Ironic perhaps but when I try to open one of my websites yours always pops up!!!
It keeps the domainname of mine in the browserwindow but the page is replaced with yours.
Your software does not detect it!
I suspect you marketing your own trojan? If not, please tell me how to get rid of it.
Sample below
avast! antivirus software - computer virus, worm and Trojan protection by ALWIL SoftwareThe stuff you pasted is normal non-harmful code. Why is there avast page resolved, I don’t know, we don’t do anything like that.
Well I would be a little surprised if you infected computers but is it not strange. I mean what you see on that page is your first page.
Is it your code or not, google analytics code included, or someone elses?
To many coincidents here. The page that redirects to yours is a page I both host and provide support for. It does not redirects every time but when it starts I have to restart my NB to get it stopped. Sometime not even that works. I downloaded your software less than a month ago. Either it is a coincident or someone is trying to make you look bad. I mean, for you to pop up in my window is a little ironical, is it not?
Let me know the url you think we ‘block’ and I’ll try too look into it.
The code you posted is clearly ours, including analytics id. But we don’t do anything like that (we’d be mad to do so).
I beleive I have a trojan in my browser. I agree you would be mad to do that. Therefore i beleive someone is either messing with you or it really it as coincident… Appreciate if you could look into it.
www.thailandsforum.se
Seems clean ???
I have been checking at the server already, there is nothing there and thats why I imply its a trojan in my browser or something. I have your free version which have not detected anything. Run Search and destroy which found nothing as well.
Thought its strange its you out of any pages that pops up.
Can you rephrase? I’m not following you…
Ok, I will ry to summarize!
I think its clear what I see when I try to open www.thailandsforum.se
I beleive I have some kind of virus/trojan that has lounched in my browser or something. Its just strange that its your WEBpage that OPEN in my browser when I click on www.thailandsforum.se. Its redirected I would say because it does not change to your domain in url
I am trying to give you a hint someone may be messing with you. Dont you think its too much of a coincident that your webpage pops up!? Why would anyone make a virus/trojan doing that?
If you run cmd, and there you enter
nslookup thailandsforum.se
do you get this?
Non-authoritative answer:
Name: thailandsforum.se
Address: 208.116.32.55
Aliases: www.thailandsforum.se
No redirect here, direct to the URL you gave. Using firefox, with NoScript extension.
I have no idea if you are infected whatever it is is not very cleaver to send the user to an anti-virus web site.
You could try clearing your DNS cache if you use one.
NilleU,
Have you tried Opera or Firefox?
The free version of SUPERAntiSpyware has protection against your browser being redirected.
These are Band-Aids, you still need to find the cause of your browser being redirected. Try using Eset’s online virus scan. Also run a scan with SUPERAntiSpyware.
No redirect here using Opera9 & IE7.
NilleU, what is the homepage setting in the browser you are using?
I mean, have you checked to make sure the homepage setting has not been changed within the browser you are using?
Depending on the browser used, could it be possible that the browser is first showing a cached page before going to a page that has been set to a homepage? I don’t know, just asking those of you who may know.
Homepage is set to that cery page www.thailandsforum.se
I still have the problem… amazing isnt it?
actually I get that but not only, before that I get:
cant find server adress for 192.168.2.1 timed out
server: vood.lan
adress: 192.168.1.1
then
Non-authoritative answer:
Name: thailandsforum.se
Address: 208.116.32.55
Aliases: www.thailandsforum.se
It is always coming back? If you’re Hijacked, I mean, if your browser is, you should get clean.
If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:
Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3.
Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.
Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).
It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
If you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster (for XP/Vista). For XP: Panda (for XP).
Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.
After you’re clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.
Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.
Thanks, I will give it a shot!
Please, post back the results. Feel free to ask for further help.
I also got this problem on Koh Chang website.
Dr Web shows the website as clean. But, generally, avast detection is more accurate.
Isn’t it an encrypted/obfuscated script or iframe?
Wasn’t the site hacked?
Maybe you could contact its webmaster.
Also, please, check if there are infected gif images (resolved as infected server generated messages): http://forum.avast.com/index.php?topic=45658.0
Do not post live links here: use hxxp: instead of http: or people will accidentally click it.