Link to home
Start Free TrialLog in
Avatar of MBisch
MBischFlag for United States of America

asked on

Internet Explorer constantly prompts to download file from login.dotomi.com

I've come across an issue that I can't seem to figure out.
So far, I've noticed that this only happens with the website kohls.com.
When using google to search it's common for the first few results to be paid ads. If I click the paid ad for Kohls, it goes to this URL

http://www.googleadservices.com/pagead/aclk?sa=L&ai=CHoxzMrYSVc-XLIqMpgPV24CYAuLjs7kGqtPxq8MB69ePCQgAEAFgya6wiPSjwBCgAfbItuUDyAEBqgQgT9B3DMwYq2jSBe29odSYLFZ0S8K8w1rPK6r18dpJFUeIBgGAB6eWcpAHA6gHpr4b2AcB&ohost=www.google.com&cid=5Gj-o9EliVi3m5PHd2y4NqY-y_c4nCrOXbz5Rs8m8E-FH9M&sig=AOD64_17mJmh0QmM1oSszqVET0Fnq27CYQ&rct=j&q=&ved=0CBsQ0Qw&adurl=http://clickserve.dartsearch.net/link/click%3Flid%3D43500000072369989%26ds_s_kwgid%3D58500000000879388%26ds_e_adid%3D52356290954%26ds_e_matchtype%3Dsearch%26ds_e_device%3Dc%26ds_url_v%3D2%26kwid%3D%5B*KeywordID*%5D%26utm_source%3Dgoogle%26utm_medium%3Dcpc%26utm_term%3DKohls%26utm_campaign%3D%7BCampaignName%7D%26UTM_Adgroupid%3D%5B*AdgroupID*%5D

Then redirects to

http://ad.doubleclick.net/clk;212511676;33909568;n;u=ds&sv1=72369989&sv2=2015032573&sv3=119502;%3fhttp://www.kohls.com/?pfx=pfx_google_roi&cid=bsolo&kwid=p72369989&utm_source=google&utm_medium=cpc&utm_term=Kohls&utm_campaign=%7bCampaignName%7d&UTM_Adgroupid=58500000000879388&gclid=CIfCvcTMw8QCFQYIaQodPZEAyQ&gclsrc=aw.ds

...and never actually goes to the Kohls website.

I've also noticed (but only when using Internet Explorer) that if I go directly to kohls.com, when I search for items I am constantly being prompted to download a file from login.dotomi.com. The file it asks to download is the exact same as the web page that is being viewed (no matter what page your viewing). See attached PDF

This is happening with Internet Explorer, Chrome and Firefox.

I have run several programs in an attempt to find out what might be causing this issue, but have not found a solution.
I have tried the following programs:
AVG
kapersky
malwarebytes
ccleaner
hitmanpro
combobox

I'm currently running a full scan with microsoft malicious software removal tool, but it's found nothing so far and it's over 50% complete.

I have checked the hosts file and nothing out of the ordinary there either.

What am I missing?
download.pdf
Avatar of Kimputer
Kimputer

Are you at home, or are you talking about a corporate network (which means you don't have access to DNS server, UTM devices or other network firewalls/filters/scanners).
Avatar of MBisch

ASKER

This is a home network, but also happens when I take the laptop to any other wifi hotspots, so I feel that it's something on the laptop itself.
Good catch, it's indeed the laptop itself (well, I'm about 99% sure).

Did you ever scan your laptop OUTSIDE of Windows (i.e. boot cd/usb). Usually if malware has the upper hand, scanning when Windows is already started is of no use.
Avatar of MBisch

ASKER

I have not tried scanning outside of windows. What do you suggest that I use?
Easiest to get are AVG boot cd/usb

http://www.avg.com/eu-en/download.prd-arl

Please note you should update (either by downloading manually and putting it on usb, then loading it after usb has been booted. Or if your network can be detected, you can do it online). Otherwise you're using a nov 2014 scanner.

Also try avira even if you found or didn't find any virusses:

http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/655
ASKER CERTIFIED SOLUTION
Avatar of MBisch
MBisch
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of MBisch

ASKER

It was the solution to my problem.