Not sure what happened, but many of my google research results are being hijacked and redirected through "http://googleads.g.doubleclick.net", which Avast! is blocking.

I've run malwarebytes and it didn't find anything.

Anything else I can try??

Thanks!

actions · 2012-Sep-12 2:42 pm ·

BlitzenZeus
Burnt Out Cynic
Premium Member
join:2000-01-13

BlitzenZeus

Premium Member

2012-Sep-12 3:51 pm

Google owns doubleclick

actions · 2012-Sep-12 3:51 pm ·

howardfine
join:2002-08-09
Saint Louis, MO

1 recommendation

howardfine

Member

2012-Sep-12 3:56 pm

Google owning doubleclick has nothing to do with the problem.

Are you sure you're not clicking on the ads on the results page?

actions · 2012-Sep-12 3:56 pm ·

Robert
Premium Member
join:2001-08-25
Miami, FL

Robert

Premium Member

2012-Sep-13 7:26 am

Nope, I'm just clicking the regular results.

That has now stopped - and now I get this warning from Avast! every time I search Google (not clicking any links, just searching).

This is only happening in Firefox - IE doesn't throw up these warnings.

I've scanned with MBM and SuperAntispyware and nothing is coming up.

actions · 2012-Sep-13 7:26 am ·

JohnInSJ
Premium Member
join:2003-09-22
Aptos, CA

1 edit

1 recommendation

JohnInSJ to Robert

Premium Member

2012-Sep-13 8:52 am

to Robert

Well, hxxp://13.perclick4advertising.com/ is a per-click ad company.

Looks like something weird in firefox. Disable all addons and extensions?

actions · 2012-Sep-13 8:52 am ·

Robert
Premium Member
join:2001-08-25
Miami, FL

Robert

Premium Member

2012-Sep-13 9:32 am

Thanks! I forgot about the addons.

After disabling the addons and reenabling, I discovered an add-on called "Mozilla Safe Browsing 2.0.14" that indicated it's purpose is to make sure the websites in FF are safe or something.

I googled it and found this link:

»www.reddit.com/r/techsup ··· ng_2014/

And was able to delete it.

Tisk tisk Firefox. How did an add-on so easily install itself?!

actions · 2012-Sep-13 9:32 am ·

howardfine
join:2002-08-09
Saint Louis, MO

howardfine

Member

2012-Sep-13 10:09 am

said by Robert:

Tisk tisk Firefox. How did an add-on so easily install itself?!

How does any malware install/attach itself on Windows?

actions · 2012-Sep-13 10:09 am ·

Robert
Premium Member
join:2001-08-25
Miami, FL

Robert

Premium Member

2012-Sep-13 10:11 am

said by howardfine:

said by Robert:

Tisk tisk Firefox. How did an add-on so easily install itself?!

How does any malware install/attach itself on Windows?

It's not PEBKAC, if that's what you're saying

actions · 2012-Sep-13 10:11 am ·

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to Robert

MVM

2012-Sep-13 11:12 am

to Robert

I believe the Mozilla Safe Browsing addon disappeared in Firefox 14 and up.

It's not in my addons for Firefox 15!

actions · 2012-Sep-13 11:12 am ·

howardfine
join:2002-08-09
Saint Louis, MO

howardfine to Robert

Member

2012-Sep-13 11:18 am

to Robert

No but things like this happen on Windows just by clicking on stuff.

@LoPhatPhuud - You're right. Safe Browsing hasn't been on the add-ons list for quite a while from what I've read.

actions · 2012-Sep-13 11:18 am · (locked)

Robert
Premium Member
join:2001-08-25
Miami, FL

Robert to LoPhatPhuud

Premium Member

2012-Sep-13 11:38 am

to LoPhatPhuud

So then someone is using it to trick people into believing it's a legitimate add-on!

actions · 2012-Sep-13 11:38 am ·

JohnInSJ
Premium Member
join:2003-09-22
Aptos, CA

JohnInSJ to howardfine

Premium Member

2012-Sep-13 12:20 pm

to howardfine

said by howardfine:

No but things like this happen on Windows just by clicking on stuff.

sigh... yeah. There is just no way to protect a user from themselves. Like in any OS.

actions · 2012-Sep-13 12:20 pm · (locked)

dolphins
Clean Up Our Oceans
Premium Member
join:2001-08-22
Westville, NJ

dolphins to Robert

Premium Member

2012-Sep-13 12:33 pm

to Robert

NoScript would have prevented the clickjack.

actions · 2012-Sep-13 12:33 pm ·

Glen T
join:2003-11-03
BC

Glen T

Member

2012-Sep-13 12:51 pm

I had some weirdness from a site I visit daily (forum) that users Google Site Search (unpaid version) on it. I left the Google search results page open with links to this site, and when I came back to the computer an hour later, there was a popup ad open on top of the search results. I never see popup ads on my computer, so it struck me a weird. Both Spybot S & D and Malwarebytes found nothing. And the problem has not recurred since. But I think it came from Google.

actions · 2012-Sep-13 12:51 pm ·

dolphins
Clean Up Our Oceans
Premium Member
join:2001-08-22
Westville, NJ

2 edits

dolphins to Robert

Premium Member

2012-Sep-13 1:21 pm

to Robert

Hmmm... I read the reddit-link provided an noticed the user claims to have NoScript but was still clickjacked?

I have NoScript, Adblock Plus and Flashblock extensions and so far nothing has gotten through that I didn't allow.

What also is very puzzling is how the clickjack was able to get past Avast in order to install the add-on?

actions · 2012-Sep-13 1:21 pm ·

dolphins

dolphins to JohnInSJ

Premium Member

2012-Sep-13 1:26 pm

to JohnInSJ

said by JohnInSJ:

Well, hxxp://13.perclick4advertising.com/ is a per-click ad company.

Looks like something weird in firefox. Disable all addons and extensions?

Hey John, You should alter the direct link you provided.

actions · 2012-Sep-13 1:26 pm ·

JohnInSJ
Premium Member
join:2003-09-22
Aptos, CA

1 recommendation

JohnInSJ

Premium Member

2012-Sep-13 1:46 pm

said by dolphins:

said by JohnInSJ:

Well, hxxp://13.perclick4advertising.com/ is a per-click ad company.

Looks like something weird in firefox. Disable all addons and extensions?

Hey John, You should alter the direct link you provided.

Yep thanks

actions · 2012-Sep-13 1:46 pm ·

howardfine
join:2002-08-09
Saint Louis, MO

howardfine to JohnInSJ

Member

2012-Sep-13 1:51 pm

to JohnInSJ

I'm not talking about user error. I'm talking about being tricked into clicking on something which installs malware.

actions · 2012-Sep-13 1:51 pm · (locked)

JohnInSJ
Premium Member
join:2003-09-22
Aptos, CA

JohnInSJ

Premium Member

2012-Sep-13 1:54 pm

said by howardfine:

I'm not talking about user error. I'm talking about being tricked into clicking on something which installs malware.

So, you're saying windows users are more easily tricked? Because I'm not aware of firefox behaving differently on different OSes. It seems to work exactly the same for me on OSx, Win, and Linux.

actions · 2012-Sep-13 1:54 pm · (locked)

dolphins
Clean Up Our Oceans
Premium Member
join:2001-08-22
Westville, NJ

dolphins to Robert

Premium Member

2012-Sep-13 2:17 pm

to Robert

I researched this a little and found some other users (Avast forums) claim that it comes back after a reboot. If I were you I would head over to »Security Cleanup to get a clean bill of health.

actions · 2012-Sep-13 2:17 pm ·

howardfine
join:2002-08-09
Saint Louis, MO

howardfine to JohnInSJ

Member

2012-Sep-13 2:54 pm

to JohnInSJ

Are you trolling or just nagging? Malware gets installed on Windows all the time. Malware can't get installed on *nix without proper permissions. That's what I'm saying.

actions · 2012-Sep-13 2:54 pm · (locked)

darcilicious
Cyber Librarian
Premium Member
join:2001-01-02
Forest Grove, OR

darcilicious

Premium Member

2012-Sep-13 3:35 pm

said by howardfine:

That's what I'm finally getting around to saying.

Fixed it for you.

actions · 2012-Sep-13 3:35 pm · (locked)

JohnInSJ
Premium Member
join:2003-09-22
Aptos, CA

JohnInSJ to howardfine

Premium Member

2012-Sep-13 5:02 pm

to howardfine

said by howardfine:

Are you trolling or just nagging? Malware gets installed on Windows all the time. Malware can't get installed on *nix without proper permissions. That's what I'm saying.

And only if you disable UAC on windows. Which I always reply to this FUD with. That's what I am saying.

actions · 2012-Sep-13 5:02 pm · (locked)

your moderator at work

biznatch11
join:2004-11-21
London, ON

1 recommendation

biznatch11 to dolphins

Member

2012-Sep-20 5:25 pm

to dolphins

Re: [WIN7] Google Search Results Hijacked..

said by dolphins:

Hmmm... I read the reddit-link provided an noticed the user claims to have NoScript but was still clickjacked?

Hi there, I posted that reddit thread. To clarify, I didn't have NoScript installed at the time the malicious extension somehow got installed. I installed it afterwards and the redirects did indeed occur even with NoScript active, since it wasn't a script on a page causing the problem but part of an extension, and NoScript won't block an extension.

actions · 2012-Sep-20 5:25 pm ·

dolphins
Clean Up Our Oceans
Premium Member
join:2001-08-22
Westville, NJ

dolphins

Premium Member

2012-Sep-20 11:11 pm

Thanks for the follow up it does clear up a few things. I don't think it was a clickjack I think someone mistakenly installed it on the OPs machine? I can't understand how the incoming events would get past Avast but it blocks the outgoing events?

actions · 2012-Sep-20 11:11 pm ·

howardfine
join:2002-08-09
Saint Louis, MO

howardfine to Robert

Member

2012-Sep-20 11:46 pm

to Robert

quote:
And only if you disable UAC on windows. Which I always reply to this FUD with.

And so we read about malware with IE on Windows even with UAC on which proves my point.

actions · 2012-Sep-20 11:46 pm ·

Forums → Software and Operating Systems → Microsoft	« [WIN7] Split VPN? Trying to use a http proxy for only some traf • [Excel] Add a frame into which user can click and add picture »