• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

The Russians Have Invaded My Computer

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
V

Viper69

Member
Joined
Feb 26, 2003
Anyone offer advice on this one?? Exact description below.

I updated KAV virus definitions.

I search via google for hotels.com

I click on link from google and land at hotels.com

I search for hotel in the USA, click on the site’s blue SEARCH button and the website domain goes from www.hotels.com to www.ru.hotels.com showing me a listing of Russian hotels!!

Never seen this before!!

I do the exact same thing as above with a different computer that is using the same router just wireless.

No issues!!

Sounds like virus or malware..

Need advice IF CC Cleaner, Malewarebytes and KAV all come back clean???!

All definitions are up to date.
 
check your hosts file

what other browsers have you tried?

Windows up to date?

Scans ran in safe mode?
 
Alaric's advice is good. You can also try resetting your browser to default settings which will nix any unwanted add ons and extensions.

I certainly would scan your computer thoroughly for malware. I would also do a boot time scan outside of Windows with something like this: https://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html. If you use this tool I would advise connectiing to the internet via ethernet rather than wifi, at least temporarily since it will want to update the database outside of Windows and will need a connection in place to do this as the computer boots. It uses the Linux OS so if you must used Wifi you would have to have a Linux compatible NIC.

Avast free version also has the ability to do boot time scans. Some of the worst infections can't be detected and cleaned from within Windows because they masquerade as legitimate system files and are in use already when in Windows.
 
Alaric said:
Have you tried a different browser on the affected rig?
Click to expand...

I just did. I tried IE v 11.0.x - did not have this issue.

Janus67 said:
check your hosts file

what other browsers have you tried?

Windows up to date?

Scans ran in safe mode?
Click to expand...

Windows is up to date, as of today actually.

How does one check the host's file?

Scans by all three software came up negative, not done in safe mode. Curious, what's the significance of running in safe mode for the scans--- is it that some malware lodges itself into software that is only loaded upon a full startup??? I removed my ethernet connection from the computer while doing the scans. I did not scan in safe mode yet. I will do this!

trents said:
Alaric's advice is good. You can also try resetting your browser to default settings which will nix any unwanted add ons and extensions.

I certainly would scan your computer thoroughly for malware. I would also do a boot time scan outside of Windows with something like this: https://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html. If you use this tool I would advise connectiing to the internet via ethernet rather than wifi, at least temporarily since it will want to update the database outside of Windows and will need a connection in place to do this as the computer boots. It uses the Linux OS so if you must used Wifi you would have to have a Linux compatible NIC.

Avast free version also has the ability to do boot time scans. Some of the worst infections can't be detected and cleaned from within Windows because they masquerade as legitimate system files and are in use already when in Windows.
Click to expand...

I will look into resetting to default in FF. No malware or virus detected.

Have not done a boot scan. Didn't consider that one. I believe I have a KAV boot scan disk of sorts. Though I will look into the link you sent me. The problem PC/browser is connected via ethernet, no Wifi for it.

This is true re: malware acting as legit software. Good point.
 
hosts file is located in c:\windows\system32\drivers\etc edit with notepad/notepad++ (as admin)

Safe mode is to prevent items that would run at startup that could be hiding things

I agree with resetting FF to default in case there was some sort of browser hijack


You could also try the TronScript tool https://www.reddit.com/r/TronScript/
 
Viper69 said:
I just did. I tried IE v 11.0.x - did not have this issue.



Windows is up to date, as of today actually.

How does one check the host's file?

Scans by all three software came up negative, not done in safe mode. Curious, what's the significance of running in safe mode for the scans--- is it that some malware lodges itself into software that is only loaded upon a full startup??? I removed my ethernet connection from the computer while doing the scans. I did not scan in safe mode yet. I will do this!



I will look into resetting to default in FF. No malware or virus detected.

Have not done a boot scan. Didn't consider that one. I believe I have a KAV boot scan disk of sorts. Though I will look into the link you sent me. The problem PC/browser is connected via ethernet, no Wifi for it.

This is true re: malware acting as legit software. Good point.
Click to expand...

Actually, it is better if you are connected to the net by ethernet if you run the Bitdefender product I linked. That way it will most likely be able to connect to the download server to update. I think you misread my post.
 
