3
I'm getting redirected to ezshoplist.me and alecyueee.us, when I try to access amazon.com. I'm actually redirected to these sites which redirects back to Amazon.com. I searched a lot regarding these domains and came across this link - ddecode.com.
Also came across this site alestat which also indicates connections between amazon, ezshoplist.me and alecyueee.us
- Can someone help me understand what this code does?
- Has my Amazon credentials/session been compromised?
- How do I figure out which extension is the culprit?
As of now, I'm using a Chrome extension - Block site, to block these two sites and it does a pretty good job in doing the same. But I would like to get this removed. Virus/Malware scan with ClamXav and AVG free did not help.
Browser : Chrome
OS: Mac OSX 10.7.5
2In the worst case you have a malicious infection. In the best case you have a fake/adware extension installed. What have you done to clean your system? Have you simply deleted your Chrome profile? Once you resolve this problem you should change your Amazon credentials. – Ramhound – 2013-09-11T15:56:48.030
As mentioned I've scanned system with antivirus/malware. I uninstalled chrome, cleared profile etc, reinstalled it and sync'd my extensions back from cloud. I still have the issue. I'll change my Amazon credentials only after making sure that issue is completely resolved. But I need help on that. – rajivvishwa – 2013-09-11T16:00:47.310
Skip syncing the profile, and I glazed over the fact your on OS X, so a malcious infection is highly unlikely. Which leaves a malicious ( i.e. unwanted behavior ) extension installed by you. Does this happen with Safari or Firefox? I suspect its your DNS or ISP Provider introducing this behavior through javascript. – Ramhound – 2013-09-11T16:18:18.810
Forgot to mention - I'm using Google DNS servers, my hosts file is clean too. This is happening only on Chrome (Not on incognito). Its clear that some extension is causing the issue. And someone has posted the code of extension in link mentioned in my post. But I'm not sure I could figure out what it does. If I could figure out I may be able to track the extension and remove it. And of course, report it to Google. – rajivvishwa – 2013-09-11T16:49:52.837
Process of elimination is the best way to find this. Remove one extension at a time until the problem returns. Syncing your profile after the removal of the profile is likely the reason it returned. Try starting chrome with extensions to verify its actually an extension doing it. – Ramhound – 2013-09-11T16:56:25.537
Ya, was lazy to do that.. But looks like I'm left with no option :) Let me try that. – rajivvishwa – 2013-09-11T17:01:31.270
I did that and I then enabled one by one. Now all are enabled. I no longer see the redirection issue.. yet. Not sure what happened. Now I wont be able to investigate the problem. – rajivvishwa – 2013-09-11T18:17:05.563
Update - Redirection still happens. I observed that I was redirected from tripadvisor too. Since this doesn't happen all the time I dont think toggling my extensions are going to help. I need to understand which extension initiates the redirection. – rajivvishwa – 2013-09-13T01:45:50.253