0

i had no problem until yesterday but today i noticed when i click any links it redirects me to http://www.ultrafiles.net/7cc02b3a/url/MY-LINK-HERE which looks like this: enter image description here

the picture above i tried to open a question in stackoverflow !!! and i was redirected there

so the first thing i did obviously was to disable all browser Extension and remove some apps which i suspected to no avail . as i am using ubuntu it was unlikely the problem be a program in os rather i suspected a user-script or something similar.

after some testing and checking sites affected i noticed sites that do not use google analytics has no problem so i checked ga.js and faced a surprise : enter image description here

the only difference between left (Chromium) and right (Chrome) is that chromium is using a proxy with encryption.

so is my connection sniffed and modified somewhere between me and google ? how can i prevent it ? and does this means all passwords i entered in non-https sites may have been compromised ?

if you need any more info ask in comments and i try to provide them.

update: full script here

Improve this question

2 Answers 2

Reset to default
0

this type of hardware attack your router proxy specially when you have a UN and PW of your router is admin admin. try to reset your router and make a hard password and you will get rid of that ad.

Improve this answer
2
  • i do have a weak password on my router but i thought that won't make any problems since its only accessible from lan , am i wrong? (if i enter my wan ip in another network i won't get the router page)
    – Bor691
    Commented Dec 20, 2014 at 15:31
  • any PC connected to the router and have access to the internet I think it could attack the router ... or the switch by the way, if there is any.
    – hsawires
    Commented Dec 20, 2014 at 17:52
0

I found this info. it's the same Linkbuks adware, it's just a browser hijack Click Here. It looks like the connection is hijacked or something. Did u try to switch proxy of don't use proxy at all?

Improve this answer
6
  • the No proxy one (on the right) is having problem , using a proxy i did not had any problems however because of higher ping i can't always use the proxy.
    – Bor691
    Commented Jul 21, 2014 at 8:43
  • the link you provided is suggesting i use an ad-ware clean tool which is an EXE file , however i stated in the question that i use ubuntu which makes that file unusable for me.
    – Bor691
    Commented Jul 21, 2014 at 8:44
  • fail! yes i noticed late lol, try connecting to a different network/location see if it happens?
    – chrisupi007
    Commented Jul 21, 2014 at 8:50
  • it appears to load fine now , although i blocked the ga.js url with adblock extension in chrome , but the question remains unanswered , what steps to follow when a similar situation happens (when you think your connection is sniffed/modified in the route) and how to detect source of problem (is it in isp , some higher level or local network ?)
    – Bor691
    Commented Jul 21, 2014 at 17:20
  • i'm glad u figured it out, it's a mystery sometimes
    – chrisupi007
    Commented Jul 24, 2014 at 14:26

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .