cancel
Showing results for 
Search instead for 
Did you mean: 

Visitors' Survey: Google

Mav
Moderator
Moderator
Posts: 22,371
Thanks: 4,725
Fixes: 514
Registered: ‎06-04-2007

Visitors' Survey: Google

A few times this morning, after entering Google.co.uk, I have been met with the page as shown below.
It seems that the Google search page is displayed for a second or so before the other page is shown. I close the Tab and start again. But this doesn't happen every time.
I've also had a similar experience with dailymail.co.uk and bbc.co.uk but directing to a different survey page.
I regularly run Malwarebytes, Spybot and MSE having updated each beforehand. I have run each just now as well as checking Programs and Features, Addons, etc and cannot find anything untoward.
A Google search suggests that these sites come up from misspelling the URL but that's not what's happened here.
Anyone else experienced this or have any ideas?

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

23 REPLIES 23
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Visitors' Survey: Google

I suppose you should check:

  • the DNS server settings on the computer

  • the hosts file wherever that is on Windows (appears to be C:\Windows\System32\drivers\etc\hosts on my Vista partition)

  • proxy server settings


Something altering any one of those could interfere with web browsing, redirect you to other web sites etc.
Also note that Google uses https by default these days, so you should end up at https://www.google.co.uk/ , which is harder to interfere with because your web browser checks the SSL certificate.
Mav
Moderator
Moderator
Posts: 22,371
Thanks: 4,725
Fixes: 514
Registered: ‎06-04-2007

Re: Visitors' Survey: Google

Thanks ejs.
The DNS is and has been set to 8.8.8.8 and 8.8.4.4 for a very long time.
Set to use System Proxy both in FF and Control Panel-Internet Options (not sure yet how to check what that is actually set to).
Now what is strange is that the word Windows in your second bullet points was a hyper-link. Hovering the mouse over showed it to link to another thread with the community forums. Clicking on the link and it lead to one of several different sites including two survey sites again.
Now the hyper-link has gone but no message to indicate that you edited your post.
Edit; Hyper-link bay and hovering the mouse over I get Click to continue > by Smartsuggestor with the Community forum web link in the bottom left corner of FF. But clicking the link still brings up an erroneous page as before.
Edit 2: Something else... I cannot now double or triple click or even drag the mouse to highlight word(s) in the Google search box in FF but fine in other text boxes and within IE.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Visitors' Survey: Google

Sounds like an unwanted addon. Did you ever intentionally install smartsuggestor? Did any addons get updated recently, but now one of them bundles the unwanted stuff?
ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Visitors' Survey: Google

Reminiscent of the type of behaviour caused by the TDSS family of malware.  These are rootkits and very difficult to detect.  Try running TDSSKiller with the option to look for the file system selected.  You can download TDSSKiller from the Kaspersky Labs web site but that's on a go-slow at the moment so I cannot find you a direct link.  Alternatively, run an offline virus scan from a boot disc.
PS  I have not met TDSS for a year or two.  Last seen, its most obvious manifestation was if you ran a Google (or similar) search and clicked on one of the links you might find yourself whisked-off to a completely different web site than the one indicated in the search listing.
Mav
Moderator
Moderator
Posts: 22,371
Thanks: 4,725
Fixes: 514
Registered: ‎06-04-2007

Re: Visitors' Survey: Google

Nope, never intentionally installed smartsuggestor.
There was a Logmein addon update recently but that was last week.

But here's another strange thing... Running TDSSKiller from Kaspersky's site tells me there is a later version to download (Current version: 2.8.16.0 Actual version: 2.8.17.0). Clicking on Load update and a zip file is downloaded. Extracting that and clicking the new TDSSKiller.exe file brings up the same window and there we go round in circles! Clicking continue rather than update seems to work.
TDSSKIller which said it found 7 objects but no sign of anything being deleted just quarantined. A second run and no threats found.
Off to do a reboot now.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

Mav
Moderator
Moderator
Posts: 22,371
Thanks: 4,725
Fixes: 514
Registered: ‎06-04-2007

Re: Visitors' Survey: Google

One reboot later and things seems to be back to normal with no erroneous survey sites popping up or bogus hyper-links.
Fingers crossed all is sorted (is there a fingers cross icon somewhere?).

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Visitors' Survey: Google

What threats did TDSSKiller find?  If TDSSKiller removed a rootkit then some other files that could have been hidden before may now be visible so you should run your other security software again to check.
Mav
Moderator
Moderator
Posts: 22,371
Thanks: 4,725
Fixes: 514
Registered: ‎06-04-2007

Re: Visitors' Survey: Google

Sorry, forgot to make a copy of the list for reference - a bit remiss of me Embarrassed
Running full scans now and will let you now the results later.
Thanks for all the help.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

shutter
Community Veteran
Posts: 22,206
Thanks: 3,769
Fixes: 65
Registered: ‎06-11-2007

Re: Visitors' Survey: Google

Did anyone read the "small print" at the bottom ?
Quote

We are not affilliated nor partnered, wwith Google, Google has not authored, participated in, or in any way reviewed this advertisment or authorized it.

Mav
Moderator
Moderator
Posts: 22,371
Thanks: 4,725
Fixes: 514
Registered: ‎06-04-2007

Re: Visitors' Survey: Google

Yes, I did notice that and that is what compounded my concerns.
All full scans completed (again) and no threats found. Meanwhile all seems quiet on the Western Front Cool

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

Mav
Moderator
Moderator
Posts: 22,371
Thanks: 4,725
Fixes: 514
Registered: ‎06-04-2007

Re: Visitors' Survey: Google

There still seems to be some residual issue.
Remember I said some words appeared to act a bit like hyper-links and hovering over them displayed the message Click to continue > by Smartsuggestor? That is happening again but not all the time. Refreshing the page and the word(s) is/are no longer underlined and highlighted in blue.
I have searched everywhere for any reference to SmartSuggester on my PC but cannot find any trace of it so am stumped again Sad

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Visitors' Survey: Google

Sounds bad, try a bootable anti-virus CD or USB. Preferably created on another computer!
The other thing to be concerned about, if it is something well hidden and nasty, is that you don't really know how long it's been there for. It may have only started making a visible nuisance of itself this morning, but it could have been hiding undetected for longer.
rongtw
Seasoned Hero
Posts: 6,973
Thanks: 1,541
Fixes: 12
Registered: ‎01-12-2010

Re: Visitors' Survey: Google

as a matter of interest MAV , have you "show hidden folders" allowed ? maybe a simple fix .
also try Hijack this Smiley
Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
Mav
Moderator
Moderator
Posts: 22,371
Thanks: 4,725
Fixes: 514
Registered: ‎06-04-2007

Re: Visitors' Survey: Google

One of the first things I always do is show hidden files and folders when setting up the OS.
I'll give Hijack This a go tomorrow as it's a little later now and I prefer to be wide awake for this Roll_eyes

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still