Jump to content
Dennis Oakley

Google Search Results Containing Malware

Recommended Posts

Hi Johanna,

I just wanted to make you aware of something I came across lately in Google searches. Not sure if it's just me or if anyone else has had a problem.

When doing Google searches for variety of leatherwork topics the results will show a link to leatherworker.net but when clicked on it it takes you to a different site that has malware and locks the browser into the site. I end up using Task Manager to kill the browser. For instance, tonight I did a search for "Leather guitar strap kit" and the 6th link said "Tandy guitar strap kit - Patterns and Templates - leatherworker.net". When clicked on it takes the browser to a different website, popups come up, and it locks the browser into a loop where you can't close without installing something.

This has happened to me a dozen times over the past two weeks, only on links pointing to this site. Also happened to me on more than one pc, my home pc and my office pc.

Really strange.

Share this post


Link to post
Share on other sites

Hi Johanna,

I just wanted to make you aware of something I came across lately in Google searches. Not sure if it's just me or if anyone else has had a problem.

When doing Google searches for variety of leatherwork topics the results will show a link to leatherworker.net but when clicked on it it takes you to a different site that has malware and locks the browser into the site. I end up using Task Manager to kill the browser. For instance, tonight I did a search for "Leather guitar strap kit" and the 6th link said "Tandy guitar strap kit - Patterns and Templates - leatherworker.net". When clicked on it takes the browser to a different website, popups come up, and it locks the browser into a loop where you can't close without installing something.

This has happened to me a dozen times over the past two weeks, only on links pointing to this site. Also happened to me on more than one pc, my home pc and my office pc.

Really strange.

Works fine for me. You likely have a root kit virus, pointing you to a rouge DNS server. Search for malwarebytes and install it and run a scan. Also download tdsskiller from support.kasper.com/5350 install it and run it to detect and fix. I had a similar thing a month or so ago, also related to google searches, but couldn't get any results from a google search.

Hope this helps

Tom

Share this post


Link to post
Share on other sites

I have experienced that a few times lately too but I use Avast so when I attempt to click on the link, Avast alerts me of possible Malware and blocks the site from loading so my system is not harmed. Being that you your system was "locked in a loop" as you stated I do think that you may need a better Antivirus software installed. Avast.com has a free version that will do the job. Before installing I do think you will need to clean up your computer, if you do not have any experience go to bleepingcomputers.com which is a site dedicated to helping people cleanup their computer from viruses and they will get you straightened out.

On the other side of this: I am a member of many forums and the moderator on several, and we have been getting these types of messages from members on several of the forums I am a part of and I honestly think it is more likely the website/Google that has been hacked not necessarily a virus on the users computer. (Although in the posters case I do think his computer is infected if it locks up the computer) I for one have gotten a Malware message when attempting to click on a link found in a Google search, and I know for a fact as an X-computer technician my computer is not infected. This only happen to me a few times when searching on Google, I did the exact same search on Yahoo and Bing and the links opened fine. If I had a virus on the computer it would do this regardless of what website/search provider I used, but it only does this when I click on a leatherworker.net link. Google is aware of these issues because people are screaming about it in the Google groups but of course they are pointing the finger at the user and doing nothing to help.

Karina

Share this post


Link to post
Share on other sites

Karina I have to agree that it's a Google problem and not necessarily a person's computer. When I got your original message, Dennis, I investigated immediately. The site and server are clean. I did a search using the terms you mentioned, and the first time I clicked the link I got a weird page, and the status bar indicated I was on LW. But the page doesn't exist here. Strange. So I did it again on my daughter's computer, no problem. My son's computer on a different network, all okay, tried my computer again and the link went straight to LW like it was supposed to. Now I'm wondering what the devil is happening, so I start Googling common LW search terms. Every LW link came up clean on all the computers, so now I can't duplicate the problem, but I saw the odd page too- said 404 and was shrouded in gray. (should have screen capped it for submission to Google!) If anyone experiences this again, please let me know as much detail as you can. I filed a ticket with Google to have them investigate after I started Googling for other examples of this kind of thing. Like Karina said, Google is aware of the issue because they have all sorts of folks fussing about redirected links.

bleepingcomputer.com and geekstogo.com are excellent resources for people looking to make sure their computers are clean. I know the admins there, and they have top-of-the-line help to assist you.

