Got a challenge/mystery -- browser/website redirect

By Macgyver56 ยท 23 replies
Dec 7, 2013
Post New Reply
  1. Greetings!

    Let me start by saying that what I am about to describe is NOT a malware/virus problem. It *does* involve a browser being redirected to the wrong website, but we have checked repeatedly and to the best of our abilities, we have ruled out malware or viruses.

    Windows 7 desktop. Internet access is through ethernet wired through a router that also provides wireless access to other devices in the house.

    What we have is a single computer in the house (out of 2 desktops, 1 laptop, and 1 tablet) that cannot reach a single, specific website (an SMF forum) using Internet Explorer or Chrome. It *CAN* get there using the AOL browser. What happens with IE and Chrome is that the browsers are redirected to another (non-malicious, as far as we can tell) website that resides at the same webhosting service as the website we are trying to reach.

    Tracerts and Pings go to the correct site. Other users (as in people all over the country) can reach the correct site. Other computers in the same household go to the correct site using both wired and wireless access.

    This appears to be a very computer-specific problem. It does not seem to be an IP problem (because the other computers in the house are not encountering it), and it is not a website or network problem because no one else is running into the problem.

    Any thoughts?

    The only other piece of information that seems pertinent is that back in July, this same computer suddenly could not reach the "target" website at all, no matter what browser was being used. All browsers would stall and time out, or give a "website can not be found" type of message. Tracerts and pings failed completely. The tracerts said that the website could not be resolved and never generated even a single hop.

    At the time, we consulted a number of people and the only explanation that seemed like it might have merit is that it might have something to do with the MAC address. Someone else suggested that it had to do with TCP/IP settings. We never got it fixed. The problem just half-corrected itself about two weeks ago, and then went sideways to the current situation.

    What's different between IE & Chrome versus the AOL browser that could explain this?

    If you have an idea, please use dummy talk. I'm fairly good with computers, but networking and IP protocols baffle me. ;)


  2. jobeard

    jobeard TS Ambassador Posts: 11,138   +985

    Login as a Admin on that system.
    Get a command prompt and enter these two commands:
    ipconfig /flushdns
    net stop "dns client"
    quit the browser and restart it. Now access a good site (aka this one) and then a site you are having issues with.

    What's the results?
  3. Macgyver56

    Macgyver56 TS Enthusiast Topic Starter Posts: 25   +6

    Result was that IE and Chrome no longer go to the incorrect website. But they also do not make it to the correct "target" website. Both browsers say "waiting for <website>" and never get there.

    We did a tracert and a ping, and both reached the correct, intended website that IE and Chrome will not reach. (The AOL browser still gets there.) The tracert goes right to the correct server and IP. The ping showed 4 packets sent and received, 0% lost.
  4. Macgyver56

    Macgyver56 TS Enthusiast Topic Starter Posts: 25   +6

    And now, several hours later, the browsers are going to the wrong website again. Baffling.
  5. jobeard

    jobeard TS Ambassador Posts: 11,138   +985

    Empty browser cache and delete all cookies
    (again, stop the dns client; it's ok if it reports not started - - that should still be the casue unless you rebooted)
  6. Macgyver56

    Macgyver56 TS Enthusiast Topic Starter Posts: 25   +6

    Same result as last time. We had rebooted, so we had to stop the DNS client again. Initially it stopped the browsers from going to the 'wrong' site, but they still would not reach the correct target website. After several hours, IE and Chrome began landing on the wrong site again. We've tried clearing caches, cookies, doing DNS flushes a number of times. Restarted everything from the wall to the computer several times.

    What baffles me is why a tracert and a ping go to the correct place, but two out of three browsers do not. And the third browser (AOL's) goes to the correct website.

    Does AOL's browser use a different set of proxy settings from IE and Chrome? I've been assuming they all use the same settings, since those are usually system-wide.
  7. jobeard

    jobeard TS Ambassador Posts: 11,138   +985

    You are correct, TCP & DNS are system-wide and the symptom clearly shows IE & Chrome are impacted by something in those browsers. Have you attempted to disable ALL add-ons and extensions?

    For grins, try downloading Firefox using AOL, install it and you can easily disable all add-ons there.
  8. St1ckM4n

    St1ckM4n TS Evangelist Posts: 2,922   +630

    Interesting thread, subbing.

    Sorry to point out the obvious, but have you checked the hosts file? And is the target website using IPv6 by any chance?
  9. Benmar

    Benmar TS Enthusiast Posts: 32

    Try to uninstall your browser then install it back hope it works.
  10. jobeard

    jobeard TS Ambassador Posts: 11,138   +985

    The stopping of the DNS Client makes the host file irrelavent and unreferenced :)
    St1ckM4n likes this.
  11. Macgyver56

    Macgyver56 TS Enthusiast Topic Starter Posts: 25   +6

    Verified that all add-ons and extensions were disabled in IE and Chrome. They still go to the wrong site.

    Firefox with all add-ons disabled (it's actually a clean, pretty much unused install that we added when all of this started) also gets directed to the wrong site.

    Also re-checked the Restricted Sites in Internet Options/Security this morning (because we're having a Grasping-At-Straws kind of morning). That's completely empty.

    IPv6 -- Nope.

