A weird virus / problem
Hi
i m a newbie. i have a problem about web site redirection. i have installed slackware-12 few days ago. Today i noticed that when i try to enter a website that has no host / or host ( which has lag ). i m automatically redirecting another website ( which have many ads - dont wanna tell the website ). The website that has no host for now is mine. And i thought there is a problem at our network's server. Then i tried it over windows. firefox just said " could not find the host "-no problem over windows. but over slackware what i see is a website which have many advertisement. This sometimes happens when i enter sourgeforge to download some programs. it's a weird problem and i could not solve it. i havent installed any illegal programs or i havent visit any illegal websites ( cookies can not do this i think/And generally i m using firefox javascript option off ). And dont know how to solve it. How can i solve this ? And for what reason could it be ? i ll glad if you can reply. Thanx in advance. PS: i have noticed this after i have installed some add-ons for firefox from firefox's official website. But i don't think those have a script or something like that. |
Try creating a new firefox profile by running
Code:
firefox -P If it happens with the new fresh profile test another browser. Does it happen in seamonkey or konqueror? If it only happens in firefox try reinstalling firefox. If it does happen in other browsers then you should probably check /etc/hosts for any funny business. Also check your logs. Maybe run rkhunter to check for rootkits, etc. You said it happened after installing extensions from mozilla's website. What extensions did you install? |
Thank you for your answer shadowsnipes. I tried it but it didn't work :(. It also happens in conqueror and seamonkey. Now i m using firefox with a new profile -no extension etc.- But again when i enter my website i see those ads :(.
my etc/hosts file : # For loopbacking. 127.0.0.1 localhost 10.10.12.4 localhost.rommeo.com localhost # End of hosts. |
i remember thinking I had something horribly wrong, too ...
Would you kindly post your /etc/resolv.conf ? I suspect you've got something like search 10.10.12.1 at the top of the file, which is part of Firefox's problem. Mine has search www.google.com, fwiw, which I'm pretty sure is equally bad, but it does work. - Piete |
Hi,
Quote:
Quote:
I've been going through some blacklist nightmares lately. So you should be very careful about systems. I know everyone wants to trust google.com but sometimes the big fish are the ones that get caught. Seldom but those are the ones everyone is phishing for. I don't mean fishing here either! Yes, you can get your IP, caught. Your email gets hooked then things really start to get weird therefore bad. We are currently trying to get my stuff in order. Once you been had you are in for some problems with your Cyber-identity. So just like your personal-identity protect yourself and yes a little paranoia won't hurt here. |
piete : yeap you're right and i have this :
etc/resolv.conf file : search rommeo.com nameserver xxx.xxx.xxx.xxx So there is nothing i can do right ? |
By the way can someone tell me is this because of my computer / firefox / the firefox add ons that i m always using ? / or our network's main server / or a user in our network ? ..
Even now when i reload this page, second time i'm entering the ad. d?????click . net. and it says " cant find ad . d?????click . net please contact service provider " Btw when i dont resolve address on windows what i see is "127.0.0.1 = d?????click net" |
Try OpenDNS.
Saves you a lot of hassle. And while your at it, use no-ads.pac as well. :) Happy (and safe) surfing! |
onebuck: interesting stuff. At work resolv.conf is generated by dhcpcd, which does create a correct search namespace.
