comicblast Posted April 11, 2015 Posted April 11, 2015 Hey I tried looking for that thread, and cant find it, could you post the link for me? Thanks. http://community.brickpicker.com/topic/13728-lot-calculator-and-ali-express/ Quote
Huskers1236 Posted April 11, 2015 Posted April 11, 2015 I had the same issue this morning and have never touched ali express so I'm wondering how this is infiltrating computers? I was able to get rid of it with clearing my browser and updating my router but it was really annoying although I did go ahead and pick up some hair extensions for myself since they were real hair. Go real or go home. Quote
gregpj Posted April 11, 2015 Posted April 11, 2015 I had the same issue this morning and have never touched ali express so I'm wondering how this is infiltrating computers? I was able to get rid of it with clearing my browser and updating my router but it was really annoying although I did go ahead and pick up some hair extensions for myself since they were real hair. Go real or go home. It's browser hijacking virus plain and simple. It's not necessary to visit Ali express to get it just to visit a site passing it around. The anti virus and anti malware companies seem to be really slow on the uptake with this one. For some reason it likes something BP is doing with the price guides as a target. Three things to look for... 1) changed DNS settings on your computer or router 2) weird add ons installed in your browser 3) unknown processes running on our computer If you find any odd items from 2 & 3 Google them to find out what they are. Quote
Neosphinx Posted April 11, 2015 Posted April 11, 2015 All back to normal. Didn't clear cache or anything. Quote
MartinP Posted April 11, 2015 Posted April 11, 2015 Three things to look for... 1) changed DNS settings on your computer or router 2) weird add ons installed in your browser 3) unknown processes running on our computer If you find any odd items from 2 & 3 Google them to find out what they are. My computer is running perfectly fine, except for today when I got the redirect to Ali Express. I checked everything that would signal me to believe that it was some-sort of virus on my computer, and I even ran a few anti-malware scans, but I found nothing. This leads me to believe that it's some-sort of bad cookie that's being passed around somehow on Brickpicker. Now, I trying to figure out how I got it. Quote
Jeff Mack Posted April 11, 2015 Posted April 11, 2015 This leads me to believe that it's some-sort of bad cookie that's being passed around somehow on Brickpicker. Now, I trying to figure out how I got it. Umm, please don't start some rumor now that its bad cookies here on brickpicker. That is not a fair thing to say if you don't know its true. If that is the case then why is everyone not getting it. Same cookies are shared throughout the site. Quote
MartinP Posted April 11, 2015 Posted April 11, 2015 Umm, please don't start some rumor now that its bad cookies here on brickpicker. That is not a fair thing to say if you don't know its true. If that is the case then why is everyone not getting it. Same cookies are shared throughout the site. I agree. I don't know if it's true or not. I'll PM you if I find anything interesting. Quote
Guest betsy805 Posted April 11, 2015 Posted April 11, 2015 Alrighty.. 1) Control Panel > Network and Internet > Network Connections 2) Right click your Local Area Connection or Wireless Network Connection (whichever you're using) 3) Select Properties 4) Go to the IP4 row, select it and click the properties button. You should see that both sections are set to automatic. 2015-04-10_2247.png If you don't see that, then please share what you see. If you do see that, you could put in 8.8.8.8 for the Preferred DNS Server (it's a Google server, it's safe) but if your other computers and tablets are messed, I expect you're seeing "automatic" as the current option. Next step will be to determine if your router was compromised. I have same problem and same OS. Can't put 8.8.8.8 as DNS server because it say's it's not a valid address? Cleared cookies and browsing history, and ran adwcleaner. GAH! Quote
Guest betsy805 Posted April 11, 2015 Posted April 11, 2015 Finally got it resolved. Had to reboot my router. Quote
gregpj Posted April 12, 2015 Posted April 12, 2015 Finally got it resolved. Had to reboot my router. Good to know... I'll have to consider why this matters. Hmmmm. Quote
Guest betsy805 Posted April 12, 2015 Posted April 12, 2015 Good to know... I'll have to consider why this matters. Hmmmm. Your guess is better than mine....I had to google what a router was! I'm just glad that annoying hair extensions page is gone Quote