    Part of what makes all of this interesting is that the correct target site and the incorrect "misdirect" site are both hosted by the same webhosting company, in the same data center, using identical hardware. They're on different cloud servers, but the tracert for each one is identical until the very last hop which takes it to the server.

    And no, the computer's IP is not banned by the server. First thing I checked. ;)

    Does Safari (for Windows) handle TCP and DNS any differently than other browsers? Would it yield any interesting results to install that, or is it just going to duplicate using Firefox?
  12. jobeard

    jobeard TS Ambassador Posts: 11,138   +985

    No, Safari is just like every other browser in this respect.
    BTW: Last I looked, it was discontinued.

    your comment " incorrect 'misdirect' site are both hosted by the same webhosting company," is interesting. Is that the only site that is misdirecting from your PC? Try some of these:
  13. Macgyver56

    Macgyver56 TS Enthusiast Topic Starter Posts: 25   +6

    Yes, it is a single website that is the problem. The computer can reach every other website (that we've ever tried to visit) without a problem.

    When it is not being misdirected (for instance, when we flushed the DNS cache and then stopped the DNS client), it just stalls and never reaches the correct website. Three browsers out of four can't seem to find the website ... and yet a tracert and a ping get there okay, and the AOL browser can get there.

    It is computer specific, and website specific. Other computers in the house, using the same IP and same router are not having a problem.

    Network card? Something with the MAC address?
  14. jobeard

    jobeard TS Ambassador Posts: 11,138   +985

    No, not hardware (else could not access anything).

    Site+System pair have a specific problem. Could you share the site URL causing this symptom?
  15. Macgyver56

    Macgyver56 TS Enthusiast Topic Starter Posts: 25   +6

    Website we are trying to reach: www(dot)terrafirmascapers(dot)com

    Website the browsers reach: www(dot)red-rubber-digitals(dot)com
  16. jobeard

    jobeard TS Ambassador Posts: 11,138   +985

    Those are VERY different domains (from the standpoint of DNS/TCP; not just web content)
    and my {IE, Chrome, Opera & FF} browsers have no issues
    (even with multiple cycles of: launch, access, quit, ... repeat} showing cookies and site are not the issue.

    The infamous hosts file is located at:
    • \windows\system\drivers\etc hosts
    dbl-click on hosts and use the notepad to open it

    you can use "find" to look for terrafirmascapers but I doubt it will be present.
    If it is, you will need to get out of notpad; use attrib -r hosts and then re-edit the file.
    After you modify the hosts, you must do this (under and admin login) to make the changes effective:
    • ipconfig /flushdns
    • net stop "dns client"
    • net start "dns client"
    quit any existing browser and try again

    Frankly, I doubt hosts or DNS have anything to do with your issue and would begin to suspect
    malware in your browser (eg toolbars).

    Have you installed anything lately and just click ACCEPT without looking to see if there were any extra software being installed?
  17. Macgyver56

    Macgyver56 TS Enthusiast Topic Starter Posts: 25   +6

    We've been through the computer repeatedly, trying to find some kind of malware that would do this. We haven't found anything yet. I'm not saying there definitely isn't anything there ... only that we've scanned with a number of good malware detectors and haven't found anything. And this is the ONLY redirect that we are encountering. It seems like malware would be affecting more than a single website.

    We'll try this latest.

    Thanks for all your brainstorming and help. I'd absolutely hit the wall with this. Like I said ... totally baffled. :eek:
  18. Macgyver56

    Macgyver56 TS Enthusiast Topic Starter Posts: 25   +6

    We're abandoning the DNS/TCP/network line of investigation. We decided to assume that there's a browser redirection virus percolating in there somewhere, even though it hasn't shown itself in any overt way, and we're going to go after that.

    jobeard, thank you so much for your time and advice.
  19. Macgyver56

    Macgyver56 TS Enthusiast Topic Starter Posts: 25   +6

    Came back to say that it was the host file. :)

    We both could have sworn we checked that early in the process, so when we got your last recommendation, jobeard, we decided to go in search of some kind of virus or malware instead. (Silly us.) We spent an entire day running scans, and came up with nothing. The good news is, we know the computer is clean as whistle, inside and out.

    Finally, when that failed, we came back to this discussion and went back to the host file. Ta da! There it was. A bad entry.

    Thanks again. We never would have solved it without your help.
  20. jobeard

    jobeard TS Ambassador Posts: 11,138   +985

    Guess we should have started there, sigh.
  21. Macgyver56

    Macgyver56 TS Enthusiast Topic Starter Posts: 25   +6

    I'm the one who led us very firmly down the path of not looking for the more obvious answer. I really thought we had checked the host file. In fact, I still think we checked it at some point in the process. I don't know if we missed something or if the host file changed at some point, but I *know* that at some point in this we were in there looking for a bad entry.

    On the bright side, I learned some new stuff. Thanks again.
  22. jobeard

    jobeard TS Ambassador Posts: 11,138   +985

    Set attrib -r hosts
    to keep it safe
  23. St1ckM4n

    St1ckM4n TS Evangelist Posts: 2,922   +630

    * Points at post #8* :p

    But I wonder why the stopping of DNS client didn't make it obsolete? Perhaps it was just a mix of lots of variables while testing.
  24. jobeard

    jobeard TS Ambassador Posts: 11,138   +985

    ME TOO!

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...