Odd website

kantori

PC annoying me
Member
I'm having a very odd issue going to a specific website. It's generally harmless but I cannot understand why it's doing it and wanted some advice/help for this. The website is Doki Fansubs and it redirects to a address http://67.210.14.254/after.php?type=doki.hologfx.com: in which redirects again to some random ad website.

I got NOD32 scanning but hasn't picked up anything at all, before installing NOD32 I had Lavasoft, Spyware Doctor, Avast, & Malwarebytes all picked up stuff but the issue above was still occurring. I reseted all internet options on Vista and raised security to max so I'm really at a loss why it's doing this and only on this website.

I've asked other forums that's related to the theme of the website above but all came to a conclusion that I may have an adware but the programs I named above picked up other things but still the problem of going to this website persists. Is there any other method I may not know about? scanning the temp files in C:\WINDOWS\Temp doesn't pick up anything. I'm stumped. :confused:

forgot to add, using Firefox 3.6.12 with noscript/adblock plus/ghostery
 

My Computer

System One

  • Memory
    3G
    Sound Card
    Realtek High Definition Audio
    Screen Resolution
    1920x1080
Hi,

Not sure what or why you get there but this is the information available on that address: -

Good look?
 

Attachments

  • Lovemain.jpg
    Lovemain.jpg
    26.4 KB · Views: 61

My Computer

System One

  • Manufacturer/Model
    HP-Pavilion m9280.uk-a
    CPU
    2.30 gigahertz AMD Phenom 9600 Quad-Core
    Motherboard
    ASUSTek Computer INC. NARRA3 3.02
    Memory
    3582 Megabytes Usable Installed Memory (4 Gig)
    Graphics Card(s)
    ASUS NVIDIA Geforce GTS450
    Sound Card
    Realtek High Definition 7.1 Audio (HP drivers)
    Monitor(s) Displays
    HP w2408 24.0" (Dual monitor)
    Screen Resolution
    1920 * 1200, 1920 * 1200
    Hard Drives
    3*500 Gigabytes Usable Hard Drive Capacity
    Plus 2x USB (160Gig each) external HDD
    BluRay & DVD Weiters
    HL-DT-ST BD-RE GGW-H20L SCSI CdRom (Bluray RW) Device
    AlViDrv BDDVDROM SCSI CdRom (Blueray) Device
    TSSTcorp CDDVDW TS-H653N SCSI CdRom
    Internet Speed
    40 Meg
I don't understand what that is about sorry, all i know is it redirects to the IP with the address then does it again to some random.

i'm wondering if i should uninstall NOD32 and name the exe for it differently, turn off system restore and rescan in safe mode?
 

My Computer

System One

  • Memory
    3G
    Sound Card
    Realtek High Definition Audio
    Screen Resolution
    1920x1080
Hi again,




I have been to both the websites you listed earlier.
  1. Took me to a cartoon site no issues there.
  2. Took me to an advertising website & no issues there.
On saying that I did choose to go there so I can see where you are coming from. So if you are infected by some "Malware" your protection hasn't worked.

As I am unsure as to whether you are infected or not please do a sweep of you system as per these instructions: -

http://www.vistax64.com/tutorials/173861-malicious-software-removal-tool.html?ltr=M

Also look at the following software to assist with clearing your system: -

http://www.maximumpc.com/article/howtos/ultimate_malware_removal_guide_purge_your_pc_junk_files
 

My Computer

System One

  • Manufacturer/Model
    HP-Pavilion m9280.uk-a
    CPU
    2.30 gigahertz AMD Phenom 9600 Quad-Core
    Motherboard
    ASUSTek Computer INC. NARRA3 3.02
    Memory
    3582 Megabytes Usable Installed Memory (4 Gig)
    Graphics Card(s)
    ASUS NVIDIA Geforce GTS450
    Sound Card
    Realtek High Definition 7.1 Audio (HP drivers)
    Monitor(s) Displays
    HP w2408 24.0" (Dual monitor)
    Screen Resolution
    1920 * 1200, 1920 * 1200
    Hard Drives
    3*500 Gigabytes Usable Hard Drive Capacity
    Plus 2x USB (160Gig each) external HDD
    BluRay & DVD Weiters
    HL-DT-ST BD-RE GGW-H20L SCSI CdRom (Bluray RW) Device
    AlViDrv BDDVDROM SCSI CdRom (Blueray) Device
    TSSTcorp CDDVDW TS-H653N SCSI CdRom
    Internet Speed
    40 Meg

My Computer

System One

  • Manufacturer/Model
    HP-Pavilion m9280.uk-a
    CPU
    2.30 gigahertz AMD Phenom 9600 Quad-Core
    Motherboard
    ASUSTek Computer INC. NARRA3 3.02
    Memory
    3582 Megabytes Usable Installed Memory (4 Gig)
    Graphics Card(s)
    ASUS NVIDIA Geforce GTS450
    Sound Card
    Realtek High Definition 7.1 Audio (HP drivers)
    Monitor(s) Displays
    HP w2408 24.0" (Dual monitor)
    Screen Resolution
    1920 * 1200, 1920 * 1200
    Hard Drives
    3*500 Gigabytes Usable Hard Drive Capacity
    Plus 2x USB (160Gig each) external HDD
    BluRay & DVD Weiters
    HL-DT-ST BD-RE GGW-H20L SCSI CdRom (Bluray RW) Device
    AlViDrv BDDVDROM SCSI CdRom (Blueray) Device
    TSSTcorp CDDVDW TS-H653N SCSI CdRom
    Internet Speed
    40 Meg
when i go to the site it just stays there then redirects on its own with that IP. it's very odd that it only happens when i go to that site and i read others having it redirect them no matter the site.

I got hitman pro and it says i got virus.win32.enistery and another virus/trojan i forgot the name.


i'll follow the link u gave me and report back quick/full scans
 

My Computer

System One

  • Memory
    3G
    Sound Card
    Realtek High Definition Audio
    Screen Resolution
    1920x1080
Hi kantori,

What web browser are you using?
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilion Elite
    CPU
    AMD Phenom 9850 Quad-Core Processor
    Motherboard
    Some Amount of Motherness
    Memory
    6.O GB RAM
    Graphics Card(s)
    EVGA nVIDIA GeForce GT 240 512MB DDR5
    Sound Card
    Some Amount of Soundness
    Monitor(s) Displays
    Two Monitors: HP w1907 & Acer P191w
    Screen Resolution
    1440x900 & 1440x900
    Hard Drives
    WD Caviar Blue 500GB
    PSU
    Some Amount of Voltageness
    Case
    Hp Pavilion Elite Case
    Cooling
    Some Amount of Coolingness
    Keyboard
    HP: Model Number: KB0911
    Mouse
    HP: M/N:M-SBQ133
    Internet Speed
    Comcast: 20 MB/S
    Other Info
    I have two monitors! I play Call of Duty: Black Ops & Modern Warfare II - Both on PC. Contact me through my website: ChaseKurry.com
I am using firefox 3.6.12.

I tried using other browsers, google chrome, IE, and safari do the same thing (is that even possible?)

mrt.exe still scanning under full scan but i do not give much hope with any Microsoft stuff
 

My Computer

System One

  • Memory
    3G
    Sound Card
    Realtek High Definition Audio
    Screen Resolution
    1920x1080
well not surprised, done with scan and didn't pick up anything - using ccleaner did a full clean with specific cache and it's back to normal so far. Any advice for keeping my system clear of these annoying things? Careful monitoring wasn't enough and that pretty much bummed me out... :(


edit: BAH!!! it's back again, I don't get what's going on. it doesn't seem to be effecting anything else on my PC but that website is one of my favorite places to go to.

edit2: odd, I reseted firewall to default and it went away after i clicked the bookmark to it, what can this mean? but went back to the annoyance after a restart.
 
Last edited:

My Computer

System One

  • Memory
    3G
    Sound Card
    Realtek High Definition Audio
    Screen Resolution
    1920x1080
what country are you in? This could help us determine the IP Address if it is You or the Website

Many Thanks,
Josh
 

My Computer

System One

  • Manufacturer/Model
    Custom Built
    CPU
    Intel Core i5 2400 @ 3.10GHz
    Motherboard
    Foxconn H67MP-S/-V/H67MP
    Memory
    8.0GB DDR3 @ 665MHz (2GBx4)
    Graphics Card(s)
    AMD HD Radeon 6870
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    SMB1930NW (1440x900@60Hz)
    Screen Resolution
    1280x800
    Hard Drives
    977GB Seagate ST31000524AS ATA Device (SATA) + 250GB WD iSCSI attached Drive
    Case
    Novatech Night
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Dell HID-compliant mouse
I'm in the USA, it's not the website but my machine that's doing it according to reports and Lottiemansion says it working for him/her normal.

according to NOD32 network connection, the remote ip says: 67-210-14-254-rev.ineting.net:80

i just don't get it, nothing is being picked up anymore virus/trojan/adware but redirection still happening and it's only happening within the website from my bookmark toolbar, not in Search field or anywhere else.
 

My Computer

System One

  • Memory
    3G
    Sound Card
    Realtek High Definition Audio
    Screen Resolution
    1920x1080
Same here I can Get on to it fine could you Please follow these Steps and Report back your Results:


Flush DNS Cache and restore HOSTS file

Copy and paste the following into notepad and save it as a batch file (.bat)

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Then run this batch file as an administrator.


Be Warned your Computer will restart after the file has completed

Also the File will be Deleted after the Restart

Hope This Helps,
Josh
 

My Computer

System One

  • Manufacturer/Model
    Custom Built
    CPU
    Intel Core i5 2400 @ 3.10GHz
    Motherboard
    Foxconn H67MP-S/-V/H67MP
    Memory
    8.0GB DDR3 @ 665MHz (2GBx4)
    Graphics Card(s)
    AMD HD Radeon 6870
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    SMB1930NW (1440x900@60Hz)
    Screen Resolution
    1280x800
    Hard Drives
    977GB Seagate ST31000524AS ATA Device (SATA) + 250GB WD iSCSI attached Drive
    Case
    Novatech Night
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Dell HID-compliant mouse
um flush DNS? in CCleaner? im not computer savy so I don't know allot.
edit: k, reading it from here what flush DNS is: http://www.tech-faq.com/how-to-flush-dns.html

ok I did the thing is suggests on the website but the prompt window doesn't stay there, it pops up like a flasher and it's gone, that normal?
 

My Computer

System One

  • Memory
    3G
    Sound Card
    Realtek High Definition Audio
    Screen Resolution
    1920x1080
Name it anything you want

When you save it type this:

Code:
batch1.bat

And then click the Dropdown Box and for Save File type and then click Any Files


Hope This Helps,
Josh
 

My Computer

System One

  • Manufacturer/Model
    Custom Built
    CPU
    Intel Core i5 2400 @ 3.10GHz
    Motherboard
    Foxconn H67MP-S/-V/H67MP
    Memory
    8.0GB DDR3 @ 665MHz (2GBx4)
    Graphics Card(s)
    AMD HD Radeon 6870
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    SMB1930NW (1440x900@60Hz)
    Screen Resolution
    1280x800
    Hard Drives
    977GB Seagate ST31000524AS ATA Device (SATA) + 250GB WD iSCSI attached Drive
    Case
    Novatech Night
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Dell HID-compliant mouse
im sorry it didn't work =(

i'll try it again


edit: no go, still happening
 

My Computer

System One

  • Memory
    3G
    Sound Card
    Realtek High Definition Audio
    Screen Resolution
    1920x1080

My Computer

System One

  • Manufacturer/Model
    Custom Built
    CPU
    Intel Core i5 2400 @ 3.10GHz
    Motherboard
    Foxconn H67MP-S/-V/H67MP
    Memory
    8.0GB DDR3 @ 665MHz (2GBx4)
    Graphics Card(s)
    AMD HD Radeon 6870
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    SMB1930NW (1440x900@60Hz)
    Screen Resolution
    1280x800
    Hard Drives
    977GB Seagate ST31000524AS ATA Device (SATA) + 250GB WD iSCSI attached Drive
    Case
    Novatech Night
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Dell HID-compliant mouse
I have and still does the same thing but not with the above steps you gave to me - I suppose I can follow the steps again and see if it occurs.

edit: ok I did it and im writting this from safe mode, the website is showing normal and when i go to cmd.exe under admin it shows the normal ip addresses for the website im on including this site. However when i go to normal bootup, i see 1 of the ip named denisstalker? think its a tracker not sure but Im gonna wait 10/20min on Doki website cuz usually it returns back after that much time has passed.


