cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Embedded link query

Strat
Community Veteran
Posts: 31,319
Thanks: 1,608
Fixes: 565
Registered: ‎14-04-2007

Embedded link query

‎09-07-2014 4:48 PM

There's an embedded link (http://www.adobe.com/software/flash/about) on this page http://www.techspot.com/news/57352-adobe-issues-critical-security-bulletin-for-flash-player-update-a...
If I click it I am presented with a single pixel page with this URL
http://cj.dotomi.com/8b103ar-zH/ry2/GFKFIFHO/LGJLOMN/F/F/F?s=u4up%3DDKJpt59oGDEm2%2663x%3Dt551%25FM%25ER%25ER888.mp0nq.o0y%25ER40r58m3q%25ERrxm4t%25ERmn065%25ER%3C%3Ct551%3A%2F%2F888.p1n0x78.zq5%3AKC%2Foxuow-IDGILJK-DCHCFCEL%3C%3CS%3C%3C

I have had this on other links, often Google search results with the same results.
I'm running Waterfox 30.0 and have the same issue in Chrome.
Anyone any ideas?
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
Message 1 of 17
(2,260 Views)
Reply
0 Thanks
16 REPLIES 16
dvorak
Moderator
Moderator
Posts: 29,215
Thanks: 6,534
Fixes: 1,474
Registered: ‎11-01-2008

Re: Embedded link query

‎09-07-2014 5:52 PM

Looks dodgy? http://blog.teesupport.com/how-to-get-rid-of-cj-dotomi-redirect-manual-removal-guide/
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
Message 2 of 17
(697 Views)
Reply
0 Thanks
Strat
Community Veteran
Posts: 31,319
Thanks: 1,608
Fixes: 565
Registered: ‎14-04-2007

Re: Embedded link query

‎09-07-2014 6:59 PM

Thanks.
I went through that procedure earlier today dvorak but nothing showed up in registry or elsewhere.
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
Message 3 of 17
(697 Views)
Reply
0 Thanks
TORPC
Grafter
Posts: 5,163
Registered: ‎08-12-2013

Re: Embedded link query

‎09-07-2014 7:50 PM

Have you tried Malwarebytes or TDSS Killer ?Huh
Message 4 of 17
(697 Views)
Reply
0 Thanks
Strat
Community Veteran
Posts: 31,319
Thanks: 1,608
Fixes: 565
Registered: ‎14-04-2007

Re: Embedded link query

‎09-07-2014 10:17 PM

I've run Malwarebytes and I'm letting Kaspersky have a browse round.
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
Message 5 of 17
(697 Views)
Reply
0 Thanks
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Embedded link query

‎10-07-2014 7:46 AM

If you have Kaspersky, try creating the Rescue Disk, boot from that and let it look around your computer hard drive.  That should give you a better chance of finding a well-concealed virus ("rootkit").
If you hover your mouse over an embedded link you should see what URL is embedded (at the bottom of the screen, typically).  If you click on the link and end-up somewhere else that is a symptom of some sort of DNS changer, malware that redirects your DNS queries to a corrupt server of its own choosing.  One way of achieving this effect, although out-of-fashion at the moment, is to change your settings under Internet Options - Connections - LAN settings to make you use a Proxy Server.  So that is always worth checking under these circumstances.
Message 6 of 17
(697 Views)
Reply
0 Thanks
rongtw
Seasoned Hero
Posts: 6,973
Thanks: 1,541
Fixes: 12
Registered: ‎01-12-2010

Re: Embedded link query

‎10-07-2014 8:03 AM

Have you tried " Hijack this "
http://www.trendmicro.co.uk/products/free-tools-and-services/
Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
Message 7 of 17
(697 Views)
Reply
0 Thanks
TORPC
Grafter
Posts: 5,163
Registered: ‎08-12-2013

Re: Embedded link query

‎10-07-2014 10:23 AM

Then use http://www.hijackthis.de/en to evaluate the results
You can either dragndrop or copy / paste the results from the notepad logged window into it
Message 8 of 17
(697 Views)
Reply
0 Thanks
Strat
Community Veteran
Posts: 31,319
Thanks: 1,608
Fixes: 565
Registered: ‎14-04-2007

Re: Embedded link query

‎10-07-2014 11:38 AM

Hijackthis results were either safe or very safe with no serious issues.
Kaspersky rescue disc created.
Looks like the Kaspersky rescue disc scan is going to take some hours so unfortunately I have to cut the hedge Angry
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
Message 9 of 17
(697 Views)
Reply
0 Thanks
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Embedded link query

‎10-07-2014 12:18 PM

Rather than HijackThis try Autoruns http://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx .  Look for any entry that is not digitally signed (such entries are highlighted) and regard it as suspect.  Not all such entries are bad, sometimes the lack of a digital signature is just carelessness.  Also watch out for signed software from known junkware perpetrators like crawler, conduit etc.
Edit:  In fact if you copy the Autoruns result here I will tell you which entries are suspect.
Message 10 of 17
(697 Views)
Reply
0 Thanks
Strat
Community Veteran
Posts: 31,319
Thanks: 1,608
Fixes: 565
Registered: ‎14-04-2007

Re: Embedded link query

‎10-07-2014 7:03 PM

Kaspersky Rescue Disc scan just finished with no positives....apart from the EICAR test virus I have stored.
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
Message 11 of 17
(697 Views)
Reply
0 Thanks
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Embedded link query

‎10-07-2014 7:20 PM

If your problem persists then you presumably have a sufficiently new version of your malware that the scanners aren't spotting it.  I'll repeat my offer; if you would like to reproduce your Autoruns results here or PM them to me then I'll see if anything stands out as suspicious. 
Message 12 of 17
(697 Views)
Reply
0 Thanks
Strat
Community Veteran
Posts: 31,319
Thanks: 1,608
Fixes: 565
Registered: ‎14-04-2007

Re: Embedded link query

‎10-07-2014 7:31 PM

Autoruns picked out a few red entries but a quick Google of the unknown ones revealed no nasties.
I'm heading for a complete reinstall in the not too distant future for a number of reasons.
Thanks very much for everyone's contributions.
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
Message 13 of 17
(697 Views)
Reply
0 Thanks
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Embedded link query

‎10-07-2014 10:24 PM

Quote from: Strat
a quick Google of the unknown ones revealed no nasties.

Yes, but if a Google search gave a result then it's almost a given that your security software would detect it also.  What you are looking for is something so new that it is unknown and passes undetected.  Typically Lexmark are lax with getting their printer drivers signed, there is (incredibly) an unsigned component of the Trusteer Rapport software, often the odd unsigned codec.  Anything else is suspect.   
Message 14 of 17
(697 Views)
Reply
0 Thanks
rongtw
Seasoned Hero
Posts: 6,973
Thanks: 1,541
Fixes: 12
Registered: ‎01-12-2010

Re: Embedded link query

‎10-07-2014 10:59 PM

Strat , its defo a browser hijack maybe as reed says it a new one  Huh
try this  Wink
http://computervirusmanualremval.blogspot.co.uk/2014/05/remove-browser-hijacker-cjdotomicom-how.html
Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
Message 15 of 17
(697 Views)
Reply
0 Thanks