chinese malware

[onebir]

i seemed to have picked some up:

whenever i point firefox or explorer at www.worldnomads.com

i get

www.tongxunqicai.cn

any idea how to get rid of it? i ran the ewido online spyware check, and it didn't pick it up...

it seems to be a different problem to the one in this thread - the worldnomads URL seems to be completely hijacked, and occasionally another chinese website gets substituted for the one i point the browser at...

[Quest]

Check your add/remove program list, uninstall suspicious programs. boot in safe mode, run msconfig, delete suspicious startup items. Boot in normal mode, run adaware/norton av/windefender/hijackthis you name it, all the available free spyware scanners. Use their remove functions to remove all malware then scan again. If something keeps coming back (usually hooked to a legit dll, or even the kernel--rootkit), find out what its malware name is, search google for solutions.

[md1101]

last resort.. format your computer. i have to do that occasionally,

speaking of malware does anyone else get random chinese bots trying to add to your msn list? i get them quite often after having been to china.. they post advertisements every now and again similar to the sms advertisements you get like "你记得我吗？那个晚上我没有勇敢和你谈谈。我 觉得你很可爱！请给13195555555。。。 打‘ etc.

[Quest]

Also, I would recommend the use of McAfee SiteAdvisor: http://www.siteadvisor.com/

It promptly labels sites you visit as well as search engine result links as safe, caution, dangerous etc. They also conduct analysis on how safe it is to give your email address to a site, what downloads from the site contain spyware etc.. check it out.

[darkprince]

*sighs*

Simple fix - don't use windows!!!!!!

whenever i point firefox or explorer at www.worldnomads.com

i get

www.tongxunqicai.cn

This just sounds like DNS redirection to me ... check c:windowssystem 32driversetchosts ...

The only entry in this file should be (or something like it)

127.0.0.1 localhost 

if you see anything else, delete it

[onebir]

thanks for all the suggestions guys...

it seems to have stopped doing it!

i have no idea why. only thing i can think of is that my free symantec coverage was running out, so i installed avast! anti virus and AVG anti spyware. AVG found some things, which i deleted, but they were just tracking cookies, which i didn't think could redirect my browser... :s

[Quest]

onebir, try the software explorer that comes with Windows Defender. If that doesn't work, try hijackthis -- it gives you a comprehensive list with auto-loaded items, you can go through the list(or post it) to identify potential problems.

[onebir]

Quest - thanks, but i meant the problem's gone!

[Quest]

Symptoms disappearing doesn't really mean your computer's clean.... I would still run those software just to make sure.

[beyaz]

hi also my website redirected to www.tongxunqicai.cn what shall i do?

Please help!

[Battosai]

DarkPrince said:

sighs*

Simple fix - don't use windows!!!!!!

Well said!

[badr]

Try erasing your cookies and cleaning your browser cache. It helps quite a bit.

For most of my serious browsing, I use Firefox 1.5 and I have it set up so that it automatically dumps all cookies when i close it. It's a bit of a pain because I have to log in to all the forums I spend time in but it's worth it.

[imron]

Speaking of Chinese malware, chinesepod just had a podcast about this in their advanced section if anyone is interested.

[JamesW]

I had a URL redirect to tongxunqicai.cn today using Firefox 1.5. I found that 'Tools->Clear Private Data...', and then clearing everything except 'Saved Passwords' removed the malicious redirect.