Random redirection to adult sites of mobile.juicyads.com

Since two days ago, almost all of my clicks open new tab and redirect to this Adult-only URL:

mobile.juicyads.com/service_redirect.php?p=64686&s=124309&u=http://www.google.com

Parameters p and s are not fixed as far as I know but parameter u which is http://www.google.com is fixed and for all of redirections are same. I understood that the URLs which didn't visited yet are redirecting to mobile.juicyads.com websites so if we visit URL A and see the mobile.juicyads.com advertising once, we won't see it again if we go to URL A again.

What is the problem and how can I fix it? I use Windows 7 ultimate and Google Chrome browser and tried these:

Scanning whole my drive for virus and other bad-wares using Avast!
Restoring computer for earlier time using Restore Point
Disabling plug-ins and extensions (Everything I could!)
Clearing DNS cache and other caches
Using different DNS servers on my modem-router
Pinging pages that I didn't visited before, results were OK

I should say that it's not Only my problem and occurs for other people too. And also before this problem (about a month ago) pages were redirected to adfoc.us website (See related question).

Amirreza Nasiri

Posted 2015-01-18T12:14:03.997

Reputation: 2 418

What are the proxy settings of chrome? – marsh-wiggle – 2015-01-18T12:34:13.683

@boboes I don't use proxy. it's on "Automatically detect settings." – Amirreza Nasiri – 2015-01-18T12:38:44.350

Proxy settings can be used for browser hijacking. Whate are your system proxy settings? Does it also happen in Internet Explorer? – marsh-wiggle – 2015-01-18T12:41:43.907

I'm living in Iran too (same as you), and I have the same problem. I think ISP's are doing something wrong. This the result of ipconfig /all on my system: DNS Servers : 91.212.124.159 and 8.8.8.8. --> 91.212.124.159 is from Ukraine! – VahidN – 2015-01-25T18:42:07.810

Did you install any software or drivers recently? Please check your Software and maybe post the most recent you installed. – Ivan Viktorovic – 2015-01-26T13:10:17.800

Try using another DNS instead. – Braiam – 2015-01-26T15:06:46.417

@bummi I know the rules here, as I said, I scanned my pc with avast! and malwarebytes so there is no "malware" and I even re-installed windows. – Amirreza Nasiri – 2015-01-26T19:37:07.373

4I ended up here after Googling the DNS primary sever I found on my laptop which was 91.212.124.159. The problem in my case was on the router (EDIMAX) I was using which apparently got hacked and has the primary DNS server it serves via DHCP changed to the one above.I set the original DNS back and disable access to the router from outside. This fixed the issue for me. I hope it helps. – Taoufix – 2015-02-05T01:41:43.300

Answers

You have malware on your system. Get Malwarebytes (or an equivalent piece of malware - which is distinct from antivirus software), run it and see if it cleans it up.

I note you may have some difficulty getting Malwarebytes if your system has been infected and is using a proxy to hijack your browser - using another browser MIGHT be a way arround this, otherwise download it from another system and use a USB or equivalent to get Malwarebytes to the infected system. To be safe you should probably not trust the USB key after its been plugged into the infected PC. (Or use a burnt CD so the contents can't be changed).

davidgo

Posted 2015-01-18T12:14:03.997

Reputation: 49 152

2I even re-installed my windows after scanning twice with Malwarebytes (and seeing result, not fixed). and as I said, it's no only my PC and my Router's problem. – Amirreza Nasiri – 2015-01-25T16:47:03.430

It sounds like an issue with DNS, or an HTTP proxy. The issue could be in your computer's browser settings, your computer's Internet settings, or settings of the default gateway of your computer (your "router"), or any other router, including those of your ISP or some other Internet access provider (perhaps the "upstream" ISP that your local ISP branch uses).

The first thing to do is to figure out how your system is getting the Internet connectivity configuration. Are you using automatically assigned settings (e.g., DHCP/IPv4)? Learning this early can help prevent problems from re-creating themselves.

The next thing to do is to make sure that your system is using a trusted DNS server, like 8.8.8.8 and 8.8.4.4 or 4.2.2.2 and 4.2.2.3 or OpenDNS's servers.

Does the issue also affect when you're using HTTPS?

See if checking these things ends up revealing a solution. If there is a network administrator other than yourself (like if you are at a company that has professional computer support), then report this to your network administrator. Otherwise, report this to your ISP (after figuring out the things I suggested you checked earlier). This is rather sounding like an issue that might not just be your local PC, and it may even be something happening at your ISP or upstream. In that case, they may be able to troubleshoot this easier than you, and many ISPs won't charge for the service (particularly if the troublesome equipment seems to be equipment that is not at your site). On the other hand, they might provide you with some indication that the problem is your equipment, at which time they will typically stop additional free troubleshooting until your equipment is fixed. (I'm referring to a lot of experience I've had with some various ISPs; I do imagine that different ISPs around the world could act different.)

TOOGAM

Posted 2015-01-18T12:14:03.997

Reputation: 12 651