Pricegrabber redirect.

Hello guys. My problem is summed up in the title. I'm completely unable to access any of Google website, including gmail. If I try to access Gmail, Firefox and Chrome throw a certificate red flag, and if I try to go on google I'm redirected to pricegrabber.com. Avira is running and up to date. The UAC is also active. Analyzing my hijackthis log, didn't turn up anything either and my host file is clean... My vista desktop had the same problem and I switched it to Ubuntu and it seems to be working, but it appears that my laptop has been hit too. I have a shared folder but it's read only so I don't know it it's a virus or someone is messing with my router...

 

dont know if it will help but try Spybot Search & Destroy and CC Cleaner

 

Instead of Spybot, use Malwarebytes and SuperAntiSpyware.
Update both and scan the system.

 

I second this suggestion. The only thing Spybot ever found on any of my computers were cookies.

 

Spybot was good several years ago.
But Malwarebytes and SuperAntiSpyware bested it.

Generally speaking, Malwarebytes is more than enough ... though having SAS is also recommended as a backup option in situations when you pick up a serious nasty infection that refuses to go.

 

Will try both.

 

...and my guess is you have a root kit, which both programs have difficulty finding.

if they come up empty, try gmer or rootkitrevealer

 

Give HitmanPro also a try.
They really try to keep up with the TDL3/TDSS/Alureon rootkit versions.
It will only take a couple of minutes for a scan.

 

It's possible that a piece of malware has rewritten the DNS servers in your router, especially if you are seeing this behavior on more than one computer.

The first step is to make sure your system is clean by running a full MalwareBytes Free scan, followed by a full Avira scan. These scans should be run after the scanners have been fully updates, and the computers should be taken off the network while scanning.

When both computers are confirmed clear, it's time to do a hard reset of your router. Use a pen or something and hold in the little reset nub on the back of the router for like 10 seconds while it is plugged in.

When resetting up your network MAKE SURE TO SET AN ADMIN PASSWORD that is at least 9 RANDOM numbers and letters.

That's really the key to knowing if this is a virus or not, did you set a secure password on your router? Otherwise, the issue is really your router giving you a bad DNS server.

 

if it was his router (I cannot say I have ever seen malware rewrite router configuration), his ubuntu box would also be redirected.

Has to be a windows trojan/rootkit hitting all of his computers.

 

http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html

I agree that this particular problem is unlikely to stem from an attack on the router especially since his Ubuntu box doesn't suffer the same redirection. Just wanted to point out a router attack is possible and has been in the wild, not just a proof-of-concept at a security conference.

--L.

 

thanks...neat

Yet another reason to change your default router passwords, eh?