Personal Development for Smart People^TM Forums

CoolBee · 02-19-2011, 02:30 PM

On my other computer, my facebook URL has been hijacked. If I type www. facebook . com, then it gets redirected to something called socialsurveycenter . com and there is no way out of it.

I think it probably occurred a few weeks ago when I was getting problems getting on to facebook - what I have found is that if I am already signed on to FB, then it hangs for ever and never finishes loading the page. However, I deleted the stored passwords today from Firefox browser and found this hijack. Btw it wasn't loading from Opera or IE8 either so the hijack is buried somewhere!

If I typed the direct 66.??? etc number in, then it does load ok initially, but if I close the tab and attempt to reopen using the same, it hangs again.

My anti-virus/spyware hasn't picked it up and I have also looked at all 'hosts' files and they haven't been modified since 2008 and appear to be blank.

I did download hijack this but it wasnt very informative.

I guess what I want to know is the most likely location for a file that tells www. facebook . com to redirect to this other url and how do I fix it?

ssandra · 02-19-2011, 04:53 PM

can you delete firefox and all its components and re-install it? That might solve the problem?

As well, clear the cache before you delete it.

sorter · 02-19-2011, 05:00 PM

Yeah, uninstall and reinstall firefox to a different directory.
Doesn't take long and it's worth a try.
Or does it happen on IE also?

Either way get
Sandboxie - Sandbox software for application isolation and secure Web browsing
and always run your browser in it.
If you get infected you just delete and recreate the sandbox.
No real system files get infected.

Best prog Microsoft hasn't stolen yet.
.

Brutha · 02-19-2011, 05:29 PM

Is this the same computer who had beforehand trouble to connect to facebook?
If it is it seems that you have some malware on the computer. As you live in Egypt it might be political.

If you have an internet connection that allows you to download big files I would recommend to download a life linux CD. At best a CD that also has Tor installed

Then run that CD and reset all your passwords. You don't need Tor for the resetting of your passwords but having a CD with Tor handy could help in future if you try to sent messages anonymously.

After you are done go back to the malware problem.
I think you should go to superuser.com and describe all the issues with being in Egypt and connecting with facebook. Say with AntiVirus/AntiSpyware products you have run.

I could imaging that there are a bunch of Western hackers who have an interest in the kind of malware that someone uses to prevent people in Egypt from accessing facebook.

If you have wrote up your problem for superuser.com you might also write EMail to the provider of your AntiVirus/AntiSpyware program.
Those people might be interested in malware that their program can't identify.

CoolBee · 02-19-2011, 09:43 PM

Ok thanks- a few good things to try there!
It's happening with all browsers on one computer, but using the same USB dongle internet connection, not happening on the other computer.
I did just have an idea to log on to the 'puter as a different user and see if happens then so I would have an idea whether it is in the documents and settings path somewhere.

Rezzy7 · 02-19-2011, 10:46 PM

I've seen many faux facebook sites when I've accidentally mistyped the url. They use the same colors and typefaces (fonts) as facebook and probably hijack the browser in some way. Once I've loaded the impostor page Firefox saves the url, which makes it easy to accidentally enter that url the next time unless it's deleted.

cacheborn · 02-20-2011, 05:50 AM

Also, be sure to use https instead of http. Reinstalling FF is a good idea.
You might also want to try Chrome. They have good security measures from what I hear.

Beuford · 02-20-2011, 11:31 AM

Something similar happened to me and I think I solved it with a system restore, however it might be too late for you since you said it has been a few weeks. I'm not sure how far they go back.

ragtag · 02-20-2011, 09:32 PM

Since it's happening in other browsers, re-installing Firefox probably won't make any difference. It's basically malware that is messing with the DNS on your machine. A DNS server is something that converts a domainname, like facebook.com, into a IP number (e.g. 69.63.189.16).

You can check this by opening the command prompt on Windows (Terminal on Mac and Linux), and enter 'ping facebook.com'. Facebook actually has three IP numbers, because they're huge, but it should be one of the following.

Name: facebook.com
Address: 69.63.189.16
Name: facebook.com
Address: 69.63.181.12
Name: facebook.com
Address: 69.63.189.11

You could also use something that traces what jumps are made. On windows you can try mturoute.exe - check the mtu values between you and a host It should start with your machine IP, your router/modem, your service provider and then some server out in the world.

That said, try installing and running Malwarebytes It often finds nasty software, that other virus killers have missed.

The AVG Rescue CD might also be worth a shot. It's a live CD, that includes AVG's virus scanner. The advantage about scanning this way, is that you're not running Windows when doing the scan, so that any system parts that may be corrupt and prevent other anti-virus from finding it, are not running, so can be found.

cacheborn · 02-21-2011, 05:53 AM

I don't know how I forgot this. FF has some great extensions which enhance your security.

