cancel
Showing results for 
Search instead for 
Did you mean: 

Plusnet Technologies drive by browser hijack

mickthefitter
Rising Star
Posts: 94
Fixes: 1
Registered: ‎19-03-2015

Plusnet Technologies drive by browser hijack

Hi. 

 

I think people have been reporting this phenomenon for months now, but I've been experiencing it for about a week. I'm browsing my chosen website, then suddenly the web page changes and I'm presented with the option to take part in a survey claiming to be from Plusnet Techologies Ltd. at this web address 

http://retailboy.com/?911973147b292c42b899e716fe6903e6

 

Checking my browser history it also goes through a performance of connecting to 

https://retirednsa.org/in/c760lhjg804aceuxdq1vl256/?ads=7lp2m6ekxc&p=c760lhjg804aceuxdq1vl256&size=3...

 

then

 

http://aldie.detb.gdn/?sov=93073471&hid=fttnhjxhphfjx&&redid=38265&gsid=68&campaign_id=20&p_id=11895...

before arriving at Plusnet Technologies. It's not like I've never experienced a drive-by browser download before, but every past experience has been a rare one-off that hasn't re-occurred if I steer clear of the web page I was trying to get to when it happened. This Plusnet Technologies thing is hijacking eBay, Yahoo mail....I've run a McAfee virus scan and I've also got Spybot on my laptop and that comes up all clear. Might this have something to with using an old laptop on XP? I'm unsure if I've got something on or in my laptop that is getting past the anti virus, or if its just one of those annoying things. I usually use Chrome as a browser but that's not supported on XP any more. I think Opera is, which I've also got, but occasionally Opera caused my laptop to go blue screen when closed, so I stopped using it. 

 

Mick. 

Moderator's note by Dick (Strat) Post released from spam filter.

14 REPLIES
BrightonRock
Pro
Posts: 287
Thanks: 83
Fixes: 6
Registered: ‎09-04-2016

Re: Plusnet Technologies drive by browser hijack

I've never seen this so I too am unsure what may be causing it. But it might be worth doing a one-off scan with a couple of other security programs to make sure that your machine is clean. That way you will eliminate one possible cause.

I think these both still work on XP. Try superantispyware (free) from http://superantispyware.com/ and AdwCleaner from https://www.malwarebytes.com/adwcleaner/

Community Veteran
Posts: 1,575
Thanks: 267
Fixes: 33
Registered: ‎13-08-2015

Re: Plusnet Technologies drive by browser hijack

If you can, download malwarebytes on another machine, save it to a USB stick, then run it on your infected machine, preferably without being connected to the internet. Then run it again, connected to the internet so it can get the latest updates.

BrightonRock
Pro
Posts: 287
Thanks: 83
Fixes: 6
Registered: ‎09-04-2016

Re: Plusnet Technologies drive by browser hijack

@Mustrum I replied to @mickthefitter earlier but the post seems to have gone missing so you won't have seen it. My suggestion was use superantispyware and adwCleaner rather than MBAM. I am a unsure about running MBAM 3 (which is what would be downloaded) on XP and old hardware. But I agree with you that he needs to do a further malware scan.

Community Veteran
Posts: 1,575
Thanks: 267
Fixes: 33
Registered: ‎13-08-2015

Re: Plusnet Technologies drive by browser hijack

@BrightonRock Your post maybe stuck in the spam filter until a mod releases it.

Guess we all have our favourite anti malware software, and it may well take a few goes to get rid of it.

Moderator
Moderator
Posts: 27,063
Thanks: 1,784
Fixes: 143
Registered: ‎14-04-2007

Re: Plusnet Technologies drive by browser hijack

Moderator Note by Dick (Strat)

Post released from spam filter.

Customer and Forum Moderator. Windows 10 Firefox 62.0.3 (64-bit)

MattyC
Champion
Posts: 3,192
Thanks: 161
Fixes: 46
Registered: ‎10-04-2014

Re: Plusnet Technologies drive by browser hijack

Looks like this might be doing it's rounds again.

For me, it'd be Malwarebytes.

Matty

ex-Plusnet staffer. Any posts after 28/07/2017 aren't on behalf of Plusnet
mickthefitter
Rising Star
Posts: 94
Fixes: 1
Registered: ‎19-03-2015

Re: Plusnet Technologies drive by browser hijack

Thanks for the posts here. In reply to MattyC, yes, THAT is doing the rounds again. In reply to Mustrum, unfortunately I do not have access to another machine. I'll have to download anything I download onto the old one I'm using. I've always been wary of any free downloads (I assume they're free?) in case they've  got malware piggy-backing their way onto my PC. I suppose I'll have to try them though. The alternative is to do what I've done many times in the past (but for different reasons usually) that is save my important photos and files to a stick and get the CDs out, and do a HDD wipe. But then I don't know how I picked up this particular bit of malware so I might get it again after all that. 

 

Mick.

BrightonRock
Pro
Posts: 287
Thanks: 83
Fixes: 6
Registered: ‎09-04-2016

Re: Plusnet Technologies drive by browser hijack

I understand your concern about downloading unknown software. But the 3 items that have been recommended are safe, clean (and free) if downloaded from their home pages. However don't try and download them from anywhere else without advice on whether that site is safe.

It is worth running the downloads before wiping the disk; they may find the problem and avoid that work.Looking at it another way, you don't lose anything much if they were bad (they are not!) as your next step is a wipe anyhow.

It would be prudent to back up your important files first.

mickthefitter
Rising Star
Posts: 94
Fixes: 1
Registered: ‎19-03-2015

Re: Plusnet Technologies drive by browser hijack

There were THREE download suggestions? Was the third MBAM? I got a little confused then as I thought the ones being discussed were superantispyware and adwcleaner. I tried the last two, adwcleaner found nothing at all, while superantispyware found a total of 567 tracking cookies, all associated with Google Chrome. I've quarantined the files and have now decided to revert to using the Opera browser for a time again and see how I get on. At one time I used Firefox, even before Windows stopped their support for the XP o/s, but after a while it used to 'break' my computer with defective icon handlers and other problems. 

 

While adding my Bookmarks to Opera though, I had a thought - Photobucket, which I've used as a photo host to upload photos to a car forum I go on, is a swine for slowing my laptop down while ads load up and pop up that I have to clear in order to continue. I wonder if that's how Plusnet Technologies Ltd. got to me? 

BrightonRock
Pro
Posts: 287
Thanks: 83
Fixes: 6
Registered: ‎09-04-2016

Re: Plusnet Technologies drive by browser hijack

The third cleaning option - recommended by @Mustrum@MattyC - was indeed MBAM.

Please let us know how you get on with Opera.

SpendLessTime
Aspiring Hero
Posts: 2,644
Thanks: 725
Fixes: 69
Registered: ‎21-09-2009

Re: Plusnet Technologies drive by browser hijack

@mickthefitter

If you are using Opera then make sure that the built in  ad blocker is turned on. You can always turn it off for specific sites.

mickthefitter
Rising Star
Posts: 94
Fixes: 1
Registered: ‎19-03-2015

Re: Plusnet Technologies drive by browser hijack

I just thought I'd update you on this one. About one week on, I ran another SUPERantispyware scan this morning (and adwcleaner, though that didn't find anything first time round) and it has come up completely clear, no tracking cookies at all, after a week of using the Opera browser instead of Google Chrome. No reappearance so far either of the Plusnet Technologies Ltd. hijack. Although Opera does appear to use some sort of Google Chrome framework, as when it opens, a tab appears on the top left of the screen with the words 'chrome://startpage', and the default (and unalterable) search box in the middle of the start page is Google. However in 'settings' I can select different search engines to use if I type into the address bar instead, so I've selected Bing and keep trying to remember to do internet searches from that. So whether or not this Plusnet Technologies thing was exploiting a weakness in Chrome for XP, or it's just plain Google that can't be trusted not to share out your personal info, I don't know. In the past, Spybot used to pick up a few tracking cookies left on my computer by Google Chrome, yet it never found anything when I used to use the Firefox browser, but even Spybot has been giving me the 'all-clear' for some time now - yet SUPERantispyware found over 500 tracking cookies last week. Interesting, to say the least. 

 

Mick. 

BrightonRock
Pro
Posts: 287
Thanks: 83
Fixes: 6
Registered: ‎09-04-2016

Re: Plusnet Technologies drive by browser hijack

That is good news.Thank you for letting us know how you are getting on.

If you are worried about tracking cookies - and I do worry about them - some browsers have an option to delete (all) cookies on exit. There are also some add-ons that block them; Ghostery comes to mind (I don't know whether it is available for Opera). Alternatively, you could run ccleaner (from Piriform) every now and then. If you do use ccleaner, be aware that it can be quite aggressive; on my systems, I don't let it clean everything that it wants to as default but changing the settings is very easy.

mickthefitter
Rising Star
Posts: 94
Fixes: 1
Registered: ‎19-03-2015

Re: Plusnet Technologies drive by browser hijack

Okay thanks. Over a month late viewing this, but thanks! Smiley