1

When I type in www.yahoo.com on the address bar, it loads some page with random pop ups and spurious links. It was working well all along till yesterday. Other sites like gmail, facebook load and no issues there. I tried to ping www.yahoo.com and it responded well. Assuming DNS not to be the problem, can anyone please help me solve this issue.

EDIT: Not only yahoo.com, but microsoft.com is also getting redirected to 212.113.36.83 Hosts file does not have any weird entry.

Thanks a lot, Trinity.

Nate Koppenhaver
  • 3,641
  • 4
  • 33
  • 56
trinity
  • 191
  • 2
  • 3
  • 8
  • 1
    You did not rule out DNS issues. What was the output of `ping yahoo.com`? – iglvzx Jan 21 '12 at 19:27
  • 1
    Pinging yahoo.com [212.113.36.83] with 32 bytes of data: Reply from 212.113.36.83: bytes=32 time=242ms TTL=50 Reply from 212.113.36.83: bytes=32 time=241ms TTL=50 Reply from 212.113.36.83: bytes=32 time=240ms TTL=50 Reply from 212.113.36.83: bytes=32 time=239ms TTL=50 Ping statistics for 212.113.36.83: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 239ms, Maximum = 242ms, Average = 240ms – trinity Jan 21 '12 at 19:29
  • Thank you. That is not an IP address for Yahoo. – iglvzx Jan 21 '12 at 19:35
  • Oh, is it some malware ? I've heard about "googleads.g.doubleclick.net" that causes such diversions..Warnings in "Inspect Element" say "Unsafe JavaScript attempt to access frame with URL http://in.yahoo.com/ from frame with URL http://212.113.36.83/float.html. Domains, protocols and ports must match." – trinity Jan 21 '12 at 19:39
  • Now, even microsoft.com is getting redirected !! – trinity Jan 21 '12 at 19:55
  • Which operating system? – iglvzx Jan 21 '12 at 20:12
  • Windows XP Operating system.. – trinity Jan 21 '12 at 20:24

2 Answers2

2

From the comments, it sounds like something is messing with DNS entries or your hosts file.

The easiest to check will be the hosts file. Open the run dialog (Start->Run) and type:

c:\windows\notepad.exe c:\windows\system32\drivers\etc\hosts

This will open your hosts file in Notepad. Look for entries in it such as:

212.113.36.83        yahoo.com
xxx.xxx.xxx.xxx      microsoft.com

etc. If there are entries like that there, then that explains the redirection and means that something (such as spyware/malware) is messing with the file.

Nate Koppenhaver
  • 3,641
  • 4
  • 33
  • 56
  • 1
    you beat me to it, i'll have to be more careful with when I time when to have a scratch, I needed two hands – barlop Jan 21 '12 at 20:44
  • There were no entries like that.. – trinity Jan 22 '12 at 05:02
  • 1
    @trinity - Clearly you have malware. 212.113.36.83 points to a block in the Ukraine. – skub Jan 22 '12 at 05:22
  • I tried setting DNS ips as : 8.8.8.8 and 8.8.4.4. when i pinged for yahoo.com from cmd prompt, got replies from 98.137.149.56. But when i did the same via chrome browser, it got redirected to this malware page. Should I try resetting the modem ?.. – trinity Jan 22 '12 at 06:01
  • @trinity I don't think resetting the modem would do anything. What antivirus do you have? Try scanning your computer – Nate Koppenhaver Jan 22 '12 at 19:38
  • 1
    It's most likely a rootkit, so a system restore is your best option, or you could try turning off any unknown startup processes using msconfig (if you don't know what should stay on and what shouldn't, I wouldnt do this). – cutrightjm Jan 27 '12 at 18:14
  • yes please don't use `msconfig` if you don't know what you're doing... you may end up doing more harm than good. @trinity you might try booting into Safe Mode (with networking) and see if the problem persists there – Nate Koppenhaver Jan 27 '12 at 18:36
0

You need to go through the steps outlined in the community wiki about how to clean up a viral infection: How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?

Community
  • 1
music2myear
  • 40,472
  • 44
  • 86
  • 127