Adblock

Noscript

WOT

In your case, Adblock and WOT should be able to tell you if the site is legitimate or fake.

Porphyos · 02-21-2011, 07:55 AM

Run an updated version of your anti-virus

sorter · 02-21-2011, 05:46 PM

Quote:

Originally Posted by ragtag

The AVG Rescue CD might also be worth a shot.

Tried it. Looks very cool, but alas, it can't find my hard drives.

Worked great on a USB drive I forgot to unplug.
.

redblacktree · 02-22-2011, 02:50 PM

This sounds like a problem with your hosts file. This is a local file on your computer that maps human-readable names to numeric addresses. Some malware has probably added an entry to your host file to direct facebook.com requests elsewhere.

More info: http://en.wikipedia.org/wiki/Hosts_(file)

Bradman · 02-23-2011, 04:28 PM

Sounds like a "fake-redirect" virus.

Try running malwarebytes - I've had success curing these types of problems with it.

Malwarebytes

Also, in my opinion you should be running a good security suite such as Norton Internet Security or Kaspersky, Make sure you get the suite and not just the anti-virus version - I've found it well worth it, no problems in two years using Norton...(knock on wood).

CoolBee · 03-03-2011, 06:34 AM

Ho hum.... faceboook. com was one issue .... took me forever to spot it! I blame wonky eyesight and a small screen..

I don't know how, but I ran the malwarebytes and it found 2 apparently unrelated problems, but seems to have speeded everything up!

Anyway, thanks for your advices chaps! Just glad to have a normally functioning FB again on this 'puter!

02-19-2011, 02:30 PM	#1 (permalink)
CoolBee Family Member Join Date: Feb 2009 Posts: 2,044	Facebook url hijacked On my other computer, my facebook URL has been hijacked. If I type www. facebook . com, then it gets redirected to something called socialsurveycenter . com and there is no way out of it. I think it probably occurred a few weeks ago when I was getting problems getting on to facebook - what I have found is that if I am already signed on to FB, then it hangs for ever and never finishes loading the page. However, I deleted the stored passwords today from Firefox browser and found this hijack. Btw it wasn't loading from Opera or IE8 either so the hijack is buried somewhere! If I typed the direct 66.??? etc number in, then it does load ok initially, but if I close the tab and attempt to reopen using the same, it hangs again. My anti-virus/spyware hasn't picked it up and I have also looked at all 'hosts' files and they haven't been modified since 2008 and appear to be blank. I did download hijack this but it wasnt very informative. I guess what I want to know is the most likely location for a file that tells www. facebook . com to redirect to this other url and how do I fix it?

02-19-2011, 05:00 PM	#3 (permalink)
sorter Senior Member Join Date: Oct 2010 Location: NYC Posts: 965	Yeah, uninstall and reinstall firefox to a different directory. Doesn't take long and it's worth a try. Or does it happen on IE also? Either way get Sandboxie - Sandbox software for application isolation and secure Web browsing and always run your browser in it. If you get infected you just delete and recreate the sandbox. No real system files get infected. Best prog Microsoft hasn't stolen yet. . Last edited by sorter; 02-19-2011 at 05:11 PM.

02-23-2011, 04:28 PM	#14 (permalink)
Bradman Senior Member Join Date: Feb 2011 Posts: 174	Sounds like a "fake-redirect" virus. Try running malwarebytes - I've had success curing these types of problems with it. Malwarebytes Also, in my opinion you should be running a good security suite such as Norton Internet Security or Kaspersky, Make sure you get the suite and not just the anti-virus version - I've found it well worth it, no problems in two years using Norton...(knock on wood). Last edited by Bradman; 02-23-2011 at 04:35 PM.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Facebook	moonrambler	Social & Relationships	37	06-21-2010 02:25 PM
IE8 has hijacked my computer	CoolBee	Technology & Technical Skills	8	11-17-2009 09:08 AM
Facebook	Footballman	Social & Relationships	11	06-11-2009 04:50 PM
I don't have a facebook	blaerG	Social & Relationships	14	02-09-2009 08:55 PM
Nutrition science has hijacked our meals	Erki	Health & Fitness	4	04-16-2008 01:32 PM

02-19-2011, 04:53 PM	#2 (permalink)
ssandra Banned Join Date: Oct 2008 Location: Mexico City Posts: 11,168	can you delete firefox and all its components and re-install it? That might solve the problem? As well, clear the cache before you delete it.

