Jump to content

LOT Calculator / Brickfolio and Ali Express


Recommended Posts

I had the same issue this morning and have never touched ali express so I'm wondering how this is infiltrating computers?  I was able to get rid of it with clearing my browser and updating my router but it was really annoying although I did go ahead and pick up some hair extensions for myself since they were real hair.  Go real or go home.

Link to comment
Share on other sites

I had the same issue this morning and have never touched ali express so I'm wondering how this is infiltrating computers? I was able to get rid of it with clearing my browser and updating my router but it was really annoying although I did go ahead and pick up some hair extensions for myself since they were real hair. Go real or go home.

It's browser hijacking virus plain and simple. It's not necessary to visit Ali express to get it just to visit a site passing it around. The anti virus and anti malware companies seem to be really slow on the uptake with this one. For some reason it likes something BP is doing with the price guides as a target.

Three things to look for...

1) changed DNS settings on your computer or router

2) weird add ons installed in your browser

3) unknown processes running on our computer

If you find any odd items from 2 & 3 Google them to find out what they are.

Link to comment
Share on other sites

Three things to look for...

1) changed DNS settings on your computer or router

2) weird add ons installed in your browser

3) unknown processes running on our computer

If you find any odd items from 2 & 3 Google them to find out what they are.

My computer is running perfectly fine, except for today when I got the redirect to Ali Express. I checked everything that would signal me to believe that it was some-sort of virus on my computer, and I even ran a few anti-malware scans, but I found nothing. This leads me to believe that it's some-sort of bad cookie that's being passed around somehow on Brickpicker. Now, I trying to figure out how I got it.

Link to comment
Share on other sites

This leads me to believe that it's some-sort of bad cookie that's being passed around somehow on Brickpicker. Now, I trying to figure out how I got it.

 

Umm, please don't start some rumor now that its bad cookies here on brickpicker.  That is not a fair thing to say if you don't know its true.  If that is the case then why is everyone not getting it.  Same cookies are shared throughout the site.  

Link to comment
Share on other sites

Umm, please don't start some rumor now that its bad cookies here on brickpicker.  That is not a fair thing to say if you don't know its true.  If that is the case then why is everyone not getting it.  Same cookies are shared throughout the site.  

I agree. I don't know if it's true or not. I'll PM you if I find anything interesting.

Link to comment
Share on other sites

Guest betsy805

Alrighty..

 

1) Control Panel > Network and Internet > Network Connections

2) Right click your Local Area Connection or Wireless Network Connection (whichever you're using)

3) Select Properties

4) Go to the IP4 row, select it and click the properties button.

 

You should see that both sections are set to automatic.

 

attachicon.gif2015-04-10_2247.png

 

If you don't see that, then please share what you see. If you do see that, you could put in 8.8.8.8 for the Preferred DNS Server (it's a Google server, it's safe) but if your other computers and tablets are messed, I expect you're seeing "automatic" as the current option.

 

Next step will be to determine if your router was compromised.

I have same problem and same OS.  Can't put 8.8.8.8 as DNS server because it say's it's not a valid address?  Cleared cookies and browsing history, and ran adwcleaner.  GAH!  

Link to comment
Share on other sites

Guest betsy805

Good to know... I'll have to consider why this matters. Hmmmm.

Your guess is better than mine....I had to google what a router was!  I'm just glad that annoying hair extensions page is gone :)

Link to comment
Share on other sites

FWIW, I have had this happen to me today twice so far also. Never seen the hair extension page or any Ali(baba) express stuff previously. I keep my computer quite clean of all garbage. The only remotely related action I've taken is clicking a link from one BP thread to another to read about the situation others were having today. That was shortly prior to it first infiltrating my activity.

 

The first time, I was navigating to a price guide set entry from the BP home page when I was redirected.

The second time, just now, after having closed and reopened chrome hours earlier, I was navigating from one price guide set entry to another when I was redirected. "Back" followed by a second attempt got me safely to my destination without any hijack this time.

Link to comment
Share on other sites

Your guess is better than mine....I had to google what a router was!  I'm just glad that annoying hair extensions page is gone :)

 

Ok, a little more research...

 

1) Reset your router to factory default settings.

2) Login to your router and disable remote administration.

3) Change the administrator password!!!

 

So if you reset the router, please look into how to disabling remote administration and change the admin password.

Link to comment
Share on other sites

Guest betsy805

Ok, a little more research...

 

1) Reset your router to factory default settings.

2) Login to your router and disable remote administration.

3) Change the administrator password!!!

 

So if you reset the router, please look into how to disabling remote administration and change the admin password.

The remote management line already shows 'disabled', but I just changed the admin password.  Thanks!

Link to comment
Share on other sites

Cookies also aren't passed from computer to computer... they also just store information so the cookie could simply be storing the ali express url.

 

There appears to be two scenarios at play:

 

1) Browser hijacks via unapproved add-ons.

2) Router's having their primary DNS entry overwritten with rogue entries.

