asked on Internet Explorer constantly prompts to download file from login.dotomi.com
I've come across an issue that I can't seem to figure out.
So far, I've noticed that this only happens with the website kohls.com.
When using google to search it's common for the first few results to be paid ads. If I click the paid ad for Kohls, it goes to this URL
http://www.googleadservices.com/pagead/aclk?sa=L&ai=CHoxzMrYSVc-XLIqMpgPV24CYAuLjs7kGqtPxq8MB69ePCQgAEAFgya6wiPSjwBCgAfbItuUDyAEBqgQgT9B3DMwYq2jSBe29odSYLFZ0S8K8w1rPK6r18dpJFUeIBgGAB6eWcpAHA6gHpr4b2AcB&ohost=www.google.com&cid=5Gj-o9EliVi3m5PHd2y4NqY-y_c4nCrOXbz5Rs8m8E-FH9M&sig=AOD64_17mJmh0QmM1oSszqVET0Fnq27CYQ&rct=j&q=&ved=0CBsQ0Qw&adurl=http://clickserve.dartsearch.net/link/click%3Flid%3D43500000072369989%26ds_s_kwgid%3D58500000000879388%26ds_e_adid%3D52356290954%26ds_e_matchtype%3Dsearch%26ds_e_device%3Dc%26ds_url_v%3D2%26kwid%3D%5B*KeywordID*%5D%26utm_source%3Dgoogle%26utm_medium%3Dcpc%26utm_term%3DKohls%26utm_campaign%3D%7BCampaignName%7D%26UTM_Adgroupid%3D%5B*AdgroupID*%5D
Then redirects to
http://ad.doubleclick.net/clk;212511676;33909568;n;u=ds&sv1=72369989&sv2=2015032573&sv3=119502;%3fhttp://www.kohls.com/?pfx=pfx_google_roi&cid=bsolo&kwid=p72369989&utm_source=google&utm_medium=cpc&utm_term=Kohls&utm_campaign=%7bCampaignName%7d&UTM_Adgroupid=58500000000879388&gclid=CIfCvcTMw8QCFQYIaQodPZEAyQ&gclsrc=aw.ds
...and never actually goes to the Kohls website.
I've also noticed (but only when using Internet Explorer) that if I go directly to kohls.com, when I search for items I am constantly being prompted to download a file from login.dotomi.com. The file it asks to download is the exact same as the web page that is being viewed (no matter what page your viewing). See attached PDF
This is happening with Internet Explorer, Chrome and Firefox.
I have run several programs in an attempt to find out what might be causing this issue, but have not found a solution.
I have tried the following programs:
AVG
kapersky
malwarebytes
ccleaner
hitmanpro
combobox
I'm currently running a full scan with microsoft malicious software removal tool, but it's found nothing so far and it's over 50% complete.
I have checked the hosts file and nothing out of the ordinary there either.
What am I missing?
download.pdf
So far, I've noticed that this only happens with the website kohls.com.
When using google to search it's common for the first few results to be paid ads. If I click the paid ad for Kohls, it goes to this URL
http://www.googleadservices.com/pagead/aclk?sa=L&ai=CHoxzMrYSVc-XLIqMpgPV24CYAuLjs7kGqtPxq8MB69ePCQgAEAFgya6wiPSjwBCgAfbItuUDyAEBqgQgT9B3DMwYq2jSBe29odSYLFZ0S8K8w1rPK6r18dpJFUeIBgGAB6eWcpAHA6gHpr4b2AcB&ohost=www.google.com&cid=5Gj-o9EliVi3m5PHd2y4NqY-y_c4nCrOXbz5Rs8m8E-FH9M&sig=AOD64_17mJmh0QmM1oSszqVET0Fnq27CYQ&rct=j&q=&ved=0CBsQ0Qw&adurl=http://clickserve.dartsearch.net/link/click%3Flid%3D43500000072369989%26ds_s_kwgid%3D58500000000879388%26ds_e_adid%3D52356290954%26ds_e_matchtype%3Dsearch%26ds_e_device%3Dc%26ds_url_v%3D2%26kwid%3D%5B*KeywordID*%5D%26utm_source%3Dgoogle%26utm_medium%3Dcpc%26utm_term%3DKohls%26utm_campaign%3D%7BCampaignName%7D%26UTM_Adgroupid%3D%5B*AdgroupID*%5D
Then redirects to
http://ad.doubleclick.net/clk;212511676;33909568;n;u=ds&sv1=72369989&sv2=2015032573&sv3=119502;%3fhttp://www.kohls.com/?pfx=pfx_google_roi&cid=bsolo&kwid=p72369989&utm_source=google&utm_medium=cpc&utm_term=Kohls&utm_campaign=%7bCampaignName%7d&UTM_Adgroupid=58500000000879388&gclid=CIfCvcTMw8QCFQYIaQodPZEAyQ&gclsrc=aw.ds
...and never actually goes to the Kohls website.
I've also noticed (but only when using Internet Explorer) that if I go directly to kohls.com, when I search for items I am constantly being prompted to download a file from login.dotomi.com. The file it asks to download is the exact same as the web page that is being viewed (no matter what page your viewing). See attached PDF
This is happening with Internet Explorer, Chrome and Firefox.
I have run several programs in an attempt to find out what might be causing this issue, but have not found a solution.
I have tried the following programs:
AVG
kapersky
malwarebytes
ccleaner
hitmanpro
combobox
I'm currently running a full scan with microsoft malicious software removal tool, but it's found nothing so far and it's over 50% complete.
I have checked the hosts file and nothing out of the ordinary there either.
What am I missing?
download.pdf
Internet / Email SoftwareWeb Browsers
Last Comment
MBisch
Are you at home, or are you talking about a corporate network (which means you don't have access to DNS server, UTM devices or other network firewalls/filters/scanners
ASKER
This is a home network, but also happens when I take the laptop to any other wifi hotspots, so I feel that it's something on the laptop itself.
Good catch, it's indeed the laptop itself (well, I'm about 99% sure).
Did you ever scan your laptop OUTSIDE of Windows (i.e. boot cd/usb). Usually if malware has the upper hand, scanning when Windows is already started is of no use.
Did you ever scan your laptop OUTSIDE of Windows (i.e. boot cd/usb). Usually if malware has the upper hand, scanning when Windows is already started is of no use.
ASKER
I have not tried scanning outside of windows. What do you suggest that I use?
Easiest to get are AVG boot cd/usb
http://www.avg.com/eu-en/download.prd-arl
Please note you should update (either by downloading manually and putting it on usb, then loading it after usb has been booted. Or if your network can be detected, you can do it online). Otherwise you're using a nov 2014 scanner.
Also try avira even if you found or didn't find any virusses:
http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/655
http://www.avg.com/eu-en/download.prd-arl
Please note you should update (either by downloading manually and putting it on usb, then loading it after usb has been booted. Or if your network can be detected, you can do it online). Otherwise you're using a nov 2014 scanner.
Also try avira even if you found or didn't find any virusses:
http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/655
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
It was the solution to my problem.