Having had this issue brought to my attention, I would be remiss in my duty not to look into it some more. Our very own forum suggests removing it completely, so resolv.conf has no search line at all if you don't have a domain to search (ie solo PC or SOHO network): http://www.linuxquestions.org/questi...h-line-282838/ Rommeo: the problem is related to DNS resolution and resolv.conf but as onebuck has already pointed out, I'm not the best person to ask about resolving that problem correctly. adriv has suggested using OpenDNS, which appears to be just that - a DNS provider (they give you some IPs to put next to nameserver in resolv.conf) which provides some protection. It would be worth having a look in to using that if you don't trust, or would like more control over, your existing DNS servers (usually provided by your ISP). I'm pretty sure you don't own rommeo.com, so I would recommend removing the search line from your resolv.conf, too. So in direct response to: Quote:
It's not firefox. It's not the addons. It's not your network main server. It's not another user in your network. It should just be your resolv.conf. As already stated I'm not the best person to provide an absolute solution to this, if anyone can shed some light on the details (or just confirm/deny my previous statements), I would be grateful ... as I'm sure would Rommeo =) - Piete. |
Hi,
I have used with success third level DNS. Verizon has; Code:
4.2.2.1 I sometimes place at least one of the verizon DNS IP to test a DNS lookup when a problem exists within a network. Especially if the ISP has a DNS lookup problem. The position of the DNS IP within '/etc/resolv.conf' can sometimes indicate solution. Move the verizon from the top down. Be sure to restart the 'inet' each time you change the position. You could look at; 'Listed DNS Servers' from 'Slackware-Links'. I really don't like the idea of pointing to 'google.com'. I'm getting paranoid about this I know. But as I stated, I'm going through Cyber-identity hell right now. I thought I was protected on my servers & LAN. But a weak point was found. Vulnerable, and I will not allow that with something within my control. Nor will I ever allow someone to touch or use my personal laptop again. Even my family or especially my in-laws. I think that is where it happened. I gave my sister-in-law a key to get on the network thinking she knew what she was doing. She's a MAC user. She couldn't get on. I didn't have time to get her on with her MAC so I let her use my laptop. Big mistake! Won't happen again no matter what. I told my wife in the future if her sister needs access she can go to the local library (only a few miles away). It will not happen here again. I don't care! Period.Period! As I stated before; Quote:
|
Thanks for your answers.
But in my opinion this is because of a virus. or a firefox add-on. Why i think like this ? Cause i'm on win(-i hate talking about win) now and looking at firewall screen. What i have noticed here is( as i said before ) "Connected in : 127.0.0.1:1154 connected to 127.0.0.1:1155" lets dont resolve adresses : "Connected in : www d?????click net:1154 connected to www d?????click net:1155" So ; " 127.0.0.1 = www d?????click net " This is on win xp pro. Now i ll change my /etc/resolv on linux and will see what will happen. btw have never met a virus affects both linux and win :S -if it's a virus. |
If 127.0.0.1 is resolving to something other than 'localhost' or some variation thereof, go find moderate length (2-3 feet) of steel pipe, heavy wooden doweling, or a baseball bat, and apply it to the head of whoever is running your nameserver until the problem goes away.
Going back through the thread (that I was trying to avoid commenting on because it didn't seem sane) there's a number of things being done wrong here. You said this was in your /etc/hosts file: Code:
# For loopbacking. Put the nameservers your ISP told you about in /etc/resolv.conf for nameservice. Using some random nameservers "some guy" told you about can lead to pain and suffering. ...or set up your own caching nameserver (which isn't terribly hard). Trying to use something that's online to filter out ads using nameservice lookups as your sole nameserver is also likely to cause you grief. The idea with many of these is if a lookup returns a response of 127.0.0.1, then you know it's "blocked", but if it returns nothing at all or a tempfail, then it's not listed as a "blocked" site and your resolver is expected to go on and try your actual nameserver. If you have no fallback, this will turn sour, quickly. Note: Contrary to what's been said here, you do not need to restart anything when you change /etc/resolv.conf. |
evildagmar thanx for the answer. i did what you have said. But still 127.0.0.1 is resolving www d?????click net. And i again dont know what the problem is. i changed my computer's name ( localhost etc ) removed the search option etc. Reinstalled firefox and what other guys has said. But could not solve it yet.
is this cause of my DNS server ? |
Somebody might have poisoned your dns server cache.
Set your DNS servers to these 208.67.222.222 and 208.67.220.220 from https://www.opendns.com/start But still 127.0.0.1 doesn't need DNS server cause it's a loopback address, so smth is messed up in your pc. |
Quote:
|
All times are GMT -5. The time now is 04:07 PM. |