cancel
Showing results for 
Search instead for 
Did you mean: 

Embedded link query

Moderator
Moderator
Posts: 25,877
Thanks: 1,188
Fixes: 49
Registered: 14-04-2007

Embedded link query

There's an embedded link (http://www.adobe.com/software/flash/about) on this page http://www.techspot.com/news/57352-adobe-issues-critical-security-bulletin-for-flash-player-update-a...
If I click it I am presented with a single pixel page with this URL
http://cj.dotomi.com/8b103ar-zH/ry2/GFKFIFHO/LGJLOMN/F/F/F?s=u4up%3DDKJpt59oGDEm2%2663x%3Dt551%25FM%25ER%25ER888.mp0nq.o0y%25ER40r58m3q%25ERrxm4t%25ERmn065%25ER%3C%3Ct551%3A%2F%2F888.p1n0x78.zq5%3AKC%2Foxuow-IDGILJK-DCHCFCEL%3C%3CS%3C%3C

I have had this on other links, often Google search results with the same results.
I'm running Waterfox 30.0 and have the same issue in Chrome.
Anyone any ideas?

Customer and Forum Moderator.

16 REPLIES
Moderator
Moderator
Posts: 17,334
Thanks: 968
Fixes: 113
Registered: 11-01-2008

Re: Embedded link query

Moderator
Moderator
Posts: 25,877
Thanks: 1,188
Fixes: 49
Registered: 14-04-2007

Re: Embedded link query

Thanks.
I went through that procedure earlier today dvorak but nothing showed up in registry or elsewhere.

Customer and Forum Moderator.

TORPC
Grafter
Posts: 5,163
Registered: 08-12-2013

Re: Embedded link query

Have you tried Malwarebytes or TDSS Killer ?Huh
Moderator
Moderator
Posts: 25,877
Thanks: 1,188
Fixes: 49
Registered: 14-04-2007

Re: Embedded link query

I've run Malwarebytes and I'm letting Kaspersky have a browse round.

Customer and Forum Moderator.

Community Veteran
Posts: 4,767
Thanks: 102
Fixes: 19
Registered: 14-07-2009

Re: Embedded link query

If you have Kaspersky, try creating the Rescue Disk, boot from that and let it look around your computer hard drive.  That should give you a better chance of finding a well-concealed virus ("rootkit").
If you hover your mouse over an embedded link you should see what URL is embedded (at the bottom of the screen, typically).  If you click on the link and end-up somewhere else that is a symptom of some sort of DNS changer, malware that redirects your DNS queries to a corrupt server of its own choosing.  One way of achieving this effect, although out-of-fashion at the moment, is to change your settings under Internet Options - Connections - LAN settings to make you use a Proxy Server.  So that is always worth checking under these circumstances.
rongtw
Seasoned Hero
Posts: 6,455
Thanks: 1,208
Fixes: 11
Registered: 01-12-2010

Re: Embedded link query

Have you tried " Hijack this "
http://www.trendmicro.co.uk/products/free-tools-and-services/
Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
TORPC
Grafter
Posts: 5,163
Registered: 08-12-2013

Re: Embedded link query

Then use http://www.hijackthis.de/en to evaluate the results
You can either dragndrop or copy / paste the results from the notepad logged window into it
Moderator
Moderator
Posts: 25,877
Thanks: 1,188
Fixes: 49
Registered: 14-04-2007

Re: Embedded link query

Hijackthis results were either safe or very safe with no serious issues.
Kaspersky rescue disc created.
Looks like the Kaspersky rescue disc scan is going to take some hours so unfortunately I have to cut the hedge Angry

Customer and Forum Moderator.

Community Veteran
Posts: 4,767
Thanks: 102
Fixes: 19
Registered: 14-07-2009

Re: Embedded link query

Rather than HijackThis try Autoruns http://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx .  Look for any entry that is not digitally signed (such entries are highlighted) and regard it as suspect.  Not all such entries are bad, sometimes the lack of a digital signature is just carelessness.  Also watch out for signed software from known junkware perpetrators like crawler, conduit etc.
Edit:  In fact if you copy the Autoruns result here I will tell you which entries are suspect.
Moderator
Moderator
Posts: 25,877
Thanks: 1,188
Fixes: 49
Registered: 14-04-2007

Re: Embedded link query

Kaspersky Rescue Disc scan just finished with no positives....apart from the EICAR test virus I have stored.

Customer and Forum Moderator.

Community Veteran
Posts: 4,767
Thanks: 102
Fixes: 19
Registered: 14-07-2009

Re: Embedded link query

If your problem persists then you presumably have a sufficiently new version of your malware that the scanners aren't spotting it.  I'll repeat my offer; if you would like to reproduce your Autoruns results here or PM them to me then I'll see if anything stands out as suspicious. 
Moderator
Moderator
Posts: 25,877
Thanks: 1,188
Fixes: 49
Registered: 14-04-2007

Re: Embedded link query

Autoruns picked out a few red entries but a quick Google of the unknown ones revealed no nasties.
I'm heading for a complete reinstall in the not too distant future for a number of reasons.
Thanks very much for everyone's contributions.

Customer and Forum Moderator.

Community Veteran
Posts: 4,767
Thanks: 102
Fixes: 19
Registered: 14-07-2009

Re: Embedded link query

Quote from: Strat
a quick Google of the unknown ones revealed no nasties.

Yes, but if a Google search gave a result then it's almost a given that your security software would detect it also.  What you are looking for is something so new that it is unknown and passes undetected.  Typically Lexmark are lax with getting their printer drivers signed, there is (incredibly) an unsigned component of the Trusteer Rapport software, often the odd unsigned codec.  Anything else is suspect.   
rongtw
Seasoned Hero
Posts: 6,455
Thanks: 1,208
Fixes: 11
Registered: 01-12-2010

Re: Embedded link query

Strat , its defo a browser hijack maybe as reed says it a new one  Huh
try this  Wink
http://computervirusmanualremval.blogspot.co.uk/2014/05/remove-browser-hijacker-cjdotomicom-how.html
Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .