In a word: malware.
This is a fairly classic case of a browser hijacking.
There are many variations on the theme, but the idea is very simple: you try to go somewhere and you land … somewhere else.
DNS hijacking
What you’ve experienced seems like a pretty direct hijack. If the address bar remains unchanged – i.e. it still says “google.com” – and yet you know that you’re not seeing google.com at all, then malware has perhaps modified your system’s “hosts” file, your DNS settings, or potentially the DNS settings in your router.
Both of those approaches modify the way your system locates servers on the internet. Looking up “google.com” in DNS should normally return the IP address of one of Google’s servers. In the case of a DNS hijack, a different IP address is
returned – the IP address of a malicious server. In some cases, the malicious server can be set up to look like the site that you think you’re accessing in order to fool you into divulging personal information, like login credentials or worse.
The DNS changer malware that we’ve all heard so much about recently did exactly this.
Browser hijacking
Some malware, rather than playing with your DNS, takes a more direct route and infects your browser or a component of the browser directly.
Apparently. the recent “Flashback” malware that infected so many Macs worked this way, leveraging a vulnerability in the Java browser component used by many websites and web-based services. It’s my understanding that once infected, simple page loads weren’t impacted, but clicking on certain search results would take you not to the result you clicked on, but rather to something else, as set up by the malware authors.
Analyzing and modifying search results is just one example. Once infected, malware can do many different things in your browser.
Site hijacking
To be complete, we also need to mention that occasionally it’s not your problem at all, but a problem at the site that you’re attempting to visit. This is almost never the case with high profile sites like Google or Yahoo!, but occasionally smaller sites do get hacked.
Most often when a site gets hacked, it’s simply defaced in some way.
It’s possible, however, that once hacked, a site could fairly easily be modified to automatically send any visitors that it does get to some other website – presumably a malicious one.
Fixing the problem
Except for the later case, where the problem is actually not on your machine, fixing it should be fairly easy.
Run an up-to-date anti-malware scan.
If you’re unsure of what to run (and you should be running something, always), What Security Software do you recommend? has my current recommendations.
For a problem like this one, I’d install and run Microsoft Security Essentials, keeping that as your ongoing anti-virus and anti-spyware solution and then also run a scan by the free Malwarebytes Anti-malware tool, which seems to pick up a number of nasties that other tools do not.
(This is an update to an article originally published November 3, 2005.)
Also make sure you set a new recovery point if you are using XP. If you have to restore it will also restore the malware.
I doubt too many Spyware/MalWare inserted “itself into your browser”. 99% just edit the HOST file. Host file only affects Internet Explorer. Its just a text file which redirects IE. IT was made for good but it is a stupid idea and is a HIGHLY EXPLOITALBE. To Fix download Mozilla Firefox… No worries…because no HOST FILE.
Note: a REAL(not lame spyware) virus could hijack your entire browser in that case your in over your head…time to refomat
That’s incorrect. hosts is used by the operating system, and affects all programs accessing the internet. It actually dates back to Unix (or possibly earlier).
Hi Leo
I am also being redirected on every first and second occasion I enter a search into google and click on the intended results. On the third occasion it will take me into the intended sites. I also now have a home page of {link removed} which I cannot remove along with a protection bar I did not have previously. Any help with this would be great.
Regards
Stuart
I am also having the exact same problem as Stuart. I ran adaware and it did not fix the problem. any suggestions would be appreciated.
Thanks,
Mike
I am also having the same problem with being redirected the 1st and 2nd but on the 3rd attempt it goes to the right spot and i have ran a couple of different sprware programs
I also have the same exact problem as K5steve87 being redirected 1st and 2nd time but working correctly when clicking on a Google search result. I have updated windows defender and ran it to no avail. I am running the most current Norton
i am also having the same problem on my xp. on the third try it works. but the first and 2nd doe’s not work. how do fix it? and i tried fixing by editing the host file.
I am also having the exact same problem as Stuart. I ran adaware and it did not fix the problem. any suggestions would be appreciated.
