Den Posted November 26, 2008 Share Posted November 26, 2008 Ok so I get done with my homework and think to myself, "Hey, il use my 10 mins to go play some Runescape. I click on my runescape bookmark... and i get redirected to a Runescape cheat and Gold buying site. :shock: I then think, "Wow, im going nuts." So I close the browser, open a new one and click the bookmark again. I get redirected to the same site. Now im starting to freak out. I go to my desctop and open the Jagex Runescape client, certain that this might just be some mistake. The runescape client opens the gold buying site. Is there something on my pc that redirects the runescape site to a gold buying site? :ohnoes: Im kinda shaky at the moment, does anyone know what the problem is? :? ........::::: Rainy's YouTube Channel - Rainy's Twitter - Rainy's Facebook - Rainy's DeviantArt - Rainy's Tumblr - Rainy's Tip.It Profile :::::......... Link to comment Share on other sites More sharing options...
Master_Smither Posted November 26, 2008 Share Posted November 26, 2008 Run a virus scan is the only thing I'd say maybe your computer is infected. Click for My Blog670th to 99 Smithing July 21st, 07 |743rd to 99 Mining November 29th, 07 | 649th to 99 Runecrafting May 18th, 08 | 29,050th to 99 Defence October 20th, 08 | 20,700th to 99 Magic November 8, 08 | 47,938th to 99 Attack December 19, 08 | 37,829th to 99 Hitpoints December 24, 08 | 68,604th to 99 Strength February 4, 09 | 27,983rd to 99 Range February 9, 09 | 9,725th to 99 Prayer June 8, 09 | 6,620th to 99 Slayer December, 12 09 | 4,075th to 99 Summoning December, 28 09 | 3,551th to 99 Herblore February 24, 10 | 3,192th to 99 Dungeoneering November 11, 10 | 146,600th to 99 Cooking December 29th, 10 | 11,333rd to 99 Construction June 7th, 11 | 16,648th to 99 Farming August 1st, 11 | 19,993th to 99 Crafting August 2nd, 11 | 89,739th to 99 Woodcutting Janurary 1st, 12 | 55,424th to 99 Fishing May 9th, 12| 60,648th to 99 Firemaking May 12th, 12 | 16666th to 99 Agility May 17th, 2012 | 24476th to 99 Hunter June 1st, 2012 | 57,881st to 99 Fletching June 1st, 2012 | All 99s June 1st, 2012 | 3183th to 120 Dungeoneering July 24th, 2012 | 2341st to 2496 Total level July 24th, 2012 | Completionist Cape July 24th, 2012 Link to comment Share on other sites More sharing options...
JustAGamer Posted November 26, 2008 Share Posted November 26, 2008 yeah...that's not good. :? Offhand, Best advice I've got is the stuff you've heard a hundred times before, clear cookies, run scans etc. Let us know if you fix it. :) this link kills spam Link to comment Share on other sites More sharing options...
Den Posted November 26, 2008 Author Share Posted November 26, 2008 Run a virus scan is the only thing I'd say maybe your computer is infected. Ok, I started avg but iI dont think its my computer. I just tried entering runescape from my laptop and it goes to the same site as on my main pc. :shock: :ohnoes: ........::::: Rainy's YouTube Channel - Rainy's Twitter - Rainy's Facebook - Rainy's DeviantArt - Rainy's Tumblr - Rainy's Tip.It Profile :::::......... Link to comment Share on other sites More sharing options...
compfreak847 Posted November 26, 2008 Share Posted November 26, 2008 Your hosts file (C:\windows\system32\drivers\etc\hosts) has been hijacked, most likely. Open it up and look for an entry labeled 'runescape.com'. It's redirecting traffic from runescape to whatever the IP of the scam site is. You probably have all sorts of viruses, DON'T LOG ON UNTIL YOUR CLEAN. Use tools like AVG Antispyware, Spybot S&D, and Lavasoft Ad-Aware to clean it out. Drops: 1x Draconic Visage, 56x Abyssal Whip, 5x Demon Head, D Drops: 37, Barrows Drops: 43, DK Drops: 29GWD drops: 14,000x Bars, 1x Armadyl Hilt, 2x Armadyl Skirt, 4x Sara Sword, 1x Saradomin Hilt, 8x Bandos Hilt, 8x Bandos Platebody, 9x Bandos Tassets, 4x Bandos Boots, 43x Godsword Shard, 82x Dragon BootsDry streak records: Saradomin 412 kills Bandos 988 kills Spirit Mages 633 kills - Slayer Sucks Link to comment Share on other sites More sharing options...
compfreak847 Posted November 26, 2008 Share Posted November 26, 2008 Run a virus scan is the only thing I'd say maybe your computer is infected. Ok, I started avg but iI dont think its my computer. I just tried entering runescape from my laptop and it goes to the same site as on my main pc. :shock: :ohnoes: That's a problem... Same virus, or router redirection? Drops: 1x Draconic Visage, 56x Abyssal Whip, 5x Demon Head, D Drops: 37, Barrows Drops: 43, DK Drops: 29GWD drops: 14,000x Bars, 1x Armadyl Hilt, 2x Armadyl Skirt, 4x Sara Sword, 1x Saradomin Hilt, 8x Bandos Hilt, 8x Bandos Platebody, 9x Bandos Tassets, 4x Bandos Boots, 43x Godsword Shard, 82x Dragon BootsDry streak records: Saradomin 412 kills Bandos 988 kills Spirit Mages 633 kills - Slayer Sucks Link to comment Share on other sites More sharing options...
obfuscator Posted November 26, 2008 Share Posted November 26, 2008 Try searching "runescape.com" on google, and clicking the link there. "It's not a rest for me, it's a rest for the weights." - Dom Mazzetti Link to comment Share on other sites More sharing options...
x1992x Posted November 26, 2008 Share Posted November 26, 2008 Try searching "runescape.com" on google, and clicking the link there. dont do that for god sake! My private chat is always ON.Winner of The Tip.It Teamcape Outfit Contest!6 years. 1 dragon CS drop and some barrows, bad luck? Link to comment Share on other sites More sharing options...
Den Posted November 26, 2008 Author Share Posted November 26, 2008 Try searching "runescape.com" on google, and clicking the link there. Same scam site. :-# Tried to enter other places on runescape.com but i always get redirected to the site. ........::::: Rainy's YouTube Channel - Rainy's Twitter - Rainy's Facebook - Rainy's DeviantArt - Rainy's Tumblr - Rainy's Tip.It Profile :::::......... Link to comment Share on other sites More sharing options...
pulli23 Posted November 26, 2008 Share Posted November 26, 2008 uhm that seems like a browser hack, what happens is that basically your browser is set up so that it "bookmarks" a certain word (in this case "runescape.com") to another site. This shouldn't be done automatically (or at least, without user confirmation), so something must be wrong (but you figured THAT out already didn't you :lol: ). Is that 'bookmark' you use, coming from IE or from firefox - what version? If it's IE, do you have activeX enabled? (wow disabling it doesn't even work) Most generic (and only) advice I can give you atm is to use firefox, and to update to the latest version. Other than that: well if something like this happens to firefox the easiest thing to do is to reinstal it completely: and/or reset everything in the about:config to it's default option.... But with IE I have no clue how to actually reinstal it without storing the settings. Well if it's on your laptop happening too: seems to me that there's a DNS problem.. Try going to: http://168.75.183.51/ If this works it's definatelly a DNS problem, you could set up your PC to use 1.1.1.2 as dns server... First they came to fishingand I didn't speak out because I wasn't fishing Then they came to the yewsand I didn't speak out because I didn't cut yews Then they came for the oresand I didn't speak out because I didn't collect ores Then they came for meand there was no one left to speak out for me. Link to comment Share on other sites More sharing options...
x1992x Posted November 26, 2008 Share Posted November 26, 2008 Try searching "runescape.com" on google, and clicking the link there. Same scam site. :-# Tried to enter other places on runescape.com but i always get redirected to the site. FOR GOD SAKE DONT LOG ON ANY PLACE UNTIL ITS CLEANED!!!! My private chat is always ON.Winner of The Tip.It Teamcape Outfit Contest!6 years. 1 dragon CS drop and some barrows, bad luck? Link to comment Share on other sites More sharing options...