Grynn Posted April 12, 2015 Posted April 12, 2015 FWIW, I have had this happen to me today twice so far also. Never seen the hair extension page or any Ali(baba) express stuff previously. I keep my computer quite clean of all garbage. The only remotely related action I've taken is clicking a link from one BP thread to another to read about the situation others were having today. That was shortly prior to it first infiltrating my activity. The first time, I was navigating to a price guide set entry from the BP home page when I was redirected. The second time, just now, after having closed and reopened chrome hours earlier, I was navigating from one price guide set entry to another when I was redirected. "Back" followed by a second attempt got me safely to my destination without any hijack this time. Quote
gregpj Posted April 12, 2015 Posted April 12, 2015 Your guess is better than mine....I had to google what a router was! I'm just glad that annoying hair extensions page is gone Ok, a little more research... 1) Reset your router to factory default settings. 2) Login to your router and disable remote administration. 3) Change the administrator password!!! So if you reset the router, please look into how to disabling remote administration and change the admin password. Quote
Guest betsy805 Posted April 12, 2015 Posted April 12, 2015 Ok, a little more research... 1) Reset your router to factory default settings. 2) Login to your router and disable remote administration. 3) Change the administrator password!!! So if you reset the router, please look into how to disabling remote administration and change the admin password. The remote management line already shows 'disabled', but I just changed the admin password. Thanks! Quote
gregpj Posted April 12, 2015 Posted April 12, 2015 Cookies also aren't passed from computer to computer... they also just store information so the cookie could simply be storing the ali express url. There appears to be two scenarios at play: 1) Browser hijacks via unapproved add-ons. 2) Router's having their primary DNS entry overwritten with rogue entries. So check your computer for strange processes and your browser/ for strange add-ons and then either manually check your router's settings or reset it and then disable remote administration and change that default password! Quote
gregpj Posted April 12, 2015 Posted April 12, 2015 The remote management line already shows 'disabled', but I just changed the admin password. Thanks! Fingers crossed! Let us know if it comes back! Quote
diablo2112 Posted April 13, 2015 Posted April 13, 2015 I'm far from a computer expert, and the extent of my Network knowledge is limited to thinking Sylvestor Stallone should have won the Oscar over Peter Finch. But I do know this. There is no such thing as a bad cookie. Even the sugar free have merit, if you're munchie desperate. Quote
gregpj Posted April 13, 2015 Posted April 13, 2015 I moved a bunch of posts from the Brickfolio and Price Guide Thread here to keep the discussion about redirect and other search problems in one place. First the summary... If you are getting redirected to other sites while navigating BrickPicker, your computer or home router has been infected by a virus known as a browser/search hijacker. These virus' will intercept your "clicks" that bring you to another web page (internal or external to the current website, doesn't matter). The nitty gritty... It appears that this particular virus has a few variants - adfoc.us, activities.aliexpress.com, etc. It is also really good at choosing different names for it's installed program or installed add-on. I have yet to find the source, but all things point to some "bad" links being posted in a forum post somewhere that people have clicked on... once you've clicked, it seems antivirus and malware programs have been slow on the uptake to fix it this time around (for those curious, this type of exploit is discussed on internet forums as far back as 2010). Note: If you don't know how to reconfigure your router, seek the help of your favorite IT nerd. If you don't have the manual for it, Google the model now to find and save the instructions. The solution... if simply clearing your browser's cache and cookies doesn't work (a safe first step) as best I can figure right now. 1) Disconnect all computers from the internet (don't worry about phones or tablets, but it doesn't hurt to turn them off). Turn OFF the wireless connection, or Unplug ethernet cables Go through the list of installed browser plug-ins and installed programs to see if any just don't make sense. The list of potential candidates is too long to mention, but generally the names are poorly constructed, rip-off names from other well-known companies or literally scream fake (examples I'm making up TruSearch, MyAdFilter, etc). 