dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2321
share rss forum feed


Rob
In Deo speramus.
Premium
join:2001-08-25
Kendall, FL
kudos:2
Reviews:
·Comcast

[WIN7] Google Search Results Hijacked..

Not sure what happened, but many of my google research results are being hijacked and redirected through "http://googleads.g.doubleclick.net", which Avast! is blocking.

I've run malwarebytes and it didn't find anything.

Anything else I can try??

Thanks!
--
CheckSite.us | YourIP.us | Reverseip.us


BlitzenZeus
Burnt Out Cynic
Premium
join:2000-01-13
kudos:3

Google owns doubleclick



howardfine

join:2002-08-09
Saint Louis, MO

1 recommendation

Google owning doubleclick has nothing to do with the problem.

Are you sure you're not clicking on the ads on the results page?



Rob
In Deo speramus.
Premium
join:2001-08-25
Kendall, FL
kudos:2
Reviews:
·Comcast

Nope, I'm just clicking the regular results.

That has now stopped - and now I get this warning from Avast! every time I search Google (not clicking any links, just searching).

This is only happening in Firefox - IE doesn't throw up these warnings.

I've scanned with MBM and SuperAntispyware and nothing is coming up.
--
CheckSite.us | YourIP.us | Reverseip.us


JohnInSJ
Premium
join:2003-09-22
Aptos, CA

1 edit

1 recommendation

reply to Rob

Well, hxxp://13.perclick4advertising.com/ is a per-click ad company.

Looks like something weird in firefox. Disable all addons and extensions?
--
My place : »www.schettino.us



Rob
In Deo speramus.
Premium
join:2001-08-25
Kendall, FL
kudos:2
Reviews:
·Comcast

Thanks! I forgot about the addons.

After disabling the addons and reenabling, I discovered an add-on called "Mozilla Safe Browsing 2.0.14" that indicated it's purpose is to make sure the websites in FF are safe or something.

I googled it and found this link:

»www.reddit.com/r/techsupport/com···ng_2014/

And was able to delete it.

Tisk tisk Firefox. How did an add-on so easily install itself?!
--
CheckSite.us | YourIP.us | Reverseip.us



howardfine

join:2002-08-09
Saint Louis, MO

said by Rob:

Tisk tisk Firefox. How did an add-on so easily install itself?!

How does any malware install/attach itself on Windows?


Rob
In Deo speramus.
Premium
join:2001-08-25
Kendall, FL
kudos:2
Reviews:
·Comcast

said by howardfine:

said by Rob:

Tisk tisk Firefox. How did an add-on so easily install itself?!

How does any malware install/attach itself on Windows?

It's not PEBKAC, if that's what you're saying
--
CheckSite.us | YourIP.us | Reverseip.us


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to Rob

I believe the Mozilla Safe Browsing addon disappeared in Firefox 14 and up.

It's not in my addons for Firefox 15!



howardfine

join:2002-08-09
Saint Louis, MO
reply to Rob

No but things like this happen on Windows just by clicking on stuff.

@LoPhatPhuud - You're right. Safe Browsing hasn't been on the add-ons list for quite a while from what I've read.



Rob
In Deo speramus.
Premium
join:2001-08-25
Kendall, FL
kudos:2
reply to LoPhatPhuud

So then someone is using it to trick people into believing it's a legitimate add-on!



JohnInSJ
Premium
join:2003-09-22
Aptos, CA
reply to howardfine

said by howardfine:

No but things like this happen on Windows just by clicking on stuff.

sigh... yeah. There is just no way to protect a user from themselves. Like in any OS.
--
My place : »www.schettino.us


dolphins
Clean Up Our Oceans
Premium
join:2001-08-22
Westville, NJ
kudos:7
reply to Rob

NoScript would have prevented the clickjack.


Glen T

join:2003-11-03
BC

I had some weirdness from a site I visit daily (forum) that users Google Site Search (unpaid version) on it. I left the Google search results page open with links to this site, and when I came back to the computer an hour later, there was a popup ad open on top of the search results. I never see popup ads on my computer, so it struck me a weird. Both Spybot S & D and Malwarebytes found nothing. And the problem has not recurred since. But I think it came from Google.



dolphins
Clean Up Our Oceans
Premium
join:2001-08-22
Westville, NJ
kudos:7
Reviews:
·Comcast

2 edits
reply to Rob

Hmmm... I read the reddit-link provided an noticed the user claims to have NoScript but was still clickjacked?

