Typed youtube and was re-directed to a suspicious website. Is it possible I have a virus?

[benwinwood6]

So I went to go onto youtube and upon looking up i was greeted with reimageplus com/(lost of extra stuff)

I don't really know how there as my history only shows what I did before and not the search for youtube? My best guess it I typed youtibe or some other misspelling and it redirected me there.

I looked the site up and it seems that the program is adware/malware?

I scanned my computer with both Windows defender and Malware byes and there doesn't seem to be anything?

Is it possible visiting this dodgy site has given me a virus?

 

[stdragon]

Are you sure you typed it in correctly? Lots of typo-squatters redirecting to malware sites these days

 

[Robert Ban]

Download HitmanPro with free trial and run a scan.

 

[benwinwood6]

Are you sure you typed it in correctly? Lots of typo-squatters redirecting to malware sites these days

No, but viewing my history shows no search (I don't know how to view history typed directly into url?)

In any case don't you have to actively download something or click something to get malware?

 

[richiestang_78]

Found this on the MS forum

https/answers.microsoft.com/en-us/protect/forum/protect_scanner-protect_scanning-windows_10/reimagepluscom-malware-virus/fff24e35-d0ae-4094-a20b-08cda1c5cac2

 

[stdragon]

If you truely believe you typed in www.youtube.com in correctly, the page re-direct could have occurred for several reasons:

1. You network settings (NIC) in the system registry has a hard-coded set of DNS addressed to resolve all host names through a known malware site; which re-writes the URLs to point to malware infected web servers. I've personally seen this type of virus before. To ensure DNS is pointed to where it's supposed to, from a command prompt, type "IPCONFIG /ALL" (without quotes). Your DNS servers should be either your home router (same as default gateway), or the ones belonging to your ISP. For example, Comcast's would be 75.75.75.75 and 75.75.76.76. If you see some other public IP listed that you're not familiar with, let us know by responding what you find. Of when in doubt, ask anyways.

2. Windows IE Proxy settings have been set to redirect all website traffic to a public IP, which can only mean trouble.

3. Your browser has some dubious search plug-in installed.

4. Your browser's search settings have been modified to resolve searches through some other dubious search service.

5. Some websites have their ads hosted via 3rd party services. It's THOSE ad servers that get hacked, and serve malware. So, for example, going to CNN.com or ESPN.com might rotate an advertisement that's hosted on a server that got hacked. While CNN.com or ESPN.com itself is clean, it's that ad server that might attempt a URL redirection and off you go to some other .ch or .ru website presenting you with God only knows what.

 

[stdragon]

https/www.malwarebytes.com/adwcleaner/

 

[Robert Ban]

Easy solution, if you use opera or chrome try to use different browser and if problem persists its malware, if it doesnt then the cookies are the problem or cache.

 

[benwinwood6]

If you truely believe you typed in www.youtube.com in correctly, the page re-direct could have occurred for several reasons:

1. You network settings (NIC) in the system registry has a hard-coded set of DNS addressed to resolve all host names through a known malware site; which re-writes the URLs to point to malware infected web servers. I've personally seen this type of virus before. To ensure DNS is pointed to where it's supposed to, from a command prompt, type "IPCONFIG /ALL" (without quotes). Your DNS servers should be either your home router (same as default gateway), or the ones belonging to your ISP. For example, Comcast's would be 75.75.75.75 and 75.75.76.76. If you see some other public IP listed that you're not familiar with, let us know by responding what you find. Of when in doubt, ask anyways.

2. Windows IE Proxy settings have been set to redirect all website traffic to a public IP, which can only mean trouble.

3. Your browser has some dubious search plug-in installed.

4. Your browser's search settings have been modified to resolve searches through some other dubious search service.

5. Some websites have their ads hosted via 3rd party services. It's THOSE ad servers that get hacked, and serve malware. So, for example, going to CNN.com or ESPN.com might rotate an advertisement that's hosted on a server that got hacked. While CNN.com or ESPN.com itself is clean, it's that ad server that might attempt a URL redirection and off you go to some other .ch or .ru website presenting you with God only knows what.

Thanks for the detailed answer, but I'm pretty sure that my computer isn't infected and it was just a one time occurrence. I haven't been redirected once since and have barely anything besides two programs on my PC ( a new windows install) and I never go on any strange sites. I also have plenty of anti-virus/malware.

Surely there are other reasons. I have misspelled "outlook" loads of items and been redirected to plenty of strange website in the past?

Should I do a fresh windows installation to be safe?

 

[benwinwood6]

Easy solution, if you use opera or chrome try to use different browser and if problem persists its malware, if it doesnt then the cookies are the problem or cache.

It hasn't redirected me since and never has before, there is barely anything on this PC.

That given is it worth completely formatting all my hard drives and doing a fresh window installation?

 

[benwinwood6]

Download HitmanPro with free trial and run a scan.

I scanned and it found a bunch of tracking cookies. Is that an issue?

 

[stdragon]

Download HitmanPro with free trial and run a scan.

I scanned and it found a bunch of tracking cookies. Is that an issue?