I also have the same problem. I have used adaware and Spybot S&D along with Windows Defender and nothing. I think it was a popup with a fake “close” button that did it. If you figure it out, it’s appreciated
i am having a similar problem to stuart above,
google allows me to carry out searches, however, when i click any of the links it finds – on the first attempt i am always re-directed, but on the 2nd or 3rd attempt i am not.
i am also unable to use the “define” function in google, and use google images (both result in an almost blank page).
i have also tested yahoo and msn search engines, but they seem to be fine. i have run spybot S&D, AVG antivirus, Adaware, malwarebytes, even had an extremely helpful person from the spybotS&D forums look at my hijackthis log, reports from smitfraud, and fixwareout, but nothing seemed to correct this problem
any help on this would be great.
hi leo
can i redirect someone web site to my website, only in my computer?
tnx shachar
Hi Leo,
My google seems to work fine… it finds what i want but when i click on the link it redirects me somwhere else. I’ve ran avira 5 times and finds 6 threats which cannot be removed…?…
please help
I’ve recently been unable to download any updates from Mcafee or AVG, am getting re-directed all the time and can’t seem to find the problem. Lots of pop-ups which can’t be turned off. Every time I go to a site that has anti-virus software, I get a message that says “Sorry, this website is not available” in bad spelling no less. If I click on a sight from a search, I won’t get to the address I’m after but sometimes if I copy the sites address and paste it into my browser, it will take me to the correct site. Still no ability to download any anti-virus software. I’ve spent days fighting this one, any help would be appreciated…..
25-Nov-2008
I have been on the trail of this one. Seems to only affect google searches. I have made some headway. Found a folder in program files called “tinyproxy” it wasnt empty so after changing it from read only I descovered a hidden file called “tinyproxy.exe”. When I rename it and stop the process I can no longer access the internet. It appears my browser is being redirected using this proxy somehow. havent worked it out yet though. Hopefully I have put you guys on the trail too.
Here you go:
best in safe mode:
Delete this folder in bold.
C:Program FilesTinyProxy
Delete these files in bold.
C:windowskennyxx.exe
C:windowsfmark2.dat
Remove the Proxy setting in Internet explorer and/or in FireFox.
In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck “use a proxy server” or reconfigure the Proxy server again in case you have set it previously.
In Firefox in Tools Menu -> Options… -> Advanced Tab -> Network Tab -> “Settings” under Connection.
Click the apply button and restart that computer.
I had success with an anti virus called “fix it utilities 9”.It found files infected with adware and spyware when it was in DEEP SCANN MODE.It immediately quarantined the files. Although the insructions claim the computer would be fine with the files in quarantine it was not until i deleted them(as an option from the qurantined files page)that my computer was fully functional.The results were intantaneous.My sound driver had to be reinstalled after this,since i had no sound at all,I assume this was a complication from the virus(s).I hope this helps.This website helped quite a bit.Thanks.
——————————————————————————–
IE and FireFox and Windows Explorer will browse forward for sometimes less than a second and sometimes for up to almost 10 seconds. Examples.. My IE and FF start page is Google.com. If I start FF its OK as long as I stay at the start page. If I want to go to ebay or anywhere, it goes there for a second or a few seconds and then returns to the start page. The aol browser is OK and never malfunctions. I use Mcafee security that comes with aol. At this point just for more info, the forward green arrow is highlighted indicating that I have backed up the browser. If I click the forward arrow to attempt to go forward again to ebay, it will act the same and return to the start page again. Additionally, If I were to use anything that uses the Windows Explorer browser, the same thing will happen. Example… Start button/explore, cannot stay fixed – always reverses. I have run every adware/malware that another experienced tech on another popular site told me to and he is puzzled. I have uninstalled and then reinstalled FF. I have run ATF cleaner. I have run Malwarebytes Anti-malware and SDfix. no changes. I am submitting the asked for logs here.Also, copy and paste works intermittantly but mostly not. When the browser works (which is every now and then) the copy and paste function works normal as well.
I recently repaired a machine that was getting redirected only in google. It appears that the host file had been re-written and included hundreds of sites to go to all dealing with google. I found myself unable to edit and save, or create a new and copy over the old. What wound up having to happen was I created a new folder (Location: C:WindowsSystem32driversetc)called etc2. I copied the contents of the original etc folder. Everything exept the host file. I opened the old host file in notepad and edited the sites out. I then saved as to the new directory etc2. I then renamed the old etc folder to etc3. I changed the name of the new etc2 to etc. Attempted to use google and it works fine. What a pain in the A@@, but it worked. I have been on 100 different sites that direct to all over the place, but found nothing that could help me. I hope others are able to use this method and benifit from my pains.
