One Particular Url Takes Me To The Wrong Place

Discussion in 'Malware Help (A Specialist Will Reply)' started by tmdowling, Jun 28, 2007.

  1. tmdowling

    tmdowling Private E-2

    Could this be some sort of very subtle infection?

    A friend has just created a new subdomain of his existing site. If I go to http://www.newsubdomain.existingsite.com, I see the host's generic "new site will be available soon" message. BUT if I go to http://newsubdomain.existingsite.com (that is, the same address, but without the leading "www."), I wind up on the site for some perfectly innocent-looking automotive specialty parts distribution company.

    (It looks like they mostly sell to retailers, not the public, so it makes no sense at all for them to be complicit in this apparent hijacking, although someone could have put something malicious on their site, I guess.)

    My computer is a laptop running WinXP Pro. AVG, Spybot and Ad-aware scans find nothing amiss. The machine has no other symptoms of any kind of infection, afaict.

    This problem shows up regardless of whether I use Firefox or IE, but another machine on my home-network does NOT have this problem, so I know it's not a case of my ISP's DNS cache having been poisoned. I did run ipconfig /flushdns from a command prompt; that didn't fix it.

    Could this just be some simple corrupted record somewhere, or must we conclude a malware infection?

    TIA!!!
     
    tmdowling, Jun 28, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Jun 28, 2007
    #2
  3. tmdowling

    tmdowling Private E-2

    Interesting tool. The parts I could understand looked clean, but there was plenty I didn't understand. I hope you can find something useful here.

    Thanks!
     

    Attached Files:

    tmdowling, Jun 28, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your log does not show any problem with the Default Prefix setting which could cause problems like this. If this does not happen for anything else, it is probably not malware. For example, did you try:

    www.google.com and google.com to see what happens.


    I do notice an unexpected setting in your log though. Why is the below setup?


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
    "Dnscache"=dword:00000002
     
    chaslang, Jun 28, 2007
    #4
  5. tmdowling

    tmdowling Private E-2

    Yep -- as my subject line says, it's just this one URL, as far as I can determine. For all other sites I've tried, the www version of the address takes me to the same place as the non-www version.

    Eh. I'm pretty sure that reflects a change I made in MSConfig when messing around trying to correct, or at least diagnose, the problem. I've put it back.

    SO, bottom line: You don't know the reason for the problem, but you don't think it's anything malicious? Sigh. Do you suggest I go through all the steps in the MajorGeeks Malware Removal Guide, so that I can run a Hijack This report? Or ... anything else?

    Thanks for your efforts!
     
    tmdowling, Jun 28, 2007
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's correct. Malware rarely would do something like this that affects only one site and if it did do it, it would be big name, high-access site. You could try doing the below just to see if it has any effect.

    Download HostsXpert and then follow the below steps.
    • Unzip HostsXpert.zip
      [*]It will create a folder named HostsXpert in whatever folder you extract it to.
      [*]Run HostsXpert.exe, click Restore Microsoft's Hosts File and then click OK.
      [*]Click the X to exit the program

     
    chaslang, Jun 29, 2007
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds