Solved

How is the Help-Yield.net search site redirecting all Windows Browsers?

Posted on 2007-11-27
13
532 Views
Last Modified: 2013-11-05
I stumbled across an issue the other day, but can't figure out how it got there.   If you type an incorrect name in the address bar of Firefox, IE7, etc, instead of timing out, it sends you to a search site called wwwm.help-yield.net.  However, It only does this if the url is properly formatted.  For instance, www.askdjlkajsdjf.com will send you to this site, but ww.klksdas;d.ed  will not.  I've searched the reg and every file on my system and can find no reference.  For now, I just blocked it out... but I'd REALLY like to know what put it there in the first place.

Thanks in advance!

-Hawk
0
Comment
Question by:Hawk5471
  • 5
  • 3
  • 3
  • +1
13 Comments
 
LVL 30

Expert Comment

by:mtz1of4
ID: 20357807
Perhaps it is part of your DNS servers response to bad requests.

help-yield.net is Registered through GoDaddy by DomainsByProxy, Inc found here.
http://www.domainsbyproxy.com/LegalAgreement.aspx

Have you scanned your system for malware?

If you truly wanted to, you could add help-yield.net to your Hosts file.
http://www.mvps.org/winhelp2002/hosts.htm

0
 
LVL 97

Expert Comment

by:war1
ID: 20358744
Hello Hawk5471,

Some sites can highjack your location bar search.  Here is how to restore the search to Google.
http://blog.taragana.com/index.php/archive/how-to-change-your-firefox-location-bar-search-engine/

Hope this helps!
war1
0
 

Expert Comment

by:richler
ID: 20430154
I have the same problem.  Blocking the redirection to wwwm.help-yield.net just makes my navigation end with an Unable to connect because the URL goes back to loopback.  I can nslookup the IP address of the URL and sucessfully use the IP address to get to the site, but that's quite an annoyance.  Not sure what I've picked up.  I've searched for malware and run hijack this (admittedly didn't really know what I was looking at) and don't seem to see anything wrong.  It only happens when I'm using my VPN, which is odd and only on my network at home.  Any other ideas out there?  My DNS (through my VPN) is always able to resolve the addresses.  It doesn't happen when my router is the DNS.  I'm not a windows guy nor much of a networking guy.  How can I trace what's happening in the browser when I type a URL and hit enter?
Thanks...Bill
0
 
LVL 30

Expert Comment

by:mtz1of4
ID: 20430887
One more thing I forgot, have you opened Internet Options and gone to Advanced and gone down to Search From the Address Bar and select the "Do not search from the Address Bar."

See if that helps.
0
 

Author Comment

by:Hawk5471
ID: 20433728
Maybe I should add a little more information here.  I had already went through pretty much all of the things listed above before I posted the question.  I also tracked them back to Godaddy, checked for malware, and all that.  I'm showing no malware... and I've ran everything from McAfee, to Hijackthis, and all the other normal scanners.  Nothing!   I ALWAYS turn off "search from address bar" in all my browsers.
The only thing I could figure was either they have a deal with my ISP or they hijacked their DNS servers somehow.

Originally, I just blocked that site into my host files, but then it started redirecting to another site of theirs.  Then I set up domain and a few other rules in my firewall and added a full host file from http://www.mvps.org/winhelp2002/hosts.htm and that seems to have stop it.

I guess the real question is... If they don't have a deal with the ISP, then how are the hijacking the browser search (or DNS)?  Considering Richler stated he has the same problem. I don't think it's a local provider issue here.

Thanks for all help so far, I really appreciate it!

     -Hawk




0
 
LVL 30

Accepted Solution

by:
mtz1of4 earned 125 total points
ID: 20434080
Let's try something different.

We're going to change your dns server.


See the instructions here to change your DNS server to OpenDNS and test out your browsers.
https://www.opendns.com/start

I overlooked your initial post about help-yield.net isn't www. , but wwwm.

That indicates to me that somewhere, most likely on your system, you do have a malware problem.

Unless richler and you can verify having the same DNS servers or ISP's, that would indicate similar malware on your machines, to me.