02-19-2011, 05:29 PM	#4 (permalink)
Brutha Family Member Join Date: Nov 2006 Location: Berlin, Germany Posts: 8,749	Is this the same computer who had beforehand trouble to connect to facebook? If it is it seems that you have some malware on the computer. As you live in Egypt it might be political. If you have an internet connection that allows you to download big files I would recommend to download a life linux CD. At best a CD that also has Tor installed Then run that CD and reset all your passwords. You don't need Tor for the resetting of your passwords but having a CD with Tor handy could help in future if you try to sent messages anonymously. After you are done go back to the malware problem. I think you should go to superuser.com and describe all the issues with being in Egypt and connecting with facebook. Say with AntiVirus/AntiSpyware products you have run. I could imaging that there are a bunch of Western hackers who have an interest in the kind of malware that someone uses to prevent people in Egypt from accessing facebook. If you have wrote up your problem for superuser.com you might also write EMail to the provider of your AntiVirus/AntiSpyware program. Those people might be interested in malware that their program can't identify.

02-19-2011, 09:43 PM	#5 (permalink)
CoolBee Family Member Join Date: Feb 2009 Posts: 2,044	Ok thanks- a few good things to try there! It's happening with all browsers on one computer, but using the same USB dongle internet connection, not happening on the other computer. I did just have an idea to log on to the 'puter as a different user and see if happens then so I would have an idea whether it is in the documents and settings path somewhere.

02-19-2011, 10:46 PM	#6 (permalink)
Rezzy7 Senior Member Join Date: Nov 2010 Location: West Coast USA Posts: 783	I've seen many faux facebook sites when I've accidentally mistyped the url. They use the same colors and typefaces (fonts) as facebook and probably hijack the browser in some way. Once I've loaded the impostor page Firefox saves the url, which makes it easy to accidentally enter that url the next time unless it's deleted.

02-20-2011, 05:50 AM	#7 (permalink)
cacheborn Family Member Join Date: Feb 2008 Posts: 6,439	Also, be sure to use https instead of http. Reinstalling FF is a good idea. You might also want to try Chrome. They have good security measures from what I hear.

02-20-2011, 11:31 AM	#8 (permalink)
Beuford Family Member Join Date: Jun 2009 Location: Australia Posts: 1,041	Something similar happened to me and I think I solved it with a system restore, however it might be too late for you since you said it has been a few weeks. I'm not sure how far they go back.

02-20-2011, 09:32 PM	#9 (permalink)
ragtag Senior Member Join Date: Nov 2006 Posts: 326	Since it's happening in other browsers, re-installing Firefox probably won't make any difference. It's basically malware that is messing with the DNS on your machine. A DNS server is something that converts a domainname, like facebook.com, into a IP number (e.g. 69.63.189.16). You can check this by opening the command prompt on Windows (Terminal on Mac and Linux), and enter 'ping facebook.com'. Facebook actually has three IP numbers, because they're huge, but it should be one of the following. Name: facebook.com Address: 69.63.189.16 Name: facebook.com Address: 69.63.181.12 Name: facebook.com Address: 69.63.189.11 You could also use something that traces what jumps are made. On windows you can try mturoute.exe - check the mtu values between you and a host It should start with your machine IP, your router/modem, your service provider and then some server out in the world. That said, try installing and running Malwarebytes It often finds nasty software, that other virus killers have missed. The AVG Rescue CD might also be worth a shot. It's a live CD, that includes AVG's virus scanner. The advantage about scanning this way, is that you're not running Windows when doing the scan, so that any system parts that may be corrupt and prevent other anti-virus from finding it, are not running, so can be found.

02-21-2011, 05:53 AM	#10 (permalink)
cacheborn Family Member Join Date: Feb 2008 Posts: 6,439	I don't know how I forgot this. FF has some great extensions which enhance your security. Adblock Noscript WOT In your case, Adblock and WOT should be able to tell you if the site is legitimate or fake.

02-21-2011, 07:55 AM	#11 (permalink)
Porphyos Senior Member Join Date: Feb 2011 Posts: 100	Run an updated version of your anti-virus

02-22-2011, 02:50 PM	#13 (permalink)
redblacktree Junior Member Join Date: Jan 2009 Posts: 9	This sounds like a problem with your hosts file. This is a local file on your computer that maps human-readable names to numeric addresses. Some malware has probably added an entry to your host file to direct facebook.com requests elsewhere. More info: http://en.wikipedia.org/wiki/Hosts_(file)

03-03-2011, 06:34 AM	#15 (permalink)
CoolBee Family Member Join Date: Feb 2009 Posts: 2,044	Ho hum.... faceboook. com was one issue .... took me forever to spot it! I blame wonky eyesight and a small screen.. I don't know how, but I ran the malwarebytes and it found 2 apparently unrelated problems, but seems to have speeded everything up! Anyway, thanks for your advices chaps! Just glad to have a normally functioning FB again on this 'puter!

Personal Development for Smart PeopleTM Forums

Personal Development for Smart People^TM Forums