Google Search Results Containing Malware

[Beaverslayer]

Here's a screenshot of what you see when MyWOT is activated by a bad website.

[Cyberthrasher]

That kind of stuff is cool, but there's still a problem with the links to the forum that needs to be addressed. From what I read above and what I experienced, they are actual legitimate links that go to the forums pages, either through a forum generated email or from a google link. The question is, what's happening to cause the occasional re-direct to this survey site.

[Cyberthrasher]

since I had a moment, I just tried it again. I googled "leather round knife" and found a result that pointed toward this forum.

The link goes here http://leatherworker...showtopic=21377 - this link is safe and only goes to the forum

But, the first time I clicked it, it loaded the above address into my address bar and then instantly took me to the location of this screenshot, which as you can see is in the process of loading popups. So, this is happening AFTER loading the forums pages.

[Johanna]

So Google is allowing a legit link from the forum to display the real forum page and then interrupting it with these rogues?

[Beaverslayer]

Johanna, I've tried this a few times today and it's not just Google results for this forum, but many different Google results are being redirected to rogue sites. I have no idea as to how to send Google a message that they would believe and do something about. They would most likely think I was just some crack pot who wears a tinfoil hat all day and night.

[WinterBear]

I think so. I just got one too.

A google seach for " beveling leather lace " gave me this google search page:

Clicking on the link for "Beveling Rawhide and Leather - Braiding" took me to the LeatherWorker.net forum, which was hijacked mid-load and redirected to this:

[Beaverslayer]

Winter,

I just performed the exact same search as you, got the exact same result page. I clicked the same link you did, but was redirected to a different "Scam" page. It told me I was the winner of some Visa Gift Certificate, also knew I was from Calgary, as the browser address bar was blinking saying congratulations Calgary.

By what I am reading from Googling about redirecting links on Google, this has been going on for some time, and may actually be an old virus of some sort that has nothing to do with Google. I'm doing a complete scan right now, hopefully nothing shows up.

[Cyberthrasher]

So Google is allowing a legit link from the forum to display the real forum page and then interrupting it with these rogues?

It sounds like it's not just Google, that's just the easiest way to reproduce it. The previous posts that started the thread referred to email links from the forum software doing it as well. That would pretty much take Google out of the mix. From there that would leave something with the forum software or our computers. I know I've duplicated it from 3 different computers right now, one of which was a fresh installation with all of our virus and malware updates. I don't want to rule out our end computers, but with so many people experiencing it at once it's less likely that that's the case.

[Cyberthrasher]

For fun I just went to Yahoo and did it as well. Got the exact same popup/redirect I had last night on post #9, from a completely different computer and ISP.

[Beaverslayer]

In all the reading I've done on this, it is also possible that our routers may have a virus in them. There is so much information on the web about this type of thing, going back at least 3 years, right up till now.

There are a few reputable forums that have "DETAILED" instructions on how to get rid of some unknown virus, but in all of them, you have to download many different malware/cleaning software, send them the log files....download more software...send log files again, and keep doing this until the redirects are stopped.

Others say all you have to do, is to install Firefox "No Script" add-on, but all this did was hide the problem, and screw up trusted pages that needed scripts.

I'm going to try a "Hard Reset" on my router a bit later today and see if this changes anything.