~J

Share this post


Link to post
Share on other sites

Hi. Just a quick note. This past week or so I notice emails received based on subscribed threads contain faulty links.

I click the "The topic can be found here" link in the email and it directs me to some spammy-type site. I have to close the browser and re-click the subscription link to get to the Leatherworker site thread.

Not sure if anyone else is experiencing this?

Thanks

Share this post


Link to post
Share on other sites

I would like to see one of those emails, and if you know how to copy the headers, I would appreciate it. No one else has reported anything like that, and I am not aware of any problems with the mailserver. Thanks for your help.

~J

admin@leatherworker.net

Share this post


Link to post
Share on other sites

I went back to find a recent email where this occurred and wouldn't you know it, the links bring me directly to the thread! Oh well, I shouldn't complain as things are working fine now. :specool:

If it happens again I will forward the email.

Appreciate the reply!

Share this post


Link to post
Share on other sites

I've had this happen across multiple forums, it happens when you click a link either from email, or even a google search sometimes.

it takes you to a page asking you to fill out a survey before it will take you to the link destination, and when you try and go back, one of those annoying pop-ups comes up asking if you really want to leave the page.

I deleted cookies and ran spybot and managed to get rid of it for a while, but then it popped back up tonight.

kinda wished I screencapped it

Share this post


Link to post
Share on other sites

Actually, I just had this happen yesterday from a google search that linked to a thread here. The link first sent me to some other site and then when I closed it and clicked the link again it took me to the appropriate thread here. So, Joanna, I think if you do a google search for stuff that will come up with results on the forum and then sporadically click them, you may be able to reproduce it on occasion. Next time it happens to me I'll do a better job at documenting what's going on for you.

Share this post


Link to post
Share on other sites

I use an application called MyWOT and it lets me know which Google results are trusted or questionable by placing icons beside each result, even Google Images. It also works inside Facebook as well.

I just did a Google search as others have done above, and clicked on one of the recommendations from Google that was not trusted, it sent me to this website: NOTE: DO NOT CLICK THIS LINK OUT OF CURIOSITY http://om55nh8.onmypc.info/joomla/

It brings up some survey scam. I just clicked the above link from inside my post, and it brought up "Adult Friend Finder" website, MyWOT shut it down right away, and brought up a screen informing me of the dangers of accessing this site. It gives you the option of entering and even rating the site.

I also clicked many of the results listed as "Trustworthy" and none of them were a problem.

So, to be safe while surfing and searching, I'd suggest you go to http://www.mywot.com/en/download and download and install their free software, I think you'll appreciate the added security.

Edited by Beaverslayer

Share this post


Link to post
Share on other sites

Here's a screenshot of what you see when MyWOT is activated by a bad website.

post-1605-0-75132100-1357679461_thumb.jp

Share this post


Link to post
Share on other sites

That kind of stuff is cool, but there's still a problem with the links to the forum that needs to be addressed. From what I read above and what I experienced, they are actual legitimate links that go to the forums pages, either through a forum generated email or from a google link. The question is, what's happening to cause the occasional re-direct to this survey site.

Share this post


Link to post
Share on other sites

since I had a moment, I just tried it again. I googled "leather round knife" and found a result that pointed toward this forum.

The link goes here http://leatherworker...showtopic=21377 - this link is safe and only goes to the forum ;)

But, the first time I clicked it, it loaded the above address into my address bar and then instantly took me to the location of this screenshot, which as you can see is in the process of loading popups. So, this is happening AFTER loading the forums pages.

post-22094-0-89643000-1357703865_thumb.j

Share this post


Link to post
Share on other sites

So Google is allowing a legit link from the forum to display the real forum page and then interrupting it with these rogues?