One quick note is that the host file is a protected file and does not show up in the folder unless you go to tools, folder options,view, scroll down the lise and uncheck hide protected operating system files.
05-Mar-2009
I use IE6 on Win XP
When I first open IE, I am always redirected to http://www.microsoft.com/taiwan/windows/internet-explorer/download-ie.aspx?ocid=fwlink_ie6_updates.
But when I click “Home”, I can always go back to the first page set up in Tool -> Internet option?
Why? Can I disable this redirection?
I’m just posting because I think I may have a solution to some of your problems.
Apparently, quite recently a worm called Conflicker (also known as downadup, downup, and kido) has been spreading over the internet at a very rapid pace. The symptomes include:
* Google search redirecting
* Antivirus updating has been disabled (you may see the “unable to connect” message when trying to update your antivirus)
* Unable to view websites related to Antivirus software (you may see the “sorry this website is not available” message)
* And alot of popups
I have found that these are all results of Conflicker. It only affects Windows operating systems based on an exploit. Search for and download this patch for Windows “MS08-067”. I googled it and found it. When I installed the patch, everything on my computer went back to normal. I can even perform my Antivirus updates, and surf freely without having my google pages redirected all the time. Hopefully it will work for you too.
[link removed]
I am working a relatives desktop computer that has some kind of redirect virus. Any time you go on any browser, Internet Explorer or Firefox, the homepage will redirect you to a chinese “Prima Hosting page cannot be found” website. Before that it was Baidu chinese search engine, but i got rid of that one virus. If i use the search toolbar in the top right corner I will be redirected several times. I’ve tried uninstalling the web browsers and reinstalling, I’ve removed Norton and installed AVG, but that didn’t even work. I’ve tried A-squared and combo-fix, still nothing. I’ve looked up the Google redirect virus in the registry and can’t find it. Any answers please let me know. Thank you
Everytime I try to search a website through google in firefox, I can see all the search results but when I go to click on one of them it redirects me to somewhere completely different, each time I try a different link its a different site, never the same one twice. But if I copy the address directly into the address bar its fine, it only seems to happen in firefox. I’ve run all my scans and found a few virus’s and they’ve been removed or quarantined. Its driving me mad!!
Search for and download this patch for Windows “MS08-067”. As suggested buy “Ricky Bohan” This worked for me! I’m good to go. This is the fix in Windows XP Service Pack 2 and 3.
Hope this helps
I had a very similar problem and the above comments didnt really help. What did help was running ComboFix. That really did the trick!
Everytime I try to use Internet Explorer it goes to ! I am unable to look at my email, shop online, or do anything because it automatically goes to this site which is nothing. I can’t even download spyware or new virus updates because it only goes to this page. I have already tried getting rid of my cookies & temp files, but that did not help. Anyone…help!
I had the same problem. I just got rid of it by removing
Java(TM) 6 Update 18
I had a very similar problem and the above comments didnt really help. What did help was running ComboFix. That really did the trick worked for me to
I had the same problem. I uninstalled java updates and the problem was fixed.
i have the same problem..when i type google.com URL it redirect me to 1search1.net..i had tried so many applications (HitmanPro, Malwarebytes, Ccleaner, Exterminateit, Hijack, etc ), unninstall java, but still doesn’t work.. Please help me..
I found I had a trojan win32/sefnit.E, ran all the spyware and malware searches and it found nothing
file:C:Users*user*AppDataLocalDrmDrmScheme.dll
regkey:HKCU@S-1-5-21-32534609-1996396635-2218557562-1001SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN\DrmScheme
runkey:HKCU@S-1-5-21-32534609-1996396635-2218557562-1001SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN\DrmScheme
Hope this helps
C:/Windows/system32/wdmaud.sys
Delete it (or move/rename) and Reboot.
wdmaud.sys legitimate file should be located in “C:WindowsSystem32drivers”
When I go to a certain website, say facebook, I am redirected to this website called http://www.stopbadsite.com and I have tryed fixing it with Norton’s. This problem occured when my roomate was watching Netflix Instant Replay and it stopped the movie and redirected him to stopbadsite.What happened and how can I fix it?
