Solved

How is the Help-Yield.net search site redirecting all Windows Browsers?

Posted on 2007-11-27
13
534 Views
Last Modified: 2013-11-05
I stumbled across an issue the other day, but can't figure out how it got there.   If you type an incorrect name in the address bar of Firefox, IE7, etc, instead of timing out, it sends you to a search site called wwwm.help-yield.net.  However, It only does this if the url is properly formatted.  For instance, www.askdjlkajsdjf.com will send you to this site, but ww.klksdas;d.ed  will not.  I've searched the reg and every file on my system and can find no reference.  For now, I just blocked it out... but I'd REALLY like to know what put it there in the first place.

Thanks in advance!

-Hawk
0
Comment
Question by:Hawk5471
  • 5
  • 3
  • 3
  • +1
13 Comments
 
LVL 30

Expert Comment

by:Marc Z
ID: 20357807
Perhaps it is part of your DNS servers response to bad requests.

help-yield.net is Registered through GoDaddy by DomainsByProxy, Inc found here.
http://www.domainsbyproxy.com/LegalAgreement.aspx 

Have you scanned your system for malware?

If you truly wanted to, you could add help-yield.net to your Hosts file.
http://www.mvps.org/winhelp2002/hosts.htm

0
 
LVL 97

Expert Comment

by:war1
ID: 20358744
Hello Hawk5471,

Some sites can highjack your location bar search.  Here is how to restore the search to Google.
http://blog.taragana.com/index.php/archive/how-to-change-your-firefox-location-bar-search-engine/

Hope this helps!
war1
0
 

Expert Comment

by:richler
ID: 20430154
I have the same problem.  Blocking the redirection to wwwm.help-yield.net just makes my navigation end with an Unable to connect because the URL goes back to loopback.  I can nslookup the IP address of the URL and sucessfully use the IP address to get to the site, but that's quite an annoyance.  Not sure what I've picked up.  I've searched for malware and run hijack this (admittedly didn't really know what I was looking at) and don't seem to see anything wrong.  It only happens when I'm using my VPN, which is odd and only on my network at home.  Any other ideas out there?  My DNS (through my VPN) is always able to resolve the addresses.  It doesn't happen when my router is the DNS.  I'm not a windows guy nor much of a networking guy.  How can I trace what's happening in the browser when I type a URL and hit enter?
Thanks...Bill
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 
LVL 30

Expert Comment

by:Marc Z
ID: 20430887
One more thing I forgot, have you opened Internet Options and gone to Advanced and gone down to Search From the Address Bar and select the "Do not search from the Address Bar."

See if that helps.
0
 

Author Comment

by:Hawk5471
ID: 20433728
Maybe I should add a little more information here.  I had already went through pretty much all of the things listed above before I posted the question.  I also tracked them back to Godaddy, checked for malware, and all that.  I'm showing no malware... and I've ran everything from McAfee, to Hijackthis, and all the other normal scanners.  Nothing!   I ALWAYS turn off "search from address bar" in all my browsers.
The only thing I could figure was either they have a deal with my ISP or they hijacked their DNS servers somehow.

Originally, I just blocked that site into my host files, but then it started redirecting to another site of theirs.  Then I set up domain and a few other rules in my firewall and added a full host file from http://www.mvps.org/winhelp2002/hosts.htm and that seems to have stop it.

I guess the real question is... If they don't have a deal with the ISP, then how are the hijacking the browser search (or DNS)?  Considering Richler stated he has the same problem. I don't think it's a local provider issue here.

Thanks for all help so far, I really appreciate it!

     -Hawk




0
 
LVL 30

Accepted Solution

by:
Marc Z earned 125 total points
ID: 20434080
Let's try something different.

We're going to change your dns server.


See the instructions here to change your DNS server to OpenDNS and test out your browsers.
https://www.opendns.com/start

I overlooked your initial post about help-yield.net isn't www. , but wwwm.

That indicates to me that somewhere, most likely on your system, you do have a malware problem.

Unless richler and you can verify having the same DNS servers or ISP's, that would indicate similar malware on your machines, to me.

You mentioned Mcafee and HijackThis and now your mvps Hosts file has stopped it, which is good, but I would be curious, if this were my machine and test with more AntiSpyware programs.  Like Superantispyware http://www.superantispyware.com/

MS Defender http://www.microsoft.com/athome/security/spyware/software/default.mspx Free
Lavasoft Adaware  http://www.lavasoftusa.com/software/adaware/ Free
Spybot Search & Destroy  http://www.safer-networking.org/en/download/ Free
Spysweeper http://www.webroot.com/ Not Free but 14 day trial
Spyware Guard http://www.javacoolsoftware.com/spywareguard.html Freeware/shareware
Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html Free/shareware

My AV of choice is Avast at www.avast.com both a free version and a professional.
And of course, grab both an Antispyware and an AntiVirus programs, by www.free.grisoft.com called AVG. (2 different programs)
0
 
LVL 30

Expert Comment

by:Marc Z
ID: 20434086
By the way, you will have to rename your Hosts file IF you desire to test it out with a new DNS seeing as how that is already fixing your error.
0
 

Assisted Solution

by:richler
richler earned 125 total points
ID: 20442621
First, I seemed to determine early that this isn't browser related as I've seen the same problem with IE6, FF 0.6 and 2.11) and Opera.  Over the weekend,  I ran through a battery of spyware/virus tests and have been unable to detect anything wrong.  I have found that when using my VPN's DNS list, there is occasionally an initial timeout in attempting to resolve addresses, followed by a success (using nslookup).  This <seems> to coincide with the redirection to wwm.help-yield.net in my browser.  Once successful in the browser though, it appears to be using cache, as the redirection doesn't occur again.  When I'm not using my VPN's DNS, the resolution is coming from my router which is on the same subnet and thus no delay in resolving, thus never a redirection.  So, as I'm not a broser hack/guru, I don't know what goes on inside but it appears that if there's any delay in resolving the address, they immediately redirects..  The final bit of interest for now is that when not on my home network, I don't see the problem.  This is odd given that the VPN address is still not native.  I'm assuming that this is related to my rather poor performing ISP, regardless of the fact that I pay for their fastest internet service.

So if anyone can tell me how to tell the browsers to be a bit more patient, that would be a good next step.

Many thanks to all who've tried to help.  The list of anti-spyware that was provided will be retained and passed along to family members who think that because I work with AIX, I must be a Wintel guru ;-)
0
 

Author Comment

by:Hawk5471
ID: 20465352
I'm going to try a few other in-depth tests to see if I can find anything else.
0
 
LVL 97

Expert Comment

by:war1
ID: 20465401
Hawk5471, keep us updated on the tests.
0
 

Author Comment

by:Hawk5471
ID: 20486578
OK... I finally got in touch with someone at my ISP that knew the scoop.  This is a 3rd party search engine that my ISP is testing!  Apparently, this company and several other search engines are contacting ISP's and working out deals to include them in their DNS.  Nice, eh?

Even the first tech support guy I talked to wasn't aware they were doing this.  He spent quite a bit of time trying to figure out why it was happing on his end too!  Finally, someone informed him.

Richler and Mtz both indicated it was a DNS problem, so I feel the points should go to you both for your help.
0
 
LVL 30

Expert Comment

by:Marc Z
ID: 20486802
Thanks for the update Hawk5471.

As I noted before, if you don't like it, you can always use a different DNS like OpenDNS, but they have their own set of similar search results if you so desire.  This is the way they keep their services free.  But at the same time, your ISP is now making money, it seems, (I may be mistaken)  by doing this as well.
0
 

Expert Comment

by:richler
ID: 20495229
Hawk, nice job.  I assume my ISP is doing the same.  That certainly explains why I didn't see it while on the road, only at home.  Kudos.  And thanks for the assistance points.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After uninstalling Opera browser (for example ver. 10.63), your attempts to open a web page by clicking on a URL link may fail with an error message.  The error is "This operation has been canceled due to restrictions in effect on this computer. Ple…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now