localhost redirect to other site... trojan?

Question

As title, seems there's a trojan on my server
When I put a url like

localhost/mysite

it redirect to the site free-merchants.com and then return to my site...
But if I put

127.0.0.1/mysite

all work correctly...
Then, what is? I scan with avast and malwarebytes and no virus...
With HijackThis I can't see any strange thing... File hosts have only row

127.0.0.1 localhost

Can be a bug of my webserver that run with

Apache/2.2.21 (Win32) PHP/5.4.32

Or what I must scan?

Thanks, I didn't know SuperUser... Now I have posted also on it — FireFoxII, Jan 18 '16 at 15:33

score 2 · Answer 1 · answered Jan 18 '16 at 13:12

2

It seems like a unwanted change by a trojan or such...

check your hosts-file for malicious entries. (ref.: https://en.wikipedia.org/wiki/Hosts_(file) )

answered Jan 18 '16 at 13:12

Marc

69
7

My host file contains only these rows # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost # ::1 localhost – FireFoxII Jan 18 '16 at 13:42

score 0 · Accepted Answer · answered Jan 18 '16 at 13:21

0

Use JRT (junkware removal tool) and Adware-removal tool (from techsupportall) these 2 programs are wonderful to discover PUP, just an addition to malware bytes which is already excellent.

answered Jan 18 '16 at 13:21

aPugLife

989
2
14
25

No malware with both software – FireFoxII Jan 18 '16 at 13:42
did you try already checking in installed programs for it? try go control panel/uninstall a program and check if there's something related to free-merchants (or more in general try cleaning useless tools you might have installed). Probably it is not a PUP but an actual (annoying) program – aPugLife Jan 18 '16 at 13:46
No, there's nothing about this "program"... I'm very meticulous about this... Now I'm working on my backup/server with debian but when I'm out of my home, I must use my notebook with windows... I can override the problem with 127.0.0.1 but I must/want resolve... – FireFoxII Jan 18 '16 at 15:28
I would check chrome/firefox plugins or settings, because sometimes these PUP doesn't get removed by those tools. I do not know why. sometimes I need to manually clean the windows registry or look on google for that particular program and how to remove from chrome/firefox advanced settings. Also, chrome use settings of Iexplorer so try checking here as well for bad settings – aPugLife Jan 18 '16 at 16:28
Thanks at all... The problem was an extension... Disabled it and resolved... More info here http://superuser.com/questions/1027995/localhost-redirect-to-other-site-trojan – FireFoxII Jan 18 '16 at 19:35

score 0 · Answer 3 · answered Jan 19 '16 at 09:58

0

For me it was JQuery Debugger Extension: https://chrome.google.com/webstore/detail/jquery-debugger/dbhhnnnpaeobfddmlalhnehgclcmjimi?utm_source=chrome-app-launcher-info-dialog

answered Jan 19 '16 at 09:58

white_bear

73
5

score 0 · Answer 4 · answered Jan 19 '16 at 14:41

0

For me it's was Translation Selection Extension https://chrome.google.com/webstore/detail/translate-selection/goanabmlmgfinmjohhepcpffcnkeobjm. When I deleted this extension, all works fine

answered Jan 19 '16 at 14:41

Andrey Tkachuk

46
5

score 0 · Answer 5 · answered Jan 19 '16 at 16:17

0

We caught an infected Chrome Reloader Extension: http://howtoremove.guide/remove-auto-refresh-plus-chrome-firefox/

:-(

answered Jan 19 '16 at 16:17

Alexander Reifinger

512
1
4
18

score 0 · Answer 6 · answered Mar 15 '16 at 04:19

0

For me it was the Chomemarks extension.

answered Mar 15 '16 at 04:19

j8d

446
7
23

localhost redirect to other site... trojan?

6 Answers6

Linked