Sign in to follow this  
Thanu

Vktarget.ru / Traffstock / AdWizard / Stubborn Browser Hijacker

Recommended Posts

Hi All

 

Mike here from Chonburi, also with TOT and am being plagued by this Russian malware. I also have a TP-link TD854W router which will not let me update the primary and secondary DNS addresses as described earlier in this thread. I press "save" and nothing happens, when I refresh the page the updates have not taken effect.

 

I have tried recycling the router and attaching it directly to the laptop - no difference.

 

I am concerned about internet banking and would appreciate any advice with regards to how to get my router to save the changes.

 

Thanks

 

Edit: I am currently using a VPN which I hope can protect me, but I have no clear idea whether it is or not!

Hi baldplumber,

 

You should change the DNS settings in the computer. I think a post in this long topic describes how to do it, but if you don't find it or can't follow it, please come back with your Windows version.

Share this post


Link to post
Share on other sites

I'm running windows 7 home premium.

 

I have changed my wireless network adapter settings to use 8.8.8.8 and 8.8.4.4 under IPv4 protocol and I am still getting the adultube,info re-directs.

 

My router is showing a DNS server with an address of 94.249.192.118

 

Any ideas?

 

Thanks

 

Edit: I also ran ipconfig /flushdns

post-107434-0-08051600-1419162969.png

post-107434-0-73184100-1419164549_thumb.png

Edited by baldplumber

Share this post


Link to post
Share on other sites

Dear Sufferers in Thailand,

I am frustrated but hopeful about the adware/malware situation - I've tried a couple different tactics in the last days, some of which seemed to sort me out...at least for the time-being. However, while I was changing different settings, etc., I was also on hold with my ISP (TOT here in Thailand), where I had a series of chats with a couple support agents (each with a different level of skill/understanding).

 

Rather than passing along the short list of suggestions and have you get your hopes up and your time wasted, my recommendation is that you waste your time on hold with TOT and get a support person that knows of this VKTarget. ru problem and then steer the conversation to them telling you to get the router 'swapped out'. I do not know if it is TOT's customer-service policy to exchange the router, but tomorrow, I'm headed to their service office to see if the phone-agent's instructions will be followed by the service-center-gremlins.

 

I will keep you all posted.

 

for those still looking to do surgery on yourselves, i've had zero issues while using Firefox (v. 34.0.5). the 2-3 times I opened Chrome again, i had an initial period of no pop-ups/redirects, but eventually, they returned (not dependent on # of tabs/windows opened, or which links opened).

 

PS - just an analytical comment on TOT - the final phone-agent we dealt with revealed that TOT (at least as high up as some middle-managers in the Techie Division) has known about this problem being a macro-issue with the router security for at least a good while now. Yes, it's good that they are aware of the gaps in their security structure, but, it just screams the question - WHY ARE THEY SITTING ON THEIR A$$E$ WHEN IT COMES TO FIXING THE PROBLEM???? If updating the router driver/software is all that will be needed, then you'd think that a nation-wide problem would receive a nation-wide response.

 

For those in Thailand, you have (or will) come to understand the meaning of "This Is Thailand, Sucker!" (T.I.T.S) We're here for specific reasons and staying is (usually) our choice, so we just have to take the 'Thai-ness' with the good!

Merry Christmas!

  • Like 1

Share this post


Link to post
Share on other sites

Does anyone know for certain whether this browser redirection is just an annoyance or whether it compromises our security for applications such as internet banking?

The person that controls a DNS Server can redirect a web address to the wrong server, e.g. you enter the web address ("www.myBank.com") in the browser but the DNS server doesn't return the correct IP address of your bank but to an IP address of a web server someone else controls. If your bank can give you their IP address instead of the web address, you can enter the IP address in the browser and then the bad DNS server wouldn't be used.

Share this post


Link to post
Share on other sites

The person that controls a DNS Server can redirect a web address to the wrong server, e.g. you enter the web address ("www.myBank.com") in the browser but the DNS server doesn't return the correct IP address of your bank but to an IP address of a web server someone else controls. If your bank can give you their IP address instead of the web address, you can enter the IP address in the browser and then the bad DNS server wouldn't be used.

 

Thank you.

Share this post


Link to post
Share on other sites

Hi All,

there are a several 4-letter words repeating in my head, over and over and over and over!!!!!!!!!!

 

after the hassle of the TOT office visit (got there, 6 numbers before me, 7-8 came in after me, and each one believed that by pulling their SEQUENTIAL number from the queue-machine meant that they could then step up to the service rep, who was already with a customer, and try to get their issued sorted), then my number was called and the rep wanted to sell me a new router...i physically bit my lip and then gave him a 2nd explanation that the phone-rep said the router's firmware was out of date. He finally saw the light and switched out my router with an 'updated' firmware swap-model.

 

Brought it straight back, set it up and opened Chrome with 4 tabs, when a 5th tab opened displaying adultube. info porn advertising....AAAARRRRRGGGGGHHHHHHH!

 

So, now i'm on board with thinking the problem is embedded in Chrome. and that led me to consider the exact steps I took just before the 5th tab opened...Is it possible that the malware/porn adware has somehow added a function to the up/down scroll bar? I opened a news story link in its own tab, and kept the left mouse button pressed on the scroll bar to move through down the story. Would it even be possible to turn the vertical scroll bar into an active 'click-button'?