You mentioned Mcafee and HijackThis and now your mvps Hosts file has stopped it, which is good, but I would be curious, if this were my machine and test with more AntiSpyware programs.  Like Superantispyware http://www.superantispyware.com/

MS Defender http://www.microsoft.com/athome/security/spyware/software/default.mspx Free
Lavasoft Adaware  http://www.lavasoftusa.com/software/adaware/ Free
Spybot Search & Destroy  http://www.safer-networking.org/en/download/ Free
Spysweeper http://www.webroot.com/ Not Free but 14 day trial
Spyware Guard http://www.javacoolsoftware.com/spywareguard.html Freeware/shareware
Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html Free/shareware

My AV of choice is Avast at www.avast.com both a free version and a professional.
And of course, grab both an Antispyware and an AntiVirus programs, by www.free.grisoft.com called AVG. (2 different programs)
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 30

Expert Comment

by:mtz1of4
ID: 20434086
By the way, you will have to rename your Hosts file IF you desire to test it out with a new DNS seeing as how that is already fixing your error.
0
 

Assisted Solution

by:richler
richler earned 125 total points
ID: 20442621
First, I seemed to determine early that this isn't browser related as I've seen the same problem with IE6, FF 0.6 and 2.11) and Opera.  Over the weekend,  I ran through a battery of spyware/virus tests and have been unable to detect anything wrong.  I have found that when using my VPN's DNS list, there is occasionally an initial timeout in attempting to resolve addresses, followed by a success (using nslookup).  This <seems> to coincide with the redirection to wwm.help-yield.net in my browser.  Once successful in the browser though, it appears to be using cache, as the redirection doesn't occur again.  When I'm not using my VPN's DNS, the resolution is coming from my router which is on the same subnet and thus no delay in resolving, thus never a redirection.  So, as I'm not a broser hack/guru, I don't know what goes on inside but it appears that if there's any delay in resolving the address, they immediately redirects..  The final bit of interest for now is that when not on my home network, I don't see the problem.  This is odd given that the VPN address is still not native.  I'm assuming that this is related to my rather poor performing ISP, regardless of the fact that I pay for their fastest internet service.

So if anyone can tell me how to tell the browsers to be a bit more patient, that would be a good next step.

Many thanks to all who've tried to help.  The list of anti-spyware that was provided will be retained and passed along to family members who think that because I work with AIX, I must be a Wintel guru ;-)
0
 

Author Comment

by:Hawk5471
ID: 20465352
I'm going to try a few other in-depth tests to see if I can find anything else.
0
 
LVL 97

Expert Comment

by:war1
ID: 20465401
Hawk5471, keep us updated on the tests.
0
 

Author Comment

by:Hawk5471
ID: 20486578
OK... I finally got in touch with someone at my ISP that knew the scoop.  This is a 3rd party search engine that my ISP is testing!  Apparently, this company and several other search engines are contacting ISP's and working out deals to include them in their DNS.  Nice, eh?

Even the first tech support guy I talked to wasn't aware they were doing this.  He spent quite a bit of time trying to figure out why it was happing on his end too!  Finally, someone informed him.

Richler and Mtz both indicated it was a DNS problem, so I feel the points should go to you both for your help.
0
 
LVL 30

Expert Comment

by:mtz1of4
ID: 20486802
Thanks for the update Hawk5471.

As I noted before, if you don't like it, you can always use a different DNS like OpenDNS, but they have their own set of similar search results if you so desire.  This is the way they keep their services free.  But at the same time, your ISP is now making money, it seems, (I may be mistaken)  by doing this as well.
0
 

Expert Comment

by:richler
ID: 20495229
Hawk, nice job.  I assume my ISP is doing the same.  That certainly explains why I didn't see it while on the road, only at home.  Kudos.  And thanks for the assistance points.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

It's here again; Microsoft is launching a new version of Internet Explorer: Internet Explorer 9, with noticeable changes on its interface, functions and new tools. As they say on its promotional video: "It's time to play, on a more beautiful web", f…
I recently found myself in a Corporate Situation where the client had requested blocking access to any and all websites except his own Domain? Easy? I am sure this would be your answer but their requirement was, this has to be done without using…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now