2) Find your home router, RESET it to factory default settings. Rebooting will not necessarily work. If you use the router supplied by your internet provider, please ensure that: You know the username and password to log back in. You know how to set it up properly ... If it provides your home internet & TV this may be less straightforward than an off the shelf router. Routers should have a small pin-hole type reset switch on the back of them near the power cable plug. Leave it connected to the power, insert a paper clip into the hole and hold the button until the lights on the front flash indicating it was reset. 3) Go to each computer in your house and do the following to reset the IP/DNS settings on your computer. (OS Note: I'm a windows guy, so I'm providing instructions for Windows 7 but the procedure is similar for other OSes) Go to Start -> Control Panel -> Network and Internet -> Network and Sharing Center Click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties. On the Networking tab, select the Internet Protocol Version 4 (TCP/IPv4) item and click Properties Under General tab: Select "Obtain an IP address automatically". Select "Obtain DNS server address automatically". Save all your changes and reboot your computer if you changed anything. 4) After saving or rebooting, you need to flush the DNS cache: Open a command prompt by clicking the "start" button and typing cmd.exe into the search box. Press enter when windows finds the match, Type ipconfig /flushdnsat the prompt, press enter then close the command prompt. Repeat 3 & 4 on all computers in your house before the next steps. 5) Reconnect one computer to the internet, i.e. turn on the wireless connection or plug the ethernet cable back in. Connect to your router from your browser (pull out that saved instruction manual) and make the following changes: Change the default administrator password!! Turn off remote administration (this isn't the same as what you are doing now). Note: Every router brand is different, so there are no generic instructions for this step. Reconnect to the internet by entering your username and password now. Reconnect all the other computers. Install a GOOD antivirus program (anti-malware not so much). You should be good to go.... A bit of advice for future. - If this happens again, you may have cheated on one of the above steps, clicked the malicious link again or still have not removed the offending virus from the infected computer. - If you're relying on the router supplied by your internet provider, you shouldn't. Often we aren't allowed to administer them... but they are vulnerable too. Buy a good third party router and connect your router to the supplied router. Then connect devices in your home to the one you just bought. That way, you have better control over your home network at all times. - Don't trust unknown malware removal programs. Always Google the product name and add "review" or "feedback" or "scam" (etc) to see if it is legit before installing it. I hope this helps someone. Credit to many other internet sites who've tried to document this where the big corps have failed. 1 Quote
Jeff Mack Posted April 13, 2015 Posted April 13, 2015 Nice post greg, great detail on all that. Before anyone does anything like this, is anyone that has had this issue still having it? Quote
exciter1 Posted April 13, 2015 Posted April 13, 2015 Yes, I still have the issue. I haven't reset my router yet. It hit me immediately on the first page when I clicked on "View My Collection" in the Brickfolio. Quote
zobel0022 Posted April 13, 2015 Posted April 13, 2015 I second that of exciter, on the brick folio page Quote
Jeff Mack Posted April 13, 2015 Posted April 13, 2015 I can't get this thing to trigger. I am trying over and over again to see something. If someone has the ability, can you make a screencast of it happening and PM me the link? Quote
Elkkthunder Posted April 13, 2015 Posted April 13, 2015 Hbd this happen on my ipad Thought they were less buggy Quote
gregpj Posted April 13, 2015 Posted April 13, 2015 Hbd this happen on my ipad Thought they were less buggy They do work in a sandbox so they typically don't hold onto a potential virus, but this thing also seems to be able to exploit router weaknesses and I can't say whether it can do it through an iPad or not. I can't get this thing to trigger. I am trying over and over again to see something. If someone has the ability, can you make a screencast of it happening and PM me the link? I've tried too and it doesn't make any sense. Part of me wants to turn down my router's security to try it and part of me doesn't. Quote
Jeff Mack Posted April 13, 2015 Posted April 13, 2015 Hbd this happen on my ipad Thought they were less buggy So in the last 10 minutes you had this happen to you? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.