wenkman 0 Posted December 31, 2012 Hi, for a few days now google redirects me to "url4short.info" when entering "combatace" at google and than klicking on the respective search result. Sure, it makes me wonder that there might be a virus on my computer, but since it is only whith combatace and no other word I search for and enter at google I want to ask, if anybody else is experiencing the same strange thing. Wenkman Share this post Link to post Share on other sites
+JonathanRL 974 Posted December 31, 2012 You got a virus. Sweep your computer again and again until it stops. Share this post Link to post Share on other sites
Slartibartfast 153 Posted December 31, 2012 Definitely a virus or malware also download a new virus checker preferably from another PC and Malwarebytes is also a good option run them both and that should hopefully sort it all out. Share this post Link to post Share on other sites
SFP1Ace 33 Posted December 31, 2012 Quote from another forum: "This is probably an issue on Brian's end... In a nutshell, someone used an exploit or vulnerability to get server level access to this site. Probably some dateless, pimplefaced, snotnosed, hot pocket snarfing, script kiddie living in their mom's basement as this is amateur hour stuff. Sometimes low rent no talent "hackers" hack sites and get paid by crooks for driving traffic to their illicit urls. I can only guess since I do not have access to cpanel, but it sounds like someone has hijacked and redirected this site's traffic to url2short.info. It's a fake "tinyurl" type site that plants a redirect trojan on vulnerable machines. If your anti virus is up to date you should be ok. I just tested Avast and it does recognize the exploit. This has been done before to other vBulletin (I am guessing that this is what Brian is using) forums. Here is how to determine if this is the case and correct it (note: some of this is from memory): 1 Go into cPanel and under Remote MySQL you should either see either no hosts configured or, if you have a specific database of your own enabled, the name of that database(s). Now this is the important part; if you see a "%" character, DELETE IT. That character is a wildcard that allows any server to connect. 2. Make sure you change your passwords in cPanel and MySQL. 3. Pick any add-on, disable it, then re-enable it to clear the datastore. 4. Found this tidbit which should make fixing things up easier. Download the tool_reparse.php from this thread: http://www.vbulletin...ad.php?t=220967 . It will rebuild your templates if they are corrupted. Read through the thread first so you understand what's going on and what the tool does. That should do it. If you ask me how I know all this, let's just say that if you have ever seen me shoot, you know I sure don't do THAT for a living... One last thing. I did a little checking and it does not appear to be a dns exploit, so that's good. It seems odd that that url is not on my blacklist yet my software just ignored the redirect without even throwing up a warning, which is a little odd. I would not have known about this if I hadn't seen this thread. I will have to look into that. HTH Updated with more explanation..." Share this post Link to post Share on other sites
Fubar512 1,350 Posted December 31, 2012 This is not a virus in of itself, but a redirect on the server level, as SFP1Ace stated. It has effected my smart phone, as well as several different PCs at my job site. So far, it's has not dropped any trojans or viruses onto any of the systems that I use, most likely because of their level of protection. Share this post Link to post Share on other sites
Slartibartfast 153 Posted December 31, 2012 This is not a virus in of itself, but a redirect on the server level, as SFP1Ace stated. It has effected my smart phone, as well as several different PCs at my job site. So far, it's has not dropped any trojans or viruses onto any of the systems that I use, most likely because of their level of protection. But to be honest it can never hurt to run a seperate Anti-Virus or Trojan/Malware protection program after something like this... I have seen it a few times and I have also seen it were it has dropped some nice presents on the host machine. Share this post Link to post Share on other sites
Caesar 305 Posted December 31, 2012 (edited) A friend of mine and I killed a redirect infection on my parents computer two days ago (lucky we were home for the holidays!) It was basically doing the same thing. The malware had affected the hosts file on the computer (redirecting all search engines to the same IP), but we were unable to modify or delete the infected file in Windows, or with any other Windows-based application due to the tight permissions the malware had applied to the infected hosts file. We ran xubuntu 12.04 from a CD since Linux doesn't care about Windows permissions very much, generated a new hosts file, and killed the infected one. Rebooted the machine, ran malwarebytes, C cleaner (because why not) and their antivirus program. The computer has stopped redirecting and there were no other infections found. Edited December 31, 2012 by Caesar Share this post Link to post Share on other sites
