Browser redirecting problem (hijacked?)


Last Updated: 2014-09-22 17:51:57
  1. bananaslug

    bananaslug New Member

    Hi, first post here... I found a few similar topics but not one that actually helped me solve this so I thought I start a new one instead. IF I was just blind and missed one that already has answer to this, please can someone point me to it and excuse my failing search skills? Thanks much.

    Anyway, the problem background is this: some weeks ago I started getting this nasty redirecting to a mobile website that checks for 3G connection for payment. The root of the address was buildmysite(dotcom). It's a porn site of sorts, of course. Well, I don't visit porn sites or download odd apps so I was a bit puzzled. AVG antivirus also couldn't find anything. I could only get rid of it with a factory reset. So that's what I did. Didn't get nasty sites for a few days and I figured I reinstall my most-needed apps again.

    Then today the problem returned. Now it's redirecting me to a site at carmunity(dotde). Different site, same "3G payment failed on wifi connection, please switch to 3G" message content. I've only had this happen when I already have browser open. It picks I believe the tab I was last viewing and goes to that site. This time I didn't install antivirus app given how useless it was the last time.

    I saw on the threads I found that people got similar problems from downloading apps that, in my opinion if you'll excuse me, seem a bit fishy. I only ever download stuff I've seen reviewed on trustworthy sites, that got hundreds of thousands of downloads and at least four star reviews on the market, no stuff outside the market and/or if it's from a developer that is generally considered trustworthy by the community. I'm paranoid and overly careful about software in general like that and usually that attitude has served me well. So naturally I'm puzzled where exactly I got this browser hijacker from. That developer is gonna hear from me and I would hope from other people, too, if they put crap code in their products whilst enjoying the trust of the community.

    I use Dolphin HD as my browser, with three extensions: LastPass, Xmarks (both by LastPass) and ReadItLater (by Dolphin dev, I believe). The previous time I got the problem I had more but after reset I stripped the addons to the bare minimums I need.

    Other apps I currently have installed, one of which must be the culprit. I'm just glad I didn't yet install all the apps I've paid for or like to use, as that would make the list of suspects quite a bit longer...

    3G Watchdog Pro, Advanced Task Killer Pro, Amazon app, Astrid Tasks + Astrid Powerpack, ASTRO Pro, Audible, Beautiful Widgets + Animations, DoggCatcher Pro, Dropbox, HandelGothic FlipFont, Instant Heart Rate, LastPass, mVideoPlayer, MyNetDiary Pro, Plume Premium, QuickOffice Pro, ReadItLater, Smart Keyboard Pro, Spotify, tTorrent, Xmarks.

    Of course, some Google apps and Samsung bloatware that comes with Galaxy S. But I doubt it's any of those. I've not rooted my phone, yet. Been thinking and hesitating, but that's another topic...

    Almost all my apps are paid versions, because I like to support the devs if I like the app so it's majorly upsetting to think one of them is possibly screwing people over with browser hijacking surprises. :(

    So to get to the question: does anyone know which one of my apps might be the culprit? Maybe someone experienced the same and has the same app? Or is there some other explanation to this? As I said I reset the phone just some days ago and I don't visit suspicious sites on my phone (or computer for that matter), so I'm left clueless with this.

    As additional info: I checked Dolphin settings, too, but nowhere does anything point to this website that I get redirected to. Also, it's only happened once with the new site but happened several times with that buildmysite thing, before I thought of resetting the phone. I don't use the stock browser at all.

    Any help greatly appreciated!

    Advertisement
  2. pool_shark

    pool_shark Well-Known Member

    I've never heard of:

    DoggCatcher Pro, HandelGothic FlipFont, Instant Heart Rate, MyNetDiary Pro, Plume Premium, tTorrent, Xmarks.

    I would start there.
  3. Harry2

    Harry2 Well-Known Member

    Did you run 'Addons Detector' to find out if one of these AirPush addons is in one of your free apps?
    These AirPush addons can redirect your browser.

    With 'Addons Detector' you have to use the filter 'Push Notifications'.

    For to clean the browser you could try the method in this post ...
    Harry
  4. GJoz

    GJoz New Member

    Thank you Harry. This worked for me.

Share This Page