Tracking cookies are a non-issue. It's just a "warning" to let you know that a profile of your browsing is being generated for analytics via ad services. But it doesn't have anything to do with being a source of malware.

 

[stdragon]

Thanks for the detailed answer, but I'm pretty sure that my computer isn't infected and it was just a one time occurrence. I haven't been redirected once since and have barely anything besides two programs on my PC ( a new windows install) and I never go on any strange sites. I also have plenty of anti-virus/malware.

Surely there are other reasons. I have misspelled "outlook" loads of items and been redirected to plenty of strange website in the past?

Should I do a fresh windows installation to be safe?

No, a re-installation shouldn't be necessary.

FYI, I recommend using BitDefender AntiVirus Plus 2018. However, for extra protection at the DNS level, you can always statistically assign your DNS settings to Norton ConnectSafe; it's free. Link below.

https/connectsafe.norton.com/configurePC.html

 

[benwinwood6]

Thanks for the detailed answer, but I'm pretty sure that my computer isn't infected and it was just a one time occurrence. I haven't been redirected once since and have barely anything besides two programs on my PC ( a new windows install) and I never go on any strange sites. I also have plenty of anti-virus/malware.

Surely there are other reasons. I have misspelled "outlook" loads of items and been redirected to plenty of strange website in the past?

Should I do a fresh windows installation to be safe?

No, a re-installation shouldn't be necessary.

FYI, I recommend using BitDefender AntiVirus Plus 2018. However, for extra protection at the DNS level, you can always statistically assign your DNS settings to Norton ConnectSafe; it's free. Link below.

https/connectsafe.norton.com/configurePC.html

Thanks. I checked my DNS and it is stable and what it should be. The problem I have is one of paranoia. I didn't download anything or click on anything so I couldn't be infected with anything that could potentially slow down my PC? Even if my PC were infected with something that would reduce my in game fps by 1 I would do a full wipe and reinstall everything, potentially even dispose of the hard drive for extra protection. I really hate the idea of any sort of infection, (in real life also!).

I did a Hitman Pro scan and it found a massive amount of tracking cookies, but I have heard they aren't all that bad?

 

[stdragon]

Thanks. I checked my DNS and it is stable and what it should be. The problem I have is one of paranoia. I didn't download anything or click on anything so I couldn't be infected with anything that could potentially slow down my PC? Even if my PC were infected with something that would reduce my in game fps by 1 I would do a full wipe and reinstall everything, potentially even dispose of the hard drive for extra protection. I really hate the idea of any sort of infection, (in real life also!).

I did a Hitman Pro scan and it found a massive amount of tracking cookies, but I have heard they aren't all that bad?

The DNS option Norton ConnectSafe i listed has nothing to do with stability; but, it will block known domains and URLs from resolving to the public IP of a server hosting malware. And that's assuming it's already been identified as a known source. A good Anti-Virus program will also intercept bad URLs as well.

If you really want to wipe/reload your OS, feel free to do so. I personally think it's a waste of time. But I suppose it's best to be safe than sorry if you insist.

Just back up your personal data before you do.

Good luck.

 

[benwinwood6]

Thanks. I checked my DNS and it is stable and what it should be. The problem I have is one of paranoia. I didn't download anything or click on anything so I couldn't be infected with anything that could potentially slow down my PC? Even if my PC were infected with something that would reduce my in game fps by 1 I would do a full wipe and reinstall everything, potentially even dispose of the hard drive for extra protection. I really hate the idea of any sort of infection, (in real life also!).

I did a Hitman Pro scan and it found a massive amount of tracking cookies, but I have heard they aren't all that bad?

The DNS option Norton ConnectSafe i listed has nothing to do with stability; but, it will block known domains and URLs from resolving to the public IP of a server hosting malware. And that's assuming it's already been identified as a known source. A good Anti-Virus program will also intercept bad URLs as well.

If you really want to wipe/reload your OS, feel free to do so. I personally think it's a waste of time. But I suppose it's best to be safe than sorry if you insist.

Just back up your personal data before you do.

Good luck.

Thanks for the help, but in conclusion what I am asking you is whether it was possible I could have been infected with a virus that could impact system performance? I'm not really to fussed about a one time redirection, unless it is the symptom of a virus/rootkit/malware that could affect my system.

I gather that your advice not to re-install windows, means that you don't think i would have serious infection that could possibly do such things?

 

[stdragon]

In my experience with dealing with malware detection and cleanup; most like you're not infected. Specifically because you've already stated "I also have plenty of anti-virus/malware".

That all said, I cannot guarantee that you're not infected either. It's up to you do to your due diligence.

There's plenty of ways you can check for malware.
1. Use a trial version of an AV.
2. Scan with Malware Bytes.
3. Use Trend Micro's HouseCall on-site scanner.

BTW, never run multiple Anti-Virus programs in the background at the same time. For example, don't have McAfee, BitDefender, and TrendMicro..etc all running together. That would slow your system down and actually introduce system stability issues. Choose one AV and stick with it. Or, uninstall the old, and try something else.