 

So check your computer for strange processes and your browser/ for strange add-ons and then either manually check your router's settings or reset it and then disable remote administration and change that default password!

Link to comment
Share on other sites

I'm far from a computer expert, and the extent of my Network knowledge is limited to thinking Sylvestor Stallone should have won the Oscar over Peter Finch.

But I do know this. There is no such thing as a bad cookie. Even the sugar free have merit, if you're munchie desperate.

Link to comment
Share on other sites

I moved a bunch of posts from the Brickfolio and Price Guide Thread here to keep the discussion about redirect and other search problems in one place.

 

First the summary... If you are getting redirected to other sites while navigating BrickPicker, your computer or home router has been infected by a virus known as a browser/search hijacker. These virus' will intercept your "clicks" that bring you to another web page (internal or external to the current website, doesn't matter).

 

The nitty gritty... It appears that this particular virus has a few variants - adfoc.us, activities.aliexpress.com, etc. It is also really good at choosing different names for it's installed program or installed add-on. I have yet to find the source, but all things point to some "bad" links being posted in a forum post somewhere that people have clicked on... once you've clicked, it seems antivirus and malware programs have been slow on the uptake to fix it this time around (for those curious, this type of exploit is discussed on internet forums as far back as 2010).

 

Note: If you don't know how to reconfigure your router, seek the help of your favorite IT nerd. If you don't have the manual for it, Google the model now to find and save the instructions. :)

 

The solution... if simply clearing your browser's cache and cookies doesn't work (a safe first step) as best I can figure right now.

 

1) Disconnect all computers from the internet (don't worry about phones or tablets, but it doesn't hurt to turn them off).

  • Turn OFF the wireless connection, or
  • Unplug ethernet cables
  • Go through the list of installed browser plug-ins and installed programs to see if any just don't make sense.
    • The list of potential candidates is too long to mention, but generally the names are poorly constructed, rip-off names from other well-known companies or literally scream fake (examples I'm making up TruSearch, MyAdFilter, etc).

2) Find your home router, RESET it to factory default settings. Rebooting will not necessarily work.

  • If you use the router supplied by your internet provider, please ensure that:
    1. You know the username and password to log back in.
    2. You know how to set it up properly ... If it provides your home internet & TV this may be less straightforward than an off the shelf router.
  • Routers should have a small pin-hole type reset switch on the back of them near the power cable plug. Leave it connected to the power, insert a paper clip into the hole and hold the button until the lights on the front flash indicating it was reset.

3) Go to each computer in your house and do the following to reset the IP/DNS settings on your computer.

    (OS Note: I'm a windows guy, so I'm providing instructions for Windows 7 but the procedure is similar for other OSes)

  • Go to Start -> Control Panel -> Network and Internet -> Network and Sharing Center
  • Click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • On the Networking tab, select the Internet Protocol Version 4 (TCP/IPv4) item and click Properties
  • Under General tab:
  • Select "Obtain an IP address automatically".
  • Select "Obtain DNS server address automatically".

       Save all your changes and reboot your computer if you changed anything.

 

4) After saving or rebooting, you need to flush the DNS cache:

  • Open a command prompt by clicking the "start" button and typing cmd.exe into the search box.
  • Press enter when windows finds the match,
  • Type ipconfig /flushdnsat the prompt, press enter then close the command prompt.

Repeat 3 & 4 on all computers in your house before the next steps.

 

5) Reconnect one computer to the internet, i.e. turn on the wireless connection or plug the ethernet cable back in.

  • Connect to your router from your browser (pull out that saved instruction manual) and make the following changes:
    • Change the default administrator password!!
    • Turn off remote administration (this isn't the same as what you are doing now).

Note: Every router brand is different, so there are no generic instructions for this step.

  • Reconnect to the internet by entering your username and password now.
  • Reconnect all the other computers.
  • Install a GOOD antivirus program (anti-malware not so much).

 

You should be good to go.... A bit of advice for future.

 

- If this happens again, you may have cheated on one of the above steps, clicked the malicious link again or still have not removed the offending virus from the infected computer.

- If you're relying on the router supplied by your internet provider, you shouldn't. Often we aren't allowed to administer them... but they are vulnerable too. Buy a good third party router and connect your router to the supplied router. Then connect devices in your home to the one you just bought. That way, you have better control over your home network at all times.

- Don't trust unknown malware removal programs. Always Google the product name and add "review" or "feedback" or "scam" (etc) to see if it is legit before installing it.

 

I hope this helps someone. Credit to many other internet sites who've tried to document this where the big corps have failed.

  • Like 1
Link to comment
Share on other sites

Hbd this happen on my ipad

Thought they were less buggy

 

They do work in a sandbox so they typically don't hold onto a potential virus, but this thing also seems to be able to exploit router weaknesses and I can't say whether it can do it through an iPad or not.

 

 

I can't get this thing to trigger.  I am trying over and over again to see something.  If someone has the ability, can you make a screencast of it happening and PM me the link?

 

I've tried too and it doesn't make any sense. Part of me wants to turn down my router's security to try it and part of me doesn't. :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...