Same problem…. youtube would never come up and google.com would always pop up some .ru site
I tried all the other stuff and I finally came up with a solution for my system running Windows 7.
I ran Hijack this and found all sorts of sites that came with my IP as the Host. Hijackthis recommended for me to go into Windowssystem32driversetchost
I deleted the “host” file. Everything worked fine on internet explorer and/or firefox.
Im running Windows7. Hope this helps out!
Well… I finally found and fixed the problem (at least for now). Here’s what I found..
The windows/system32/drivers/etc/hosts file had been corrupted with a dozen or so redirects for google and yahoo sites. Since that’s a system read-only file, I had to adjust the security on the etc folder to allow administrator access and then I removed all of the redirects… saving the file back. On reboot.. all is well. I’ve tried cold and soft boots, browsing around, and generally exercising the computer on the internet and the problem hasn’t re-occured yet….
Only Google search is being redirected on my PC . yahoo works , fine And so does google Image search .
What First pops up during the redirect every time is www dot bliywl dot net . then it goes some where else , Well Guess what There is no such thing ,
I’m a bit confused in the above fixes . As I have 1 Host file and 4 host backup files can some one give me a play by play of what to do ? Thanks !
I cleared the history, cookies, temp and all, now the browser doesn’t redirect..;)
I renamed two host files in(Windowssystem32driversetchost) to (oldhost) and eliminated the redirect problem completely. Couldn’t have been easier!!
At times like this/these..In my opinion the only real answer to this is to revert to an image backup..no need to panic though….all else can be backed up separately.
What ya think Leo??????????????????????
A couple of years ago, we had a browser hijack happen to our computer. The computer tech person we hired (who also is the supervisor of the tech department of a large company nearby) thought he had it fixed. When we picked up the computer, he decided to double check something else entirely. It was then he found that it hadn’t been fixed at all. Whatever malware/trojan/virus it was had placed itself in a host file and everytime it was deleted, etc. it replaced itself. It did not respond to AVG (which was what we had at the time I think, right now we’re using Panda Cloud) or Malwarebytes and had actually attached itself to Spybot S&D also.
We finally had to totally reinstall Windows to get rid of it.
It seems to me that people are ignoring the simplest solution. Set your DNS server address permanently in either your router (best) or in W7 (or my case) XP itself, to something like the free “opendns” at 208.67.222.222. End of story – I don’t think a virus can go in and alter your router settings… can it? Enjoy – Johnxi
@Johnxi
If you have malware on your system, there is little it cannot do. Unless you remove the malware it can change the DNS setting to whatever it wants. Since your router can be accessed through your computer, it is possible that malware can make changes to your router’s settings.
I knew I had a virus when the file I clicked on [ reported clean by antivirus ] disappeared on execution.
Watch for this latest one. here’s the story AND the fix
Like a fool not following his own advice, I downloaded an exe file
believing it to be what i expected. All prior checks on the file with 4 anti-virus programs gave it the all clear; but I knew it was dodgy the miniute the whole file disappeared after attempting to run. Aaaaaaaaagh!
I ceased all activity and run AV again which pin-pointed one file in the system32 folder as a virus. MRXSMB.SYS. Knowing how big the original EXE file was, I was sure that other hidden damage had been done. Rebooting immediatly in safe mode, I scaned again and this file ‘recreated’ itself; identified as ‘win32:SireFeF-WZ
steps to eliminate it.
1. scan registry and delete all instances of MRXSMB.SYS
2.open explorer, navigate to win32 and order files by date.
3. find any file created the moment I ran the virus file [date] usually last on the list.
4. delete these files but NOTE their names. Now open the registry and search for each file name you deleted and delete them from the registry [ carefull-delete only the file names NOT the keys]
5. run virus scanners again
6. open explorer, navigate to documents and settings, your user folder [ joe ]. search for *.exe. order by modified or date created. look for files created ATT [ usually bottom of list ]
Note their names,delete files. Now search for *.sys and go through the same process. Now open registry again and search for each noted file name, delete the file names from registry entry.
7. Get your good copy of MRXSMB.sys and put it in sys32 folder. Open permissions and ‘deny delete’
[ the virus file contained the word ‘dummy’ in it when opened with notepad – dead give-away as no such word exists in the real file]
Now reboot normal – go to mrxsmb.sys and check the word ‘dummy’ does not exist in it
That’s it. On the net, the experts say its such a stealth pest that only re-installing your OS will get rid of it but I did the above and got rid of it.