Pinky said:
Is it only on hotels.com? I wonder if that site is incorrectly guessing your location.
Click to expand...


Yes. Also, why would hotels guess one computer correctly and the other incorrectly when they are using the same ISP/same router etc in the same room?
 
Janus67 said:
hosts file is located in c:\windows\system32\drivers\etc edit with notepad/notepad++ (as admin)

Safe mode is to prevent items that would run at startup that could be hiding things

I agree with resetting FF to default in case there was some sort of browser hijack


You could also try the TronScript tool https://www.reddit.com/r/TronScript/
Click to expand...


Thanks! I always look for you Earth, Trents etc, you guys always give me quality info, not that others don't mind you. Just more reliable at times or consistent hah.

The TronScript, is this something that is automated. I saw a workflow in green font on the Reddit page, wasn't sure if I needed to do each list of tasks on each of those green hyperlinks?

- - - Updated - - -

Janus67 said:
hosts file is located in c:\windows\system32\drivers\etc edit with notepad/notepad++ (as admin)

Safe mode is to prevent items that would run at startup that could be hiding things

I agree with resetting FF to default in case there was some sort of browser hijack


You could also try the TronScript tool https://www.reddit.com/r/TronScript/
Click to expand...



Also regarding the Host file, what should I specifically looking for?
 
Viper69 said:
Thanks! I always look for you Earth, Trents etc, you guys always give me quality info, not that others don't mind you. Just more reliable at times or consistent hah.

The TronScript, is this something that is automated. I saw a workflow in green font on the Reddit page, wasn't sure if I needed to do each list of tasks on each of those green hyperlinks?

- - - Updated - - -





Also regarding the Host file, what should I specifically looking for?
Click to expand...

Somthing in it for a start , and more specific something with hotels.com .

There was another member yesterday that had speed test reporting the wrong location ( idk if it was a DNS or prefech problem) using chrome vs ff(i think)
It seams like it thinks you are in Russia for some reason . For me I never trust AV / malware to remove the problem if/when it happens I do a fresh install .
 
Janus67 said:
hosts file is located in c:\windows\system32\drivers\etc edit with notepad/notepad++ (as admin)

Safe mode is to prevent items that would run at startup that could be hiding things

I agree with resetting FF to default in case there was some sort of browser hijack


You could also try the TronScript tool https://www.reddit.com/r/TronScript/
Click to expand...


I opened the hosts file wit Notepad, it's empty. Below is all I can see. Also, I'm the admin, and I see no way to select edit. Right clicking, the context menu has no entry for EDIT. Rename, Delete sure, but no EDIT. I checked to see if I am the admin, and I am.

I can open with notepad...I'm lost hah.

"# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost"
 
Viper69 said:
Yes. Also, why would hotels guess one computer correctly and the other incorrectly when they are using the same ISP/same router etc in the same room?
Click to expand...

Do you use a private VPN or other software that could obfuscate your identity and/or location?
 
Viper69 said:
Anyone offer advice on this one?? Exact description below.

I updated KAV virus definitions.

I search via google for hotels.com

I click on link from google and land at hotels.com

I search for hotel in the USA, click on the site’s blue SEARCH button and the website domain goes from www.hotels.com to www.ru.hotels.com showing me a listing of Russian hotels!!

Never seen this before!!

I do the exact same thing as above with a different computer that is using the same router just wireless.

No issues!!

Sounds like virus or malware..

Need advice IF CC Cleaner, Malewarebytes and KAV all come back clean???!

All definitions are up to date.
Click to expand...

Sounds like a cookie or cache problem. Have you cleared the cookies and cache?
 
You must log in or register to reply here.

Similar threads

c627627
Avira 13.0.0.2890 takes away the option to disable Product Updates, so stay with
Replies
18
Views
11K
c627627
c627627
c627627
Antivirus Freeware Avira AntiVir Personal 12.0.0.1125 with less nags is out
Replies
15
Views
11K
c627627
c627627
[sic]ofOrdinary
Running A Happier WindowsXP Box
Replies
7
Views
1K
c627627
c627627
Foxie3a
Do I have a virus? Well, I have something...
Replies
3
Views
2K
Foxie3a
Foxie3a
oYAKUZAo
Improving PC performance
Replies
3
Views
3K
oYAKUZAo
oYAKUZAo
Back