JustAGamer Posted November 26, 2008 Share Posted November 26, 2008 There's a difference between reaching the site and logging in. Relax. :lol: In any case, either A: Something's wrong with your router, or B: You picked up something that's smart enough to spread between multiple places attached to the same router, or C: You went to the same thing with both computers. (though the latter doesn't seem all that likely to me to happen suddenly) this link kills spam Link to comment Share on other sites More sharing options...
x1992x Posted November 26, 2008 Share Posted November 26, 2008 There's a difference between reaching the site and logging in. Relax. :lol: In any case, either A: Something's wrong with your router, or B: You picked up something that's smart enough to spread between multiple places attached to the same router, or C: You went to the same thing with both computers. (though the latter doesn't seem all that likely to me to happen suddenly) YOU can never be to secure when i comes to keyloggers or something like that ;) My private chat is always ON.Winner of The Tip.It Teamcape Outfit Contest!6 years. 1 dragon CS drop and some barrows, bad luck? Link to comment Share on other sites More sharing options...
ghoulmeister Posted November 26, 2008 Share Posted November 26, 2008 Count your blessings, this could have been a lot worse. My friend was once directed to a fake rs site, when you logged on, it put you on a private server. He lost a d chain, 20 mil at the time. I has herd, that lesser demons, MAY or may not, drop tormented demons. \:D/ :roll: :x :D :o :shock: :? 8-) :lol: Due to a typo, I am now stuck with 1k dragon darts and no buyer. Can I has bail out from tip.it plox? Link to comment Share on other sites More sharing options...
Den Posted November 26, 2008 Author Share Posted November 26, 2008 uhm that seems like a browser hack, what happens is that basically your browser is set up so that it "bookmarks" a certain word (in this case "runescape.com") to another site. This shouldn't be done automatically (or at least, without user confirmation), so something must be wrong (but you figured THAT out already didn't you :lol: ). Is that 'bookmark' you use, coming from IE or from firefox - what version? If it's IE, do you have activeX enabled? (wow disabling it doesn't even work) Most generic (and only) advice I can give you atm is to use firefox, and to update to the latest version. Other than that: well if something like this happens to firefox the easiest thing to do is to reinstal it completely: and/or reset everything in the about:config to it's default option.... But with IE I have no clue how to actually reinstal it without storing the settings. Well if it's on your laptop happening too: seems to me that there's a DNS problem.. Try going to: http://168.75.183.51/ If this works it's definatelly a DNS problem, you could set up your PC to use 1.1.1.2 as dns server... Both my home pc and laptop use firefox. I just searched for runescape in total commander and found temporary internet files containing runescape and money as the file names. The ip you linked sent me to the runescape page, but the scam site logo was still on the page. :lol: Il try deleting the temporary internet files and cookies then if it doesnt work, reinstall firefox. ........::::: Rainy's YouTube Channel - Rainy's Twitter - Rainy's Facebook - Rainy's DeviantArt - Rainy's Tumblr - Rainy's Tip.It Profile :::::......... Link to comment Share on other sites More sharing options...
compfreak847 Posted November 26, 2008 Share Posted November 26, 2008 There's a difference between reaching the site and logging in. Relax. :lol: In any case, either A: Something's wrong with your router, or B: You picked up something that's smart enough to spread between multiple places attached to the same router, or C: You went to the same thing with both computers. (though the latter doesn't seem all that likely to me to happen suddenly) YOU can never be to secure when i comes to keyloggers or something like that ;) Not going to a site because your paranoid isn't going to do anything though. Just don't enter your password. And yes, this is some sort of redirection thing - either your router table has been compromised, or the same thing infected both of your computers. check the hosts file. I could almost guarantee you'll see a runescape.com entry - delete it and your fine. Of course, there's probably more underlying products - so use the tools I mentioned earlier. No need to panic. Drops: 1x Draconic Visage, 56x Abyssal Whip, 5x Demon Head, D Drops: 37, Barrows Drops: 43, DK Drops: 29GWD drops: 14,000x Bars, 1x Armadyl Hilt, 2x Armadyl Skirt, 4x Sara Sword, 1x Saradomin Hilt, 8x Bandos Hilt, 8x Bandos Platebody, 9x Bandos Tassets, 4x Bandos Boots, 43x Godsword Shard, 82x Dragon BootsDry streak records: Saradomin 412 kills Bandos 988 kills Spirit Mages 633 kills - Slayer Sucks Link to comment Share on other sites More sharing options...
