Redirected to Russian double glazing site!

  Hudson 11:48 26 May 09
Locked

I'm finding that when I try to visit the home page of any major UK bank, I land at the website of a Russian double glazing firm (always the same one). It only happens on one of my PCs. Ad-Aware found various bits and pieces (mostly cookies) which I removed, but it's made no difference. AVG finds nothing. Any ideas?

  Sea Urchin 12:06 26 May 09

Try downloading, updating and running Malwarebytes

click here

and SuperAntiSpyware

click here

  Hudson 15:57 26 May 09

I've run both those programmes and removed or quarantined everything they found - but still the Russian double glazing (why double glazing?).

Typing the numerical IP address for a bank in the address field gives a 'not found on this server' error message, though the correct URL appears in the address field.

The problem happens in both Internet Explorer and Firefox, running under Windows 2000.

  Sea Urchin 16:48 26 May 09

It sound as though you are being hijacked - does it happen on any other sites or just UK Banks?

I would suggest running Malwarebytes again to check that it is clean, and also SuperAntiSpyware in safe mode for the same reason. It's usually a good idea to run anti-spyware programs repeatedly until they come up all clear.

  provider 2 16:48 26 May 09

I would have thought running Widows 2000 still, is bound to be a bit risky security-wise, but have you checked out Ms`s suggestions? click here

  Hudson 18:59 27 May 09

I've put a stop to the problem and have a theory about how it arose.

I ran a search for files containing the word 'barclays' on the C drive. This returned a number of files, mostly with today's date and reflecting the fact that I'd been using Barclays Bank's URL to test the problem. However, there was also one file called 'hosts' dating from November 2008 - when the computer belonged to a technophobe friend of mine. (Malware doesn't exist in her belief system.) Renaming the file, which contained a long list of URLs of financial institutions, all assigned to the double-glazing firm's IP address, stopped the problem.

The last line gave a different IP address and assigned it to Kaspersky's Russian-language URL. For obvious reasons I haven't tried it, but somehow I don't think it would take me to the Kaspersky website.

When I was given the computer (my friend buys a new computer whenever the My Documents folder gets confusing - she currently has five) I ran AVG and found three viruses. My guess is that one of them replaced the official Windows 'hosts' file with the one I found.

I agree that running Windows 2000 is not really desirable. I only use it about 5% of the time, and almost never for the Internet. I'm dual-booting with Puppy Linux on that PC. It's an ancient Sony notebook I'm now able to use as a handy little netbook, thanks to Puppy - I can get online in 75 seconds from cold (Windows 2000: eight minutes).

Thanks for all the advice, which I followed to the letter. I'm sure the PC is now more secure as a result.

I'm not yet marking this thread as resolved because if anyone knows how the 'hosts' file got replaced I'd be interested to hear.

This thread is now locked and can not be replied to.

Sony Xperia XZ Premium review: Hands-on with the new 4K HDR phone with Motion Eye camera and Snapdr5…

1995-2015: How technology has changed the world in 20 years

Best laptop for design and art 2017: we test Apple, Dell, HP, Lenovo and Microsoft's best models…

CarPlay tips & troubleshooting guide: CarPlay tips & troubleshooting guide: Get the most from…