but removing it apparently still left something lingering.
     
  12. cwerdna

    cwerdna Senior Member

    Joined:
    Sep 4, 2005
    12,544
    2,122
    1
    Location:
    SF Bay Area, CA
    Vehicle:
    2006 Prius
    ^^^
    I don't think that's the issue on my side. I've already scans with run Ad-aware, Malwarebytes, and Spybot Search and Destroy besides Norton 360. I've never had this problem w/any other Google search results and I Google a LOT.
     
  13. CPSDarren

    CPSDarren CPS Technician

    Joined:
    Aug 9, 2009
    533
    112
    0
    Location:
    Chicago
    Vehicle:
    2010 Prius
    Model:
    II
    Gotcha, mine seemed to affect various Google search result links and somehow intercepted the intended destination and replaced it, usually with something similar that was advertising.
     
  14. cwerdna

    cwerdna Senior Member

    Joined:
    Sep 4, 2005
    12,544
    2,122
    1
    Location:
    SF Bay Area, CA
    Vehicle:
    2006 Prius