Spyware, Viruses, & Security forum


Redirect/Pop-up Ads Malware Not Detected By...

by NorthBeachnik / July 27, 2012 3:36 AM PDT

I am suddenly getting redirects from google (and I think also from Yahoo) searches to pages that say URL not found or big, scary red screens that say this is probably not the sie you're looking for, something is trying to redirect you to a site named [fill in the blank with odd site name]. For a few days at a time I will not be allowed to open Huffingtonpost.com. Then for a few days its Craigslist.com...or Yahoo.com. It changes back and forth. these are sites I go to constantly. Its a malware that has "learned" my habits. I also get all sorts of annoying pop-up ads. This never used to happen.

I have repeatedly tried to eliminate this rootkit(?) redirect malware with the programs listed below. I successfully eliminated lots of Adware but the redirects and pop-ups are still happening.


Hitman Pro

Kaspersky TDSS Killer (is that the name)? renamed as 123.com on my desktop


Malwarebytes detected NOTHING. Hitman Pro detected nearly 500 adwares but could not remove them. SUPERAntiSpyware detected the Adware and removed all of them. I ran Hitman Pro again and it found 16 Adwares and either Hitman Pro or SUPERAntiSpyware removed them.

So what do I do now to get down to the rootkit and destroy it????

Thanks in advance for advice!

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: Redirect/Pop-up Ads Malware Not Detected By...
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Redirect/Pop-up Ads Malware Not Detected By...
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
P.S. Forgot to mention...
by NorthBeachnik / July 27, 2012 3:38 AM PDT

Forgot to mention that I have:

Microsoft Essentials

...which obviously has not helped in any way to detect the rootkit.

I have a Toshiba NB350 Win7 and I use Chrome.

Collapse -
Just a quick thought.
by R. Proffitt Forum moderator / July 27, 2012 3:44 AM PDT

What if it's not a rootkit but the router you use has been tampered with? That is, can you set your router to hand out and use the Google DNS (8,8.8.8. and ?

I encountered someone that had spent weeks, even reloading the OS and was convinced it was the rootkit from hell. It was the router setting.

Collapse -
Started Long Before I Was On A Router
by NorthBeachnik / July 27, 2012 3:56 AM PDT
In reply to: Just a quick thought.

Hi Bob,

Thanks for replying. Great suggestion. This problem began when I was not on a router. I was using a SPRINT USB Wireless account out of town for an extended length of time. Then I returned home to SF Bay Area and went to my tech guys. They checked and scanned and could find nothing wrong. But the problem stopped. Now a couple of months later after much Internet surfing the problem has restarted. I did switch away from the SPRINT wireless which I cancelled 2 weeks ago but the problem seems unrelated to the temporary out-of-town landlady's router because I had this problem for months on the SPRINT Wireless. This netbook was ALWAYS on the SPRINT Wireless from the moment I bought it until these symptoms started.

One odd thing to mention: I was able to use Kaspersky TDSS Killer (123.com) from my own desktop. I did not have to download to a friend's computer on a flashdrive in order to use it.

I'm off to work but I look forward to coming home and hopefully finding other thoughts or suggestions, from you, Bob, or anyone else!.

Collapse -
When you get a chance.
by R. Proffitt Forum moderator / July 27, 2012 4:05 AM PDT

Look at the IP addresses of the DNS you are using and let's check that out. DNS hijacking can go undetected by most scanners. And can result in what you noted.

I know it sounds terrible but given I don't want to spend a lot of time on folk's machines I often change it to the Google DNS without seeing if the DNS was jacked. Your choice here on the research part so let's link about this one.

http://en.wikipedia.org/wiki/DNS_hijacking covers it all and includes notes about ISPs that "use DNS hijacking for their own purposes, such as displaying advertisements".


Collapse -
Read DNS Hijack - Still Don't Know What To Do
by NorthBeachnik / July 27, 2012 10:34 AM PDT
In reply to: When you get a chance.

I read the DNS Hijack WIki and the Domain Name System WIki (for a refresher). The DNS Hijack examples did not sound like me. I really wasn't on a router or a network other than Sprint until about 10 days or two weeks ago, more likely the former. This problem has been going on since Spring, stopped in June, then started up again in early July. I'm going crazy. I'm trying to manage a renovation project, sell salvageable items on Craigslist and occasionally price something new online at a retailer, keep up with email and online news and I never know on what day a given site will give me a redirect to the white URL Not Found or worse the red Warning - some site is attempting to a redirect - this is not the site you want - go back or whatever (which I believe is generated from Chrome or an add-on or extension - I'm not really sure).

Even if it is a DNS Hijack and not a rootkit...how do I resolve a DNS Hijack???

Collapse -
For me it was simple.
by R. Proffitt Forum moderator / July 28, 2012 1:28 AM PDT

I used the Google DNS and then cleared the arp cache just to be sure.

If that's not enough read http://www.bleepingcomputer.com/forums/topic436991.html about more scans to run.

There is that problem I run into and I understand that folk do not want to become masters of networking and change the DNS they use, but with all the pressure for ISPs to make a few bucks they can do things like this. Easy enough to use another DNS so that's what I do.

But how to get my mom to change this? Like most seniors, not into networking.

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Big screens for the big game

Still looking for the best TV deals ahead of Sunday's game? Here are our top three big screen picks.