 

angered & confused in Bkk!

Share this post


Link to post
Share on other sites

Hi TSmith!

 

I suggest that you check the DNS servers in the router and in the computer. You also need to clear the DNS cache in the computer and the cache of the browser.

 

To change the action of the scroll bar it's necessary to have a program or maybe an add-on in the computer. Please, check all your Chrome add-ons.

Share this post


Link to post
Share on other sites

checked DNS (still set to 8.8.4.4), cleared cache, reopened browser, even restarted laptop. on 2nd tab, adultube. info opened in its own tab again.

 

this all seems to be going in circles!!!! Has anyone actually identified where this virus /adware came from (where was it hiding to be downloaded/activated???)

Share this post


Link to post
Share on other sites

checked DNS (still set to 8.8.4.4), cleared cache, reopened browser, even restarted laptop. on 2nd tab, adultube. info opened in its own tab again.

 

this all seems to be going in circles!!!! Has anyone actually identified where this virus /adware came from (where was it hiding to be downloaded/activated???)

Have you tried Internet Explorer?

Please, restore its settings and delete temporary internet files first:

http://windows.microsoft.com/en-us/internet-explorer/reset-ie-settings

http://windows.microsoft.com/en-us/internet-explorer/manage-delete-browsing-history-internet-explorer

 

Do you get the same ads in all the computers and other devices?

Share this post


Link to post
Share on other sites

FYI - TOT sent a technician to my place and Chrome browser was hijacked on my machine while he was here, so he tried it on his machine (same www & same clicks to open new tabs, etc) but his chrome did not get hijacked while connected to our wireless router. His suggestion was to have windows re-installed...??? Any advice from the forum?

Share this post


Link to post
Share on other sites

FYI - TOT sent a technician to my place and Chrome browser was hijacked on my machine while he was here, so he tried it on his machine (same www & same clicks to open new tabs, etc) but his chrome did not get hijacked while connected to our wireless router. His suggestion was to have windows re-installed...??? Any advice from the forum?

If you want, I can read the log files from FRST and see if I can see something that shouldn't be there.

 

Please, download Farbar Recovery Scan Tool (FRST) and save it on the desktop:

For 64 bits Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe

For 32 bits Windows: http://download.bleepingcomputer.com/farbar/FRST.exe

 

Start the FRST program.

 

Read the disclaimer and click Yes to accept it.

Click Scan button.

When done, FRST will create two log files, called FRST.txt and Addition.txt, on the desktop.

 

Please, attach them to your reply (press "More Reply Options" button to see how to attach files).

Share this post


Link to post
Share on other sites

Hi all,

this string has gone very quiet - I realize it is the end of the year and some will be traveling...but the last comments from Loke, BaldPlumber & myself had questions/failed fixes, but there were no further suggestions from the admins or other brainiacs. have people all just stopped using Chrome and called that a livable solution?

 

I'm using Firefox to not have the pop ups/tab redirects, but doing so means that I sacrifice the use of several services/apps available via Chrome's store, (most of which I'd been using for 3+ yrs before the probs started)...if my car makes a strange noise, one solution to dealing with that strange sound would be to turn off the engine and walk, but it doesn't really seem practical for the long-term, as solutions go...

 

Is anyone out there now actually free from the threat of the pop-ups/tab redirects?

Share this post


Link to post
Share on other sites

Hi TSmith,

 

Sorry, but I can't help you to get rid of ads in Chrome without the logs from FRST.

Share this post


Link to post
Share on other sites

Hi all,

this string has gone very quiet - I realize it is the end of the year and some will be traveling...but the last comments from Loke, BaldPlumber & myself had questions/failed fixes, but there were no further suggestions from the admins or other brainiacs. have people all just stopped using Chrome and called that a livable solution?

 

I'm using Firefox to not have the pop ups/tab redirects, but doing so means that I sacrifice the use of several services/apps available via Chrome's store, (most of which I'd been using for 3+ yrs before the probs started)...if my car makes a strange noise, one solution to dealing with that strange sound would be to turn off the engine and walk, but it doesn't really seem practical for the long-term, as solutions go...

 

Is anyone out there now actually free from the threat of the pop-ups/tab redirects?

 

 

Hi

 

I still have the problem, albeit minimised on my laptop. Using advice here I have reset the laptops DNS server to 8.8.8.8 / 8.8.4.4, cleared the DSN cache, deleted all browser cookies etc and the results are OK although I am not happy about by router still being compromised.

 

My android phone is a different matter though and despite doing the equivalent of the above, my CM browser is continually redirected to such an extent that it is unusable.

 

I am going to take my TP-Link router to TOT to get them to reset it, reload the firmware if necessary and to reset my TOT password, if I can then update the routers DNS setting then I will be happy, otherwise I will be getting a replacement router. Either way, in the future the routers login password will be something that only I will know.

 

Mike

Edited by baldplumber

Share this post


Link to post
Share on other sites

My android phone is a different matter though and despite doing the equivalent of the above, my CM browser is continually redirected to such an extent that it is unusable.

Hi Mike,

 

Have you tested with another browser, e.g. Opera or Firefox?

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this