Share this post


Link to post
Share on other sites

Johanna, I've tried this a few times today and it's not just Google results for this forum, but many different Google results are being redirected to rogue sites. I have no idea as to how to send Google a message that they would believe and do something about. They would most likely think I was just some crack pot who wears a tinfoil hat all day and night.

Share this post


Link to post
Share on other sites

I think so. I just got one too.

A google seach for " beveling leather lace " gave me this google search page:

post-21845-0-85564900-1357706818_thumb.j

Clicking on the link for "Beveling Rawhide and Leather - Braiding" took me to the LeatherWorker.net forum, which was hijacked mid-load and redirected to this:

post-21845-0-86094000-1357706943_thumb.j

Share this post


Link to post
Share on other sites

Winter,

I just performed the exact same search as you, got the exact same result page. I clicked the same link you did, but was redirected to a different "Scam" page. It told me I was the winner of some Visa Gift Certificate, also knew I was from Calgary, as the browser address bar was blinking saying congratulations Calgary.

By what I am reading from Googling about redirecting links on Google, this has been going on for some time, and may actually be an old virus of some sort that has nothing to do with Google. I'm doing a complete scan right now, hopefully nothing shows up.

Share this post


Link to post
Share on other sites

So Google is allowing a legit link from the forum to display the real forum page and then interrupting it with these rogues?

It sounds like it's not just Google, that's just the easiest way to reproduce it. The previous posts that started the thread referred to email links from the forum software doing it as well. That would pretty much take Google out of the mix. From there that would leave something with the forum software or our computers. I know I've duplicated it from 3 different computers right now, one of which was a fresh installation with all of our virus and malware updates. I don't want to rule out our end computers, but with so many people experiencing it at once it's less likely that that's the case.

Share this post


Link to post
Share on other sites

For fun I just went to Yahoo and did it as well. Got the exact same popup/redirect I had last night on post #9, from a completely different computer and ISP.

Share this post


Link to post
Share on other sites

In all the reading I've done on this, it is also possible that our routers may have a virus in them. There is so much information on the web about this type of thing, going back at least 3 years, right up till now.

There are a few reputable forums that have "DETAILED" instructions on how to get rid of some unknown virus, but in all of them, you have to download many different malware/cleaning software, send them the log files....download more software...send log files again, and keep doing this until the redirects are stopped.

Others say all you have to do, is to install Firefox "No Script" add-on, but all this did was hide the problem, and screw up trusted pages that needed scripts.

I'm going to try a "Hard Reset" on my router a bit later today and see if this changes anything.

Share this post


Link to post
Share on other sites

Hmmm, don't know if I can update my brand new $150,000 Cisco router without a big change request.

Share this post


Link to post
Share on other sites

Well Cyberthrasher don't worry about that big change request, as doing the hard reset on my router did nothing to change the problem.

I've done a complete scan of my computer as well and am still having the redirect happen. At this point, who knows what to do, I'll just keep closing the hijacked window when it happens.

I'm going to send Google a scathing email as well and see if that does any good.....

Share this post


Link to post
Share on other sites

Sounds good, they can probably use it either way :)

I was just outside smokin and thinkin as I do and my mind kept going back to the fact that it never happens when clicking a link from inside the forum software.....That's definitely the most complexing part.

Share this post


Link to post
Share on other sites

Also, when a Google link redirects once, it won't do it a second time on that computer. The link clicks true from then on- after showing the redirect page. There's nothing in the forum software out of the ordinary and I don't think the problem is on our end.

Share this post


Link to post
Share on other sites

I'm doing a lot of searching for "redirected url4short IPB" and getting some results.

Here's a discussion with samples of the code they found on their server. Looks like the admin here tracked it down to a common hole in several different forum packages.

http://forums.odforce.net/index.php?/topic/16575-rss-feeds-link-problem/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...