California
Super Star Member
- Joined
- Jan 22, 2004
- Messages
- 14,744
- Location
- An hour north of San Francisco
- Tractor
- Yanmar YM240 Yanmar YM186D
I got home to the 'infected' pc and figured it out. Turns out I already had the solution in the thread where I declared the problem: Help with a Redirect Virus .
This nuisance Redirect is a moneymaking feature added to TBN and also subscribed to by Harbor Freight. Whenever someone here clicks on a link to Harbor Freight, the click generates a payment to TBN because the link goes via a 'man-in-the-middle' and then onward to HF.
As I posted in my initial thread, here's how your click on a HF trailer-jack link gets to HF: [spaces added so this won't actually link]
Vigilink's claim on their home page:
Turns out my ISP doesn't like one of the sites that this Vigilink redirects traffic to:
http://www.emjcd.com/1d111nmvuE/mty...74A9-kdueru-iuhljkw-wrrov-grqw-vxfn-549.kwpo<
If you don't want to click on that, (not recommended!) it looks approximately like this screen print below except emjcd.com is the site reported blocked.
Again, quoting from my prior thread:
I found a lengthy thread on this at Sonic.net, my ISP. "It's a trap! Reported phishing or malware site" : who?
To summarize that thread, Sonic subscribers complained that Washington Post was blocked at one point. Another poster said he lost out on a killing in Bitcoins when an Exchange site disappeared during a short period of abnormal prices. He proposed that this was deliberate manipulation of DNSSEC to someone's financial advantage.
The owner of the ISP referred to this description of DNSSEC which they use:
And that internal Wiki says Google's public servers also use DNSSEC, which is why my changes from 'default' to the ISP's DNS server, and then to Google's DNS server (8.8.8.8), continued to cause the same error message.
Sonic offers opt-out DNS service (unfiltered) if that's what you want: DNS_Opt-Out
In summary - DNSSEC causes Vigilink's man-in-the-middle link through emjcd .com to terminate at an error page instead of passing through to the intended destination.
As for my PC - I learned CC can modify more than I intended (fonts disappeared!). After I ran the System Restore image from January 31 everything came back to normal. I ran Windows Update, and now I'll run Ninite, to catch anything that needs update subsequent to 1/31.
Issue resolved! Thanks everyone for your good advice over in the other thread. :drink:
This nuisance Redirect is a moneymaking feature added to TBN and also subscribed to by Harbor Freight. Whenever someone here clicks on a link to Harbor Freight, the click generates a payment to TBN because the link goes via a 'man-in-the-middle' and then onward to HF.
As I posted in my initial thread, here's how your click on a HF trailer-jack link gets to HF: [spaces added so this won't actually link]
Vigilink's claim on their home page:
Turns out my ISP doesn't like one of the sites that this Vigilink redirects traffic to:
http://www.emjcd.com/1d111nmvuE/mty...74A9-kdueru-iuhljkw-wrrov-grqw-vxfn-549.kwpo<
If you don't want to click on that, (not recommended!) it looks approximately like this screen print below except emjcd.com is the site reported blocked.
Again, quoting from my prior thread:
I found a lengthy thread on this at Sonic.net, my ISP. "It's a trap! Reported phishing or malware site" : who?
To summarize that thread, Sonic subscribers complained that Washington Post was blocked at one point. Another poster said he lost out on a killing in Bitcoins when an Exchange site disappeared during a short period of abnormal prices. He proposed that this was deliberate manipulation of DNSSEC to someone's financial advantage.
The owner of the ISP referred to this description of DNSSEC which they use:
And that internal Wiki says Google's public servers also use DNSSEC, which is why my changes from 'default' to the ISP's DNS server, and then to Google's DNS server (8.8.8.8), continued to cause the same error message.
Sonic offers opt-out DNS service (unfiltered) if that's what you want: DNS_Opt-Out
In summary - DNSSEC causes Vigilink's man-in-the-middle link through emjcd .com to terminate at an error page instead of passing through to the intended destination.
As for my PC - I learned CC can modify more than I intended (fonts disappeared!). After I ran the System Restore image from January 31 everything came back to normal. I ran Windows Update, and now I'll run Ninite, to catch anything that needs update subsequent to 1/31.
Issue resolved! Thanks everyone for your good advice over in the other thread. :drink: