Observation about Newegg links

[spirit]

I can browse to Newegg.com in my browser by typing newegg.com into the address bar on Chrome and it works just fine. However, when I click on a link on here that should take me to Newegg I can never navigate to the site. Interesting that both Trend and Web of Trust block the link and looking in the address bar, Newegg links are actually going to 'dpbolvw.net' which looks like a redirecting website or something: https://www.mywot.com/en/scorecard/dpbolvw.net#page-2

Anybody else with Web of Trust installed experiencing this? Looks like even if I remove it or add a exception I'll need to do the same in Trend. Anybody with a different AV experiencing this?

Edit: I moved my thread to Computer Security, seems more appropriate for this than OT.

 

[johnb35]

You know how to check your hosts file and proxy setting? You are definitely infected with something.

 

[ian]

This site uses viglink.com to earn a commission from any sales. It turns out to be a really small amount which doesn't come close to covering Web hosting costs.
It is a reputable company owned by Google ventures.
If you click on Newegg it will go through an affiliate link at viglink.com
dpbolvw.net seems to be owned by value click media which I think is associated with cj.com commission Junction which runs the affiliate program for Newegg so I don't think it is malicious. People are mentioning that is happening to them on some of the big tech forums like xda developers and a few other big tech sites. It is possible viglink goes to the dpbolvw.net website before going to Newegg.

 

[spirit]

Hosts file looks OK?

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#    127.0.0.1       localhost
#    ::1             localhost

Malwarebytes scan has come out clean.

 

[voyagerfan99]

Yup host file is clean.

 

[johnb35]

Yeah, host file is clean. I run WOT but never see anything like that when clicking on newegg links unless its just because you are in the UK???

 

[spirit]

Yeah, host file is clean. I run WOT but never see anything like that when clicking on newegg links unless its just because you are in the UK???

It could be I guess. As Ian said, looks like it's a redirect/commissions site. I'm going to try it on a PC without WOT or Trend and see what happens, see if I get taken to that site or the Newegg link.

 

[Agent Smith]

Junkware Removal Tool, SUPERAntiSpyware, ADwcleaner. Then try Hijackthis, run the log file through this site: http://www.hijackthis.de/en Check out Freefixer and go through everything. If you see something you think might be suspicious click to get more information. Be very careful as to not delete something you shouldn't.

All else fails boot a Bitdefender Rescue disk. Make sure you have Internet access to update the definitions.


Next time run your browser in Sandboxie, or use Voodoo Shield, Anti executable, or even Deep Freeze.

 

[SpriteMidr]

@spirit it is not to do with any system you are using like trend or a proxy or something? (Dumb comment, but worth checking)

edit: just realised you said you are gonna try that, sorry, didnt read that bit -.-

Carry on :3