wenkman 0 Posted December 31, 2012 Quote from another forum: "This is probably an issue on Brian's end... In a nutshell, someone used an exploit or vulnerability to get server level access to this site. Probably some dateless, pimplefaced, snotnosed, hot pocket snarfing, script kiddie living in their mom's basement as this is amateur hour stuff. Sometimes low rent no talent "hackers" hack sites and get paid by crooks for driving traffic to their illicit urls. I can only guess since I do not have access to cpanel, but it sounds like someone has hijacked and redirected this site's traffic to url2short.info. It's a fake "tinyurl" type site that plants a redirect trojan on vulnerable machines. If your anti virus is up to date you should be ok. I just tested Avast and it does recognize the exploit. This has been done before to other vBulletin (I am guessing that this is what Brian is using) forums. Here is how to determine if this is the case and correct it (note: some of this is from memory): 1 Go into cPanel and under Remote MySQL you should either see either no hosts configured or, if you have a specific database of your own enabled, the name of that database(s). Now this is the important part; if you see a "%" character, DELETE IT. That character is a wildcard that allows any server to connect. 2. Make sure you change your passwords in cPanel and MySQL. 3. Pick any add-on, disable it, then re-enable it to clear the datastore. 4. Found this tidbit which should make fixing things up easier. Download the tool_reparse.php from this thread: http://www.vbulletin...ad.php?t=220967 . It will rebuild your templates if they are corrupted. Read through the thread first so you understand what's going on and what the tool does. That should do it. If you ask me how I know all this, let's just say that if you have ever seen me shoot, you know I sure don't do THAT for a living... One last thing. I did a little checking and it does not appear to be a dns exploit, so that's good. It seems odd that that url is not on my blacklist yet my software just ignored the redirect without even throwing up a warning, which is a little odd. I would not have known about this if I hadn't seen this thread. I will have to look into that. HTH Updated with more explanation..." Mmh, ok, but what does that mean to me, does downloading from combatace infect my computer and/or being redirected to this other page? Share this post Link to post Share on other sites
FastCargo 412 Posted December 31, 2012 I just tested using Google and am not seeing a redirect. Also, just typed directly into the url window with the correct result. FC Share this post Link to post Share on other sites
+Erik 1,812 Posted January 1, 2013 Whoaaaaa .... step on the brakes. CPanel, MYSQL, VBulletin, WTF? Wenkman, this sounds like malware that's affecting your computer. Do you have an anti-virus product installed on your machine? Is your anti-virus (AV) up to date? What operating system are you using? What browser are you using? Can you get to this site? http://housecall.trendmicro.com/ Downloading from our site. Because we are a file repository and we've served over 4 million files to the public file corruption is a real fact. We minimize rogue files by monitoring who uploads them, file type, scanning all our files nightly for changes or corruption and upon upload. Now this will never guarantee that it's impossible to have unhealthy files here, but it makes it pretty hard to do so. Most of our files are not executable or delivered with installers. Those that are in the form of .exe or .msi files should be scanned locally on your machine before, to make doubly sure, installing (which most AV products do by default). Share this post Link to post Share on other sites
+Gepard 11,316 Posted January 1, 2013 (edited) Eric, i got the same redirection to url4short.info when i used google two days ago. Withe the shortcut list i had no problems to come to Combatace. I use Firefox 17.0.1 and Avira anti virus with lastest update. Also my WindowsXP is on the last update level. After a full anti virus screening Avira found no infection. Edited January 1, 2013 by Gepard Share this post Link to post Share on other sites
+Erik 1,812 Posted January 1, 2013 Eric, i got the same redirection to url4short.info when i used google two days ago. Withe the shortcut list i had no problems to come to Combatace. I use Firefox 17.0.1 and Avira anti virus with lastest update. Also my WindowsXP is on the last update level. After a full anti virus screening Avira found no infection. Thank you. I'm actually making some changes, which is why I'm up so late. I should have this resolved in a couple hours. Share this post Link to post Share on other sites
+Erik 1,812 Posted January 1, 2013 I believe this should be resolved for everyone. Please let me know if it is not. Issue: Search engines like Google and Yahoo were caching corrupt site files. Replication: Enter the search term "Combatace" into a search engine > click on the links supplied by search engine redirected to a corrupt URL Current: Testing Fix Share this post Link to post Share on other sites
Fubar512 1,350 Posted January 1, 2013 (edited) Erik, it's an attempted redirect from Google. It has effected (but not infected) several PCs that I use to access CA from work, and I've experienced the re-direct least two different smart phones. Having an up to date AV and anti-Malware suite will prevent infection, but doesn't do anything for the fact that it's (again) a redirect from the world's most popular search engine, to a supposed link for Combatace. Edited January 1, 2013 by Fubar512 Share this post Link to post Share on other sites
+Erik 1,812 Posted January 1, 2013 Erik, it's an atempted redirect from Google. It has effected (but not infected) several PCs that I use to access CA from work, and I've experienced the re-direct least two different smart phones. Having an up to date AV and anti-Malware suite will prevent infection, but doesn't do anything for the fact that it's (again) a redirect from the world's most popular search engine, to a supposed link for Combatace. I am aware of this. I found the complaint and fixed it. I simply need to know if it's fixed for you. Share this post Link to post Share on other sites
wenkman 0 Posted January 1, 2013 (edited) I am aware of this. I found the complaint and fixed it. I simply need to know if it's fixed for you. Hi Erik and everyone: happy new year! Erik, I think you got it, at the moment there is no redirecting, not from IExplorer and not from Firefox. Hopefully that`s it. Thanks a lot. By the way, my system is up to date and I do care a lot to have a safe system. I also checked with an IT expert in the meantime and after running a lot of special anti virus stuff on my system with no results it leaves us with the opportunity that it is your system/server in some way. Anyway, thank you also for coming up with some info about you keeping an eye on the up- and downloads on your site which gives me a much better feeling. Alright, I love my hobby and I love my favorite download site, so, thank you! Wenkman Edited January 1, 2013 by wenkman Share this post Link to post Share on other sites
+Erik 1,812 Posted January 1, 2013 I agree it doesn't have anything to do with your computer or your anti-virus. That was my initial thought based on all the malware that's been going around. However after I was able to replicate the problem locally I was able to determine that the problem was the cache files Google was reading. I fixed the problem and resolved the issue. Thanks for alerting me. Share this post Link to post Share on other sites
Fubar512 1,350 Posted January 1, 2013 Seems to be corrected, just tried all the Combatace links on Google from my home PC and my smart phone. Thanks a bunch... Share this post Link to post Share on other sites
RogerSmith 72 Posted January 1, 2013 I also had a problem today and yesterday with "Failed Redirects" and "404s" I thought it was down, I just used CCleaner to clear all internet data Share this post Link to post Share on other sites
Phasers 7 Posted September 15, 2013 (edited) I know this may be a little late but the problem is still around so just incase you get hit with the Google Search Hijacker which is what you probably had. I had the same issue a few times and each time Combofix fixed the problem. Be aware that some AntiVirus/AntiSpyware software will mark Combofix as a virus. I don't know why they keep doing this because it is a Virus/Hijacker/Rootkit/Trojan killer. Also download the free version of Malwarebytes and run a scan at least once a week. Most IMPORTANTLY though are the updates. I know so many people that never keep their security software updated and they keep wondering why they get a virus all the time. Edited September 15, 2013 by Phasers Share this post Link to post Share on other sites
+Erik 1,812 Posted September 15, 2013 You're talking about something totally different. The problem discussed here was an issue with our cache files. This issue has been resolved and is NOT still around. The problem you're talking about has to do with browser hijacking. That's something that is still fairly prevalent and not anything we can control. A reduction in surfing those lures of free questionable pron sites usually helps. Share this post Link to post Share on other sites