PlatinumPixey Posted November 26, 2008 Share Posted November 26, 2008 Ok so I get done with my homework and think to myself, "Hey, il use my 10 mins to go play some Runescape. I click on my runescape bookmark... and i get redirected to a Runescape cheat and Gold buying site. :shock: I then think, "Wow, im going nuts." So I close the browser, open a new one and click the bookmark again. I get redirected to the same site. Now im starting to freak out. I go to my desctop and open the Jagex Runescape client, certain that this might just be some mistake. The runescape client opens the gold buying site. Is there something on my pc that redirects the runescape site to a gold buying site? :ohnoes: Im kinda shaky at the moment, does anyone know what the problem is? :? I didn't have this particularly happen to me but the one time I went to click on my RS client icon to open it and it said it couldn't find the file so I re-downloaded it and then it eventually happened again and I didn't know why. Well the one time I was going through the virus vault on my computer and saw that it found a virus in my rs client, twice. I have no idea how it happened because I hadn't played rs in awhile and I hadn't gone to any sites that might have caused it. It was so weird till this day still don't know why it could have happened. 3-27-07 4-14-08 2-23-09 Link to comment Share on other sites More sharing options...
The Observer Posted November 27, 2008 Share Posted November 27, 2008 Try running HiJackThis and post a log file. EDIT: Look for it here: http://www.download.com/Trend-Micro-Hij ... 27353.html Link to comment Share on other sites More sharing options...
@Dan3HitU Posted November 27, 2008 Share Posted November 27, 2008 Malware mate. [-- DYNAMIC SIGNATURES FOR RUNESCAPE 3 & OLDSCHOOL 2007 RUNESCAPE --] Link to comment Share on other sites More sharing options...
pulli23 Posted November 27, 2008 Share Posted November 27, 2008 Well if the same thing happens with both firefox and IE (the runescape client), it's probably not a browser related problem.. Though there are a few shared spaces (like bookmarks, and other user settings). Noscript will probably safe the day here: but it won't FIX the problem, will probably just hide it. What I wonder what exactly happens: The ip you linked sent me to the runescape page, but the scam site logo was still on the page. You mean that there's some "parts" that display the wrong site? - Could you post a picture/explain what parts? If it's the "advertisement bar, the bar just above the home - play now - acoutn - ect bar, than it really means there's a dns/routing problem. That part of the website is an Iframe (back to "advert.runescape.com") and so this part gets routed to the scam site... First they came to fishingand I didn't speak out because I wasn't fishing Then they came to the yewsand I didn't speak out because I didn't cut yews Then they came for the oresand I didn't speak out because I didn't collect ores Then they came for meand there was no one left to speak out for me. Link to comment Share on other sites More sharing options...
Den Posted November 27, 2008 Author Share Posted November 27, 2008 :| In the middle of scanning with spybot, i decide to try getting in via the item database. Now I go to the real main page on both my pc's... :| ........::::: Rainy's YouTube Channel - Rainy's Twitter - Rainy's Facebook - Rainy's DeviantArt - Rainy's Tumblr - Rainy's Tip.It Profile :::::......... Link to comment Share on other sites More sharing options...
The Observer Posted November 27, 2008 Share Posted November 27, 2008 :| In the middle of scanning with spybot, i decide to try getting in via the item database. Now I go to the real main page on both my pc's... :| I wouldn't log-in. You should end all the programs you are running (after you have scanned with Spybot) and then run HiJackThis and post a log file. That can catch browser hijacks which what appears to be the problem. Link to comment Share on other sites More sharing options...
Den Posted November 27, 2008 Author Share Posted November 27, 2008 What I wonder what exactly happens: The ip you linked sent me to the runescape page, but the scam site logo was still on the page. You mean that there's some "parts" that display the wrong site? - Could you post a picture/explain what parts? If it's the "advertisement bar, the bar just above the home - play now - acoutn - ect bar, than it really means there's a dns/routing problem. That part of the website is an Iframe (back to "advert.runescape.com") and so this part gets routed to the scam site... Basically, i was sent to the runescape page with a white background and blue links lined up on the left side of the screen. The only picture was the same banner as on the scam site and was located in the area where the ads usualy are on runescape.com Looks like its fixed but im still paranoid about logging in. Could it have been that google added a rs gold site and the rs gold ad had a javascript message that sends anyone who enters the site the ad is on, to the site the ad wants them to be sent to? (Last sentance might be a little confusing) P.S. Spybot just said my computer is 100% clean. ........::::: Rainy's YouTube Channel - Rainy's Twitter - Rainy's Facebook - Rainy's DeviantArt - Rainy's Tumblr - Rainy's Tip.It Profile :::::......... Link to comment Share on other sites More sharing options...
Den Posted November 27, 2008 Author Share Posted November 27, 2008 I have no idea what any of this means but killer seems to have it. Running processes: C:\Windows\system32\taskeng[Caution: Executable File] C:\Windows\system32\Dwm[Caution: Executable File] C:\Windows\Explorer[Caution: Executable File] C:\Program Files\Windows Defender\MSASCui[Caution: Executable File] C:\Windows\RtHDVCpl[Caution: Executable File] C:\Program Files\AVG\AVG8\avgtray[Caution: Executable File] C:\Program Files\Java\jre1.6.0_07\bin\jusched[Caution: Executable File] C:\Windows\System32\rundll32[Caution: Executable File] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy[Caution: Executable File] C:\Program Files\Windows Sidebar\sidebar[Caution: Executable File] C:\Windows\ehome\ehtray[Caution: Executable File] C:\Windows\ehome\ehmsas[Caution: Executable File] C:\Program Files\Windows Live\Messenger\msnmsgr[Caution: Executable File] C:\Program Files\Windows Media Player\wmpnscfg[Caution: Executable File] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor[Caution: Executable File] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel[Caution: Executable File] C:\Program Files\WinTV\Ir[Caution: Executable File] C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr[Caution: Executable File] C:\Windows\system32\wbem\unsecapp[Caution: Executable File] C:\Windows\system32\wuauclt[Caution: Executable File] C:\Windows\system32\taskeng[Caution: Executable File] C:\Program Files\Mozilla Firefox\firefox[Caution: Executable File] C:\Windows\system32\conime[Caution: Executable File] C:\Program Files\Trend Micro\HijackThis\HijackThis[Caution: Executable File] C:\Windows\system32\SearchFilterHost[Caution: Executable File] I noted the last one as suspisious. ........::::: Rainy's YouTube Channel - Rainy's Twitter - Rainy's Facebook - Rainy's DeviantArt - Rainy's Tumblr - Rainy's Tip.It Profile :::::......... Link to comment Share on other sites More sharing options...
compfreak847 Posted November 27, 2008 Share Posted November 27, 2008 Quite a few suspicious looking ones in there. Try http://housecall.trendmicro.com/. Drops: 1x Draconic Visage, 56x Abyssal Whip, 5x Demon Head, D Drops: 37, Barrows Drops: 43, DK Drops: 29GWD drops: 14,000x Bars, 1x Armadyl Hilt, 2x Armadyl Skirt, 4x Sara Sword, 1x Saradomin Hilt, 8x Bandos Hilt, 8x Bandos Platebody, 9x Bandos Tassets, 4x Bandos Boots, 43x Godsword Shard, 82x Dragon BootsDry streak records: Saradomin 412 kills Bandos 988 kills Spirit Mages 633 kills - Slayer Sucks Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now