I have NoScript, Adblock Plus and Flashblock extensions and so far nothing has gotten through that I didn't allow.

What also is very puzzling is how the clickjack was able to get past Avast in order to install the add-on?
--
Stop The Mindless Killings Stop Over Fishing



dolphins
Clean Up Our Oceans
Premium
join:2001-08-22
Westville, NJ
kudos:7
Reviews:
·Comcast
reply to JohnInSJ

said by JohnInSJ:

Well, hxxp://13.perclick4advertising.com/ is a per-click ad company.

Looks like something weird in firefox. Disable all addons and extensions?

Hey John, You should alter the direct link you provided.
--
Stop The Mindless Killings Stop Over Fishing


JohnInSJ
Premium
join:2003-09-22
Aptos, CA

1 recommendation

said by dolphins:

said by JohnInSJ:

Well, hxxp://13.perclick4advertising.com/ is a per-click ad company.

Looks like something weird in firefox. Disable all addons and extensions?

Hey John, You should alter the direct link you provided.

Yep thanks
--
My place : »www.schettino.us


howardfine

join:2002-08-09
Saint Louis, MO
reply to JohnInSJ

I'm not talking about user error. I'm talking about being tricked into clicking on something which installs malware.



JohnInSJ
Premium
join:2003-09-22
Aptos, CA

said by howardfine:

I'm not talking about user error. I'm talking about being tricked into clicking on something which installs malware.

So, you're saying windows users are more easily tricked? Because I'm not aware of firefox behaving differently on different OSes. It seems to work exactly the same for me on OSx, Win, and Linux.
--
My place : »www.schettino.us


dolphins
Clean Up Our Oceans
Premium
join:2001-08-22
Westville, NJ
kudos:7
Reviews:
·Comcast
reply to Rob

I researched this a little and found some other users (Avast forums) claim that it comes back after a reboot. If I were you I would head over to »Security Cleanup to get a clean bill of health.
--
Stop The Mindless Killings Stop Over Fishing



howardfine

join:2002-08-09
Saint Louis, MO
reply to JohnInSJ

Are you trolling or just nagging? Malware gets installed on Windows all the time. Malware can't get installed on *nix without proper permissions. That's what I'm saying.



darcilicious
Cyber Librarian
Premium
join:2001-01-02
Forest Grove, OR
kudos:4
Reviews:
·Frontier FiOS

said by howardfine:

That's what I'm finally getting around to saying.

Fixed it for you.
--
♬ Music is life ♬


JohnInSJ
Premium
join:2003-09-22
Aptos, CA
reply to howardfine

said by howardfine:

Are you trolling or just nagging? Malware gets installed on Windows all the time. Malware can't get installed on *nix without proper permissions. That's what I'm saying.

And only if you disable UAC on windows. Which I always reply to this FUD with. That's what I am saying.
--
My place : »www.schettino.us
Expand your moderator at work

biznatch11

join:2004-11-21
London, ON

1 recommendation

reply to dolphins

Re: [WIN7] Google Search Results Hijacked..

said by dolphins:

Hmmm... I read the reddit-link provided an noticed the user claims to have NoScript but was still clickjacked?

Hi there, I posted that reddit thread. To clarify, I didn't have NoScript installed at the time the malicious extension somehow got installed. I installed it afterwards and the redirects did indeed occur even with NoScript active, since it wasn't a script on a page causing the problem but part of an extension, and NoScript won't block an extension.


dolphins
Clean Up Our Oceans
Premium
join:2001-08-22
Westville, NJ
kudos:7
Reviews:
·Comcast

Thanks for the follow up it does clear up a few things. I don't think it was a clickjack I think someone mistakenly installed it on the OPs machine? I can't understand how the incoming events would get past Avast but it blocks the outgoing events?
--
Stop The Mindless Killings Stop Over Fishing



howardfine

join:2002-08-09
Saint Louis, MO
reply to Rob

quote:
And only if you disable UAC on windows. Which I always reply to this FUD with.
And so we read about malware with IE on Windows even with UAC on which proves my point.