I have a slightly different variation than on here, but will try some of the suggestions when I get home.
On my PC it redirects if I get the url slightly wrong eg wwww.bbc.co.uk or http://www.bbc.oc.uk.
Which I often do!
Deleting the history in Java works, but only temporarily, few hours at most.
Various alternatives but most common is click2find page that is linked.
It is driving me crazy, and is a work PC, so I don’t have admin rights. Our IT team could not sort it either.
Hopefuly someone has the answer.
Good luck everyone, I know how frustrating it is.
To Mark Jacobs
Changing the DNS setting in your IP config – possible. Changing DNS on your router – EXTREMELY unlikely assuming you’ve set up an admin password.
15-May-2012
I did an expanded version of my accounts and here it is
Something to try to help you recover from virus when all else fails.
Nearly all virus files operate in 2 ways. They either compose a new file which is itself the virus; or they substitute an existing file for a ‘dummy’ file which is the virus with the same name.
Most anti-virus programs quarantine or erase the file identified by option choice; but non give you the option
of replacing the identified file with the real one, then locking that file in the permissions area [ forbid erase by your log in name ]. Especially problematic if the infected file is an essential boot file.
If your anti-virus program alerts you to a virus in a file while it is running by command [ initiate scan by you ],
pause the scan and replace the identified file with your backup file; now manually ‘lock’ the file by OS permissions as above then continue the scan. Do the same for each file encountered with a virus. This gives you time to find the initial command file that is doing the damage because it cannot initiate if the OS denies erase.
Now that we have locked files that attempt to be erased and substituted, we can look for the file or files that have been composed to initiate the actions. Time stamps tell you a lot and looking for files that suddenly appear is relatively easy. Most virus files are initiated from one of two places [ to cover all editions of windows ].
The first is in the ‘documents and settings’ folder usually under your logged in profile. By searching files by time stamp [ *.* ] you can pinpoint the exact file that was composed at the time you got the virus OR the nearest time to the present if you left scanning till later. If you find, say, 2 files composed at the nearest time to the present; erase them after noting their names. If they are EXE, COM, DLL, SYS, BAT files, you don’t need to do the substitution method [ not yet anyway ] just note and erase..
Now go to the windowssystem32 directory and search again by time stamp. Remember, the created virus files will have the same time stamp [ or damn near close ]. Again, note the file names, erase the files – now go to your MIRROR BACK UP FILES on another physical drive [ you do have these, don’t you ? ] and search for these names to see if they exist. If they do, copy the good files to where they should be and LOCK THEM by OS permissions [ forbid erase again ].
If the file you erased is NOT a valid file, we need to temporarily fool the virus composer into thinking that it exists already to do it’s dirty work. This gives us time to root out any master file we might have missed that was placed somewhere we are not looking.
Make a notebook TXT file with the same name as the file that shouldn’t be were you found it [ EG. xyz.sys ] Fill the text file with the word ‘null’ about a page worth will do. Save the file as xyz.sys and lock this by OS permissions as well [ just to be safe, in case the virus composer checks the byte value ].
What have we got ?. Well, we replaced all the suspect files with our back ups and LOCKED them by permissions. We put in dummy files that shouldn’t be there and LOCKED them by permissions.
CONTINUE THE SCAN. Chances are, you won’t see any more alerts but if you do; back to square one.
OK, now we have scanned to the end; do ANOTHER complete scan to be sure, to be sure. All clear ?
NOW we have a one list of file names that SHOULD NOT be present. Open the registry with ‘regedit’ in the run command window. Search for instances of each of these bogus files and erase them from the registry if found [ do not erase keys – just the file names themselves ]. The replaced and locked valid files [ valid ones from our mirror back up ] should be left alone as these are real files, not bogus ones.
now reboot your PC in normal mode. Do another scan. All clear ?,
Now, do your peeking at time stamps in the 2 areas I’ve mentioned and you should see no files created anywhere near the present date. We do the final peek to be sure that there is no file that even attempts to install a virus even if it’s efforts are blocked by locked files. Hopefully, you should be all clear. If, for some reason, the PC will not boot to normal windows [ because you accidentally erased an essential file ]; boot to safe mode and copy [ lock ] the files again. There are only very few essential files that windows needs to boot to safe mode so really, this scenario would be rare indeed; I’ve never encountered it myself and I’ve used this method 3 times already in the last few years.
