Plusnet Technologies drive by browser hijack
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Feedback
- :
- Plusnet Feedback
- :
- Re: Plusnet Technologies drive by browser hijack
Plusnet Technologies drive by browser hijack
on 03-04-2017 10:17 PM - last edited on 03-04-2017 11:57 PM by Strat
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi.
I think people have been reporting this phenomenon for months now, but I've been experiencing it for about a week. I'm browsing my chosen website, then suddenly the web page changes and I'm presented with the option to take part in a survey claiming to be from Plusnet Techologies Ltd. at this web address
http://retailboy.com/?911973147b292c42b899e716fe6903e6
Checking my browser history it also goes through a performance of connecting to
then
before arriving at Plusnet Technologies. It's not like I've never experienced a drive-by browser download before, but every past experience has been a rare one-off that hasn't re-occurred if I steer clear of the web page I was trying to get to when it happened. This Plusnet Technologies thing is hijacking eBay, Yahoo mail....I've run a McAfee virus scan and I've also got Spybot on my laptop and that comes up all clear. Might this have something to with using an old laptop on XP? I'm unsure if I've got something on or in my laptop that is getting past the anti virus, or if its just one of those annoying things. I usually use Chrome as a browser but that's not supported on XP any more. I think Opera is, which I've also got, but occasionally Opera caused my laptop to go blue screen when closed, so I stopped using it.
Mick.
Moderator's note by Dick (Strat) Post released from spam filter.
Re: Plusnet Technologies drive by browser hijack
04-04-2017 8:15 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I've never seen this so I too am unsure what may be causing it. But it might be worth doing a one-off scan with a couple of other security programs to make sure that your machine is clean. That way you will eliminate one possible cause.
I think these both still work on XP. Try superantispyware (free) from http://superantispyware.com/ and AdwCleaner from https://www.malwarebytes.com/adwcleaner/
Re: Plusnet Technologies drive by browser hijack
04-04-2017 8:58 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If you can, download malwarebytes on another machine, save it to a USB stick, then run it on your infected machine, preferably without being connected to the internet. Then run it again, connected to the internet so it can get the latest updates.
Re: Plusnet Technologies drive by browser hijack
04-04-2017 9:07 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Mustrum I replied to @mickthefitter earlier but the post seems to have gone missing so you won't have seen it. My suggestion was use superantispyware and adwCleaner rather than MBAM. I am a unsure about running MBAM 3 (which is what would be downloaded) on XP and old hardware. But I agree with you that he needs to do a further malware scan.
Re: Plusnet Technologies drive by browser hijack
04-04-2017 9:11 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@BrightonRock Your post maybe stuck in the spam filter until a mod releases it.
Guess we all have our favourite anti malware software, and it may well take a few goes to get rid of it.
Re: Plusnet Technologies drive by browser hijack
04-04-2017 11:19 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Moderator Note by Dick (Strat)
Post released from spam filter.
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
Re: Plusnet Technologies drive by browser hijack
04-04-2017 3:10 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Looks like this might be doing it's rounds again.
For me, it'd be Malwarebytes.
Matty
Re: Plusnet Technologies drive by browser hijack
04-04-2017 7:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks for the posts here. In reply to MattyC, yes, THAT is doing the rounds again. In reply to Mustrum, unfortunately I do not have access to another machine. I'll have to download anything I download onto the old one I'm using. I've always been wary of any free downloads (I assume they're free?) in case they've got malware piggy-backing their way onto my PC. I suppose I'll have to try them though. The alternative is to do what I've done many times in the past (but for different reasons usually) that is save my important photos and files to a stick and get the CDs out, and do a HDD wipe. But then I don't know how I picked up this particular bit of malware so I might get it again after all that.
Mick.
Re: Plusnet Technologies drive by browser hijack
04-04-2017 8:17 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I understand your concern about downloading unknown software. But the 3 items that have been recommended are safe, clean (and free) if downloaded from their home pages. However don't try and download them from anywhere else without advice on whether that site is safe.
It is worth running the downloads before wiping the disk; they may find the problem and avoid that work.Looking at it another way, you don't lose anything much if they were bad (they are not!) as your next step is a wipe anyhow.
It would be prudent to back up your important files first.
Re: Plusnet Technologies drive by browser hijack
04-04-2017 9:57 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
There were THREE download suggestions? Was the third MBAM? I got a little confused then as I thought the ones being discussed were superantispyware and adwcleaner. I tried the last two, adwcleaner found nothing at all, while superantispyware found a total of 567 tracking cookies, all associated with Google Chrome. I've quarantined the files and have now decided to revert to using the Opera browser for a time again and see how I get on. At one time I used Firefox, even before Windows stopped their support for the XP o/s, but after a while it used to 'break' my computer with defective icon handlers and other problems.
While adding my Bookmarks to Opera though, I had a thought - Photobucket, which I've used as a photo host to upload photos to a car forum I go on, is a swine for slowing my laptop down while ads load up and pop up that I have to clear in order to continue. I wonder if that's how Plusnet Technologies Ltd. got to me?
Re: Plusnet Technologies drive by browser hijack
05-04-2017 7:22 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet Technologies drive by browser hijack
05-04-2017 8:54 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If you are using Opera then make sure that the built in ad blocker is turned on. You can always turn it off for specific sites.
Re: Plusnet Technologies drive by browser hijack
09-04-2017 12:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I just thought I'd update you on this one. About one week on, I ran another SUPERantispyware scan this morning (and adwcleaner, though that didn't find anything first time round) and it has come up completely clear, no tracking cookies at all, after a week of using the Opera browser instead of Google Chrome. No reappearance so far either of the Plusnet Technologies Ltd. hijack. Although Opera does appear to use some sort of Google Chrome framework, as when it opens, a tab appears on the top left of the screen with the words 'chrome://startpage', and the default (and unalterable) search box in the middle of the start page is Google. However in 'settings' I can select different search engines to use if I type into the address bar instead, so I've selected Bing and keep trying to remember to do internet searches from that. So whether or not this Plusnet Technologies thing was exploiting a weakness in Chrome for XP, or it's just plain Google that can't be trusted not to share out your personal info, I don't know. In the past, Spybot used to pick up a few tracking cookies left on my computer by Google Chrome, yet it never found anything when I used to use the Firefox browser, but even Spybot has been giving me the 'all-clear' for some time now - yet SUPERantispyware found over 500 tracking cookies last week. Interesting, to say the least.
Mick.
Re: Plusnet Technologies drive by browser hijack
10-04-2017 9:11 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
That is good news.Thank you for letting us know how you are getting on.
If you are worried about tracking cookies - and I do worry about them - some browsers have an option to delete (all) cookies on exit. There are also some add-ons that block them; Ghostery comes to mind (I don't know whether it is available for Opera). Alternatively, you could run ccleaner (from Piriform) every now and then. If you do use ccleaner, be aware that it can be quite aggressive; on my systems, I don't let it clean everything that it wants to as default but changing the settings is very easy.
Re: Plusnet Technologies drive by browser hijack
18-05-2017 6:32 PM - edited 18-05-2017 6:32 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Okay thanks. Over a month late viewing this, but thanks!
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Feedback
- :
- Plusnet Feedback
- :
- Re: Plusnet Technologies drive by browser hijack