edit2: sigh.. didn't work once I went to normal mode, i'll ask again later it's 3am for me and I been at this since 5pm
 
Last edited:

My Computer

System One

  • Memory
    3G
    Sound Card
    Realtek High Definition Audio
    Screen Resolution
    1920x1080

Attachments

  • redirect.jpg
    redirect.jpg
    18.7 KB · Views: 18

My Computer

System One

  • Manufacturer/Model
    HP-Pavilion m9280.uk-a
    CPU
    2.30 gigahertz AMD Phenom 9600 Quad-Core
    Motherboard
    ASUSTek Computer INC. NARRA3 3.02
    Memory
    3582 Megabytes Usable Installed Memory (4 Gig)
    Graphics Card(s)
    ASUS NVIDIA Geforce GTS450
    Sound Card
    Realtek High Definition 7.1 Audio (HP drivers)
    Monitor(s) Displays
    HP w2408 24.0" (Dual monitor)
    Screen Resolution
    1920 * 1200, 1920 * 1200
    Hard Drives
    3*500 Gigabytes Usable Hard Drive Capacity
    Plus 2x USB (160Gig each) external HDD
    BluRay & DVD Weiters
    HL-DT-ST BD-RE GGW-H20L SCSI CdRom (Bluray RW) Device
    AlViDrv BDDVDROM SCSI CdRom (Blueray) Device
    TSSTcorp CDDVDW TS-H653N SCSI CdRom
    Internet Speed
    40 Meg
It sounds to me like you may be infected with something (or many somethings) despite some of the clear results (though you did report two that sound nasty to me - especially the trojan which would help if you could remember the name - maybe it's in the log of the program that detected it). I'd like you to download Hijack This HijackThis - Trend Micro USA (the full free version - not the beta) and run a full scan and attach the report to your next reply. This won't repair the problem, but it may help identify it.

I'm not as brave as Lottiemansion and don't intent to go near any of those sites even though I'm very well protected - I'll leave that to the experts if they feel it is warranted or may help. Redirection is often a sign of infection or a site designed to intentionally do so (or actually infecting you) for whatever reason. We're going to focus on the former as that is something we maybe can do something about.

I'm going to message our Security and Malware removal expert about this thread and ask her to take a look - hopefully this report will be posted before she arrives. It may be hours or a few days (so please be patient) - she's very busy but I'm sure she'll take a look and give you advice or suggestions.

Thanks and good luck!
 

My Computer

System One

  • Manufacturer/Model
    Dell Inc. MP061 Inspiron E1705
    CPU
    2.00 gigahertz Intel Core 2 Duo 64 kilobyte primary memory
    Motherboard
    Board: Dell Inc. 0YD479 Bus Clock: 166 megahertz
    Memory
    2046 Megabytes Usable Installed Memory
    Graphics Card(s)
    ATI Mobility Radeon X1400 (Microsoft Corporation - WDDM) [Di
    Sound Card
    SigmaTel High Definition Audio CODEC
    Monitor(s) Displays
    Generic PnP Monitor (17.2"vis)
    Screen Resolution
    1920 x 1200 pixels
    Hard Drives
    Hitachi HTS541616J9SA00 [Hard drive] (160.04 GB) -- drive 0, s/n SB2411SJGLLRMB, rev SB4OC74P, SMART Status: Healthy
    Case
    Chassis Serial Number: 5YK95C1
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Logitech HID-compliant Cordless Mouse
    Internet Speed
    1958 Kbps download ; 754.8 Kbps upload
    Other Info
    Optiarc DVD+-RW AD-5540A ATA Device [CD-ROM drive]

    Dell AIO Printer A940

    Conexant HDA D110 MDC V.92 Modem

    6TO4 Adapter
    Broadcom 440x 10/100 Integrated Controller
    Broadcom 802.11n Network Adapter
    Microsoft ISATAP Adapter
    Teredo Tunneling Pseudo-Interface

    Router Linksys / WRT54G -01
Hi Lottiemansion,

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 http://jpshortstuff.247fixes.com/GooredFix.exe

Download Mirror #2 http://downloads.securitycadets.com/GooredFix.exe
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista and Windows7).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Microsoft PS/2 Mouse
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Back
Top