Browser redirects almost all of links to Adfoc.us

windows-7 google-chrome dns browser redirection

7,349

Google helped me: Some pages in Chrome always redirect to ransom page at http://system-check-fyeltkhn.in

Your router has been hacked and you need to fix your dns and upgrade the firmware

7,349

Amirreza Nasiri

Updated on September 18, 2022

Comments

Amirreza Nasiri over 1 year
Since yesterday, most of users in our region and as far as I know, many other peoples received a lot of link redirection. most of these redirection are going to adfoc.us website. this redirection happens after going to page (not exactly as you go to page) and new URL have no "Back" button.
I understood that the URLs which didn't visited yet are redirecting to adfoc.us websites so if we visit URL A and see the adfoc.us advertising once, we won't see it again if we go to URL A again.

What is the problem and how can I fix it? I use Windows 7 and Google Chrome browser and tried these:
- Scanning whole my drive for virus and other bad wares
- Disabling plug-ins and extensions
- Clearing DNS cache and other caches
- Using different DNS servers
Redirection example:
Original URL: http://isthisretina.com/
Redirected URL: http://adfoc.us/serve/?id=25497650908175

I also tried to ping the pages I never visited before like linuxmint.com here are the results:
Linuxmint.com: [213.175.215.218] Packets: Sent = 33, Received = 33, Lost = 0 (0% loss)
comodo.com: [91.199.212.176] Packets: Sent = 33, Received = 33, Lost = 0 (0% loss)

And also note that this redirections are stopped 3 hours ago and I don't know is it only for me or for other users, they stopped to.
- Stark over 9 years
  
  This happens in Italy too. It is happening on both mobile and desktop chrome browser, as far as I know. I tried this in 2 different networks. I thought it could've been ISP related, but since it is going on abroad, too... I am at a loss
- Admin over 9 years
  
  I have it in Sweden to. It has begun for two days now. I'm only using Mac software/hardwares. I cant understand why this happening. Any sugestions to a fix is very helpful..
- Thalys over 9 years
  
  Which region/ISP?
- Amirreza Nasiri over 9 years
  
  As I said, this problem occurs almost everywhere. But I'm in Iran and use local ISPs.
- Mario over 9 years
  
  Could you try to do a DNS lookup on a domain you certainly haven't visited so far? Write down the results, then try visiting that domain. If the redirects happen, you've got a domain for comparison with others. Just some examples you could try: frankfurt.de berlin.de munich.de comodo.com linuxmint.com eff.org
- Mario over 9 years
  
  Also, does the problem happen with other browsers? Internet Explorer for example?
- Matthew Walker over 9 years
  
  Further, I saw that the DNS addresses in the router I was using had been changed (read hacked). The primary address had been set to 94.249.192.82. The secondary address was set to the original primary address (8.8.8.8). The router is a TP-Link ADSL2+ Router.
- Matthew Walker over 9 years
  
  As @Mario suggested, I did a DNS lookup on frankfurt.de, a site I'd never visited. I'm not sure if I did this after the "redirection" had stopped. $ nslookup frankfurt.de ;; Got recursion not available from 94.249.192.82, trying next server Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: frankfurt.de Address: 62.96.236.95
- Matthew Walker over 9 years
  
  The last redirection before it stopped took me to www.aliexpress.com rather than adfoc.us.
- Matthew Walker over 9 years
  
  And finally, it appeared that content might also have been injected into our wordpress site; this stopped at about the same time the redirection stopped.
- Mario over 9 years
  
  @MatthewWalker Sounds similar to some worm/botnet being active right now. Better also check your wordpress installation for new/unknown (admin) accounts.
- Matthew Walker over 9 years
  
  In case this is useful to others, I moved the Mac laptop to another wifi network and I'm still experiencing similar issues, so the problem is not limited to the DNS settings on the router. Opening the top ten links for "adfoc.us popup" in Google sends me to adfoc.us for three of the ten pages in Chrome, but when doing the same thing in Safari no page redirects occur.
- Matthew Walker over 9 years
  
  The three pages that were redirecting had "waiting for adultcameras.info" in the status bar at the bottom of Chrome when the about-to-be-redirected page had almost finished loading. Looking at Chrome's Developer Tools indicated that when the redirection didn't occur it was because adultcameras.info was not returning a response. I used Settings > Advanced Settings > Reset Settings to return Chrome to its factory default settings. Reloading the same ten pages showed that none were attempting to communicate with adultcameras.info. Thus this seems to be the answer.
- Amirreza Nasiri over 9 years
  
  @MatthewWalker what do you think about the settings? which of them may cause this problem?
- Matthew Walker over 9 years
  
  @AmirrezaNasiri I'm sorry but I can no longer analyse this as the use of Reset Settings seems to have completely removed the problem. I too would be interested to know what settings had been compromised. I can say that before I used Reset Settings I tried clearing all but Google from the Settings > Search > Manage Search Engines. That had no effect.
- Matthew Walker over 9 years
  
  @AmirrezaNasiri Further, before resetting there was only one extension in Chrome, Google Docs 0.7. I doubt this was the problem.
- Amirreza Nasiri over 9 years
  
  @MatthewWalker I have this extension (v 0.7) to. let see if other people have this extension or not.
- Matthew Walker over 9 years
  
  @AmirrezaNasiri Chrome on my work laptop (Windows 7) has Google Docs 0.7 installed too. I've just run the same test (the top ten pages returned for "adfoc.us popup") on my work laptop that I ran on the Mac and none of the pages redirected to adfoc.us. I think that eliminates any concerns regarding the Google Docs extension.
Kunwar over 9 years

Redirection happens if there's a server in between altering DNS requests or if the DNS it self is redirecting you. DNS is the server which coverts the URL in to server IP or helps locate the server.
Amirreza Nasiri over 9 years

No, they don't. I tried google's public dns before and even other browsers but no result. I really have no idea why is going on.
Kunwar over 9 years

Okay try using Zenmate... also can you paste a trace route to that website and a screen shot of what you are getting with URL so that I can test things on my end to see if I can help you with this.
Amirreza Nasiri over 9 years

Ok, I edited the question.
Amirreza Nasiri over 9 years

As I said, I tried doing this and it's not ONLY my problem. I know a lot of people which have this problem since yesterday or two days ago so I think this problem can not be happened by a single plugin.
Amirreza Nasiri over 9 years

Nop. It didn't because we use safest methods to protect our network and things like modems. in other hand, It's no only my modems problem as I said, a lot of people have this problem these days.
Mario over 9 years

@AmirrezaNasiri Just because others have that problem as well doesn't mean it's nothing on your local PC. It might be some hijacker hiding itself using rootkit technology. Possibly distributed through some local news site that got hijacked or similar.
Amirreza Nasiri over 9 years

@Mario the problem is going wider. now, a lot of more people have this problem all over our country and as I know, in other countries to. Is it possible that the problem is with the modems? I mean, the problem is not from our system, DNS and the servers so I think this is from modems firmware which changed for most of users at a specific time! or something similar.
Amirreza Nasiri over 9 years

Stark, have you installed Google Docs 0.7 on your chrome?