 RobIn Deo speramus.Premium
join:2001-08-25
Kendall, FL
kudos:3 | [WIN7] Google Search Results Hijacked.. Not sure what happened, but many of my google research results are being hijacked and redirected through "http://googleads.g.doubleclick.net", which Avast! is blocking.
I've run malwarebytes and it didn't find anything.
Anything else I can try??
Thanks!
--
CheckSite.us | YourIP.us | Reverseip.us |
|
 BlitzenZeusBurnt Out CynicPremium
join:2000-01-13
kudos:2 | Google owns doubleclick |
|
| Google owning doubleclick has nothing to do with the problem.
Are you sure you're not clicking on the ads on the results page? |
|
RobIn Deo speramus.Premium
join:2001-08-25
Kendall, FL
kudos:3 | Nope, I'm just clicking the regular results.
That has now stopped - and now I get this warning from Avast! every time I search Google (not clicking any links, just searching).
This is only happening in Firefox - IE doesn't throw up these warnings.
I've scanned with MBM and SuperAntispyware and nothing is coming up.
--
CheckSite.us | YourIP.us | Reverseip.us |
|
 JohnInSJPremium
join:2003-09-22
San Jose, CA
1 edit | reply to Rob
Well, hxxp://13.perclick4advertising.com/ is a per-click ad company.
Looks like something weird in firefox. Disable all addons and extensions?
--
My place : »www.schettino.us |
|
RobIn Deo speramus.Premium
join:2001-08-25
Kendall, FL
kudos:3 | Thanks! I forgot about the addons.
After disabling the addons and reenabling, I discovered an add-on called "Mozilla Safe Browsing 2.0.14" that indicated it's purpose is to make sure the websites in FF are safe or something.
I googled it and found this link:
»www.reddit.com/r/techsupport/com···ng_2014/
And was able to delete it.
Tisk tisk Firefox. How did an add-on so easily install itself?!
--
CheckSite.us | YourIP.us | Reverseip.us |
|
|
|
Reviews:
 ·AT&T Southwest
| said by Rob:Tisk tisk Firefox. How did an add-on so easily install itself?!
How does any malware install/attach itself on Windows? |
|
RobIn Deo speramus.Premium
join:2001-08-25
Kendall, FL
kudos:3 | said by howardfine:said by Rob:Tisk tisk Firefox. How did an add-on so easily install itself?!
How does any malware install/attach itself on Windows? It's not PEBKAC, if that's what you're saying 
--
CheckSite.us | YourIP.us | Reverseip.us |
|
 LoPhatPhuudPremium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26 | reply to Rob
I believe the Mozilla Safe Browsing addon disappeared in Firefox 14 and up.
It's not in my addons for Firefox 15! |
|
| reply to Rob
No but things like this happen on Windows just by clicking on stuff.
@LoPhatPhuud - You're right. Safe Browsing hasn't been on the add-ons list for quite a while from what I've read. |
|
RobIn Deo speramus.Premium
join:2001-08-25
Kendall, FL
kudos:3 | reply to LoPhatPhuud
So then someone is using it to trick people into believing it's a legitimate add-on! |
|
JohnInSJPremium
join:2003-09-22
San Jose, CA Reviews:
 ·PHONE POWER
 ·Comcast
| reply to howardfine
said by howardfine:No but things like this happen on Windows just by clicking on stuff.
sigh... yeah. There is just no way to protect a user from themselves. Like in any OS.
--
My place : »www.schettino.us |
|
 dolphinsClean Up Our OceansPremium
join:2001-08-22
Westville, NJ
kudos:3 | reply to Rob
NoScript would have prevented the clickjack. |
|
| I had some weirdness from a site I visit daily (forum) that users Google Site Search (unpaid version) on it. I left the Google search results page open with links to this site, and when I came back to the computer an hour later, there was a popup ad open on top of the search results. I never see popup ads on my computer, so it struck me a weird. Both Spybot S & D and Malwarebytes found nothing. And the problem has not recurred since. But I think it came from Google. |
|
dolphinsClean Up Our OceansPremium
join:2001-08-22
Westville, NJ
kudos:3 Reviews:
·Comcast
2 edits | reply to Rob
Hmmm... I read the reddit-link provided an noticed the user claims to have NoScript but was still clickjacked?
I have NoScript, Adblock Plus and Flashblock extensions and so far nothing has gotten through that I didn't allow.
What also is very puzzling is how the clickjack was able to get past Avast in order to install the add-on?
--
Stop The Mindless Killings Stop Over Fishing |
|
dolphinsClean Up Our OceansPremium
join:2001-08-22
Westville, NJ
kudos:3 Reviews:
·Comcast
| reply to JohnInSJ
said by JohnInSJ:Well, hxxp://13.perclick4advertising.com/ is a per-click ad company.
Looks like something weird in firefox. Disable all addons and extensions?
Hey John, You should alter the direct link you provided.
--
Stop The Mindless Killings Stop Over Fishing |
|
JohnInSJPremium
join:2003-09-22
San Jose, CA Reviews:
·PHONE POWER
·Comcast
| said by dolphins:said by JohnInSJ:Well, hxxp://13.perclick4advertising.com/ is a per-click ad company.
Looks like something weird in firefox. Disable all addons and extensions?
Hey John, You should alter the direct link you provided. Yep thanks
--
My place : »www.schettino.us |
|
| reply to JohnInSJ
I'm not talking about user error. I'm talking about being tricked into clicking on something which installs malware. |
|
JohnInSJPremium
join:2003-09-22
San Jose, CA Reviews:
·PHONE POWER
·Comcast
| said by howardfine:I'm not talking about user error. I'm talking about being tricked into clicking on something which installs malware.
So, you're saying windows users are more easily tricked? Because I'm not aware of firefox behaving differently on different OSes. It seems to work exactly the same for me on OSx, Win, and Linux.
--
My place : »www.schettino.us |
|
dolphinsClean Up Our OceansPremium
join:2001-08-22
Westville, NJ
kudos:3 Reviews:
·Comcast
| reply to Rob
I researched this a little and found some other users (Avast forums) claim that it comes back after a reboot. If I were you I would head over to »Security Cleanup to get a clean bill of health.
--
Stop The Mindless Killings Stop Over Fishing |
|
