This is so weird and random that I have a problem explaining it fully. Since yesterday, those behaviors started:
Some pages in Chrome are be always redirected to:
If I open the same page right now in another browser, or even private browsing in Chrome, it works. Some websites, after some time, just stop being reachable. Even with ping
. For example, Facebook. I had it open and using ten minutes ago, and now a tracert
says
Unable to resolve target system name www.facebook.com
On Firefox it starts a search on Yahoo with the website as subject.
I have right now a stream going and it doesn't have any problem, unless I refresh the page. Disabling and re-enabling the connection seems to solve the issue for some time, on some websites.
I tried changing the DNS to Google DNS to no avail. I have the firewall on, and Avast running all time.
Let's take the example of twitch.tv, which is a website I can never reach on normal Chrome, but I can reach on private browsing Chrome and Firefox.
If I ping it, I get a timeout. If I do a tracert
this is what I get:
1 <1 ms <1 ms <1 ms 192.168.2.1
2 <1 ms <1 ms <1 ms 192.168.1.2
3 20 ms 19 ms 19 ms 2-234-97-1.ip222.fastwebnet.it [2.234.97.1]
4 19 ms 18 ms 18 ms 10.6.105.66
5 * * * Request timed out.
6 * * * Request timed out.
By pure chance, I disabled the Avast! Shield, and what I got was a redirection to a page that permitted me to identify the virus as a ransomware. A variation of Trojan.Ransomlock
The page shows a fake "police" page:
Apparently Avast was intercepting and blocking the redirect, so what I got was "Error 324 NO DATA RECEIVED" from Chrome. Still can't explain the kind of behaviour.
I'm on Windows 7.
Answer
Yes, we had the problem in Italy on the last days: primary DNS server on router/modem modified to 94.249.192.105 -> ransomware (javascript) downloaded from this same server by any device on the LAN and multiple sites and services blocked.
Solution to be confirmed : change password on router/update firmware + change DNS servers on router to those of Google + clear browser data (reset)
No comments:
Post a Comment