I use this method in 2 instances.
1. Immediately after realising I got a virus by running a program
2. When all efforts to get rid of a virus fail after being identified by my scanners [ the file recomposes itself ]
So far, I’ve managed to avoid doing a complete reload of OS with this last ditch effort.
The key to this method is having a scanner that identifies the infected file [ not necessary the ‘master’ file that composes the virus, just a file that got infected – and [ most important ] a complete backup of the boot drive, on another drive you can source your OS files from. For this, I use Karen’s replicator [ free program ] and re-replicate the complete drive before I attempt to install anything. Hope this method is of some use to you people tearing your hair out.
A user clicks a link in a web browser and it redirects to some other site or pulls up ads. What could be the reason and what can be done?
The reasons could be malware, options unintentionally selected somehow during surfing, the browser itself because of default options or the websites with legal redirects. I’ve seen browsers by some companies redirecting to their own inferior search engines from the selected one. Unfortunately, remedies tried may cause even worse problems. Registry repairs may force re-install of the OS with all the options and updates, upgrades, drivers, registrations gone. Another reason for good back-ups! And many programs, especially AIO types may cause more harm than good with so many options and potential to wreak havoc. That’s why I prefer to maintain and clean my PC’s myself manually.
If a good combination of AV and FW software is running all the time, with proper settings, I wouldn’t consider malware a great threat compared to what some regular software and OS/security updates do. Last time I had a malware infection was in 1997. However, I get requests from friends for this problem and manual remedies have almost always been good enough.
Some of the items to be checked manually are:
Running processes and system parameters.
Internet and browser options; including browsing and security settings, selected DNS servers, search assistants, geolocation and other junk, website redirect permits, new pages, etc.
Registry Modifications by malware or permitted software, registry areas to be investigated are actually not that much, just some familiarity is needed.
DNS Servers, sometimes infected by malware themselves, although rare. Actually DNS server selection should not be left to ISP/browser and DNS servers paid by some big names should be avoided against having redirection and ad problems.
Note that none of the anti-malware products would indicate most of these items, except some optimization software and even a re-install of the OS may not work.
when i give any url (website address), then the browser itself return to google page.
i installed another browser i.e opera, then problem has solved, but why i facing in Mozilla and Internet explorer?
plz sir help me
thanks
I have a similar problem. whenever I log in to Facebook and Hotmail, I always end up in yahoo search altavista which is terribly terribly annoying. I have to refresh many many times before facebook or Outlook appears but then sometimes reverts back to altavista search… I don’t know what triggers it to go back;
What can I do to stop this from happening?
Hey Leo,
My problem is little bit different . In every 10 minutes a new browsers opens and redirect me to a website as “http://www.big-countries.com/”. Please help me ,it also slows down my laptop.
Try following the instructions in this article How do I remove PUPs, foistware, drive-bys, toolbars, and other annoying things I never wanted? I’ve found that Adwcleaner worked every time for me with that kind of problem.
Please tell me where I may find someone to hire to remove ask.com from my computer. Very much appreciated!!
Happy Holidays ~ :-)
Sincerely,
Cheryl
Ask.com is probably a toolbar in your browser. This article may help: http://ask-leo.com/how_do_i_get_rid_of_toolbars_in_my_browser.html
I’m confused. Ask.com is a website, not something to be removed. So … don’t go to that web site. Now, if there are other things going on, then perhaps its more generic malware that needs to be removed so I’d have you perform up to date malware scans – https://askleo.com/how_do_i_remove_malware/ – and PUP removal – https://askleo.com/how-do-i-remove-pups-foistware-drive-bys-toolbars-and-other-annoying-things-i-never-wanted/
Hi, I have my own googlesites web page and one link leads to my Blogger blog page. I have not been active on it for some time. When I try to open my blog page from google sites, the pages opens momentarily and then some ad page appears. How do I fix this? Thanks!
Hi Leo,
After installing Kaspersky Pure 3.0, whenever I go to Google, for example, I am being asked in my Firefox 35.0 v browser to save (or open) what appear to be Google temp files. This is a new issue and very annoying. I never changed my cookie acceptance settings and wonder if Kaspersky needs a Google certificate installed to function properly.
Any ideas???
TIA,
T in PDX
Uninstall Kaspersky and see if the problem goes away. If it does, then contact Kaspersky support.
I have this problem for many years now, I have asked this question on the Apple support forum but some idividual keeps deleting some of my postings. Here is the link :
https://discussions.apple.com/thread/7135041
I set my default URL to Yahoo.com, but when I turn on the laptop – MSN.COM always comes up in the url address space. HELP – It’s not one time thng – it’s ongoing every time I want to use the internet by pressing IE. thanks
Hi Leo !! I just came to say Thank You for ALL YOUR ADVISE. . . But I was reading in this Page and I found this. . . Quote: [ ” I also now have a home page of {link removed} which I cannot remove along with a protection bar I did not have previously. Regards ~ Stuart ” ] / End of Quote. . . I did not Click on that particular Link mentioned above in this Post . . . But Let me ASK YOU LEO . . . it is not better ?, to DO NOT have it ACTIVE THAT KIND OF LINKS? just Gayed out !! Mentioned so Everybody like me I just Copied and Pasted in my HOSTS file so I prevent to fall with my IE8, IE9, Google Chorme, Mozilla FireFox and Opera Browsers fall with a Redirect that take me to that BADsite !
Protect Your ASKLEO.com With a JavaScript ( Plug-In ) that I Use in My WebSites ( it’s Free ! ) . . . {link removed} will allow and show the Good Alexa Rank for a Good Site and will Handle ALL THE BAD WEBSITES removed automatically, and You don’t have to be worry about the Links that Your Visitors are posting !! . . . Specially all those WebSites FAKE ANTI-VIRUS, or FAKE PROTECTION or Hijackers and Encrypters, or those Criminals . . . Ransom Ware. . . Thank You Leo. ! ( how to avoid beeing redirected by yahoo / google GEO Tracker ? )
Thanks for pointing that out. I removed the link from the comment that was made in 2007, as well as removing the link from your post – since it was obscured by a bitly redirect.
How can you determine if its a website that has the issue and not your browser? This is what I suspect since I only get redirected when visiting a specific site. Is there a test that can be run to confirm this?
The fact that it happens on only one website is a pretty good clue. Another thing to try is use a different browser and see what happens when you go to that same site.
Not a simple one, no. If you’re slightly techy you might look into the developer tools in your browser. Sites like http://redirectdetective.com/ might also help (no endorsement, try at your own risk).
Hi Leo,
I had a strange thing happen on my iPad this morning when I was sent an article from Yahoo Canada. The article was in English but everything around it was Chinese and instead of Yahoo.ca it was tw.yahoo. I tried different web browsers & clicking other articles and they were completely in Chinese including the settings options Syd and yet Yahoo Australia was still normal. Does this mean malware had infected my iPad? If so, how can I get rid of it? I noticed this evening when I go to Yahoo Canada it’s all looking normal again. Thanks!
Hi Leo,
I need you knowledge… my website has been hacked it looks normal in Chrome or Firefox … the issue is when you open my page on a AOL browser half of my page is gone and has adult sites all over this is my site {url removed} please help
That sounds more like you have some sort of plugin or toolbar in your AOL browser. Try uninstalling it, and doing a fresh install. This article may help sort it out: http://ask-leo.com/how_do_i_get_rid_of_toolbars_in_my_browser.html
I can’t. You’ll need to work with your web host or your webmaster to get things cleared up.
I log into yahoo.com to get to yahoo mail and it redirects to Searchprivacy
Can this happen using an Iphone as well?
Hi Leo, I clicked on a car advertisement but when I go in to my history and click on the date and details and the website it re-directs me to the current webpage. How do I get the exact page I saw on that date?
No real way for me to know. It really depends on the pages involved and the specific advertising technology being used.
Every time I search for something, it takes me directly to a website pertaining to my question. When I try to go back to search a different website, my computer immediately goes to the original website. It is so frustrating! And it happens all the time, regardless of what I’m searching. This only happens on one of my computers, and it didn’t do this previously. It started a couple months ago, so I’m thinking it is something in the settings. Can anyone help? Thank you.