cloudy cloudy

Author Topic: 3in1 page highjacked by i.trkjmp.com (SOLVED SORTA)  (Read 2219 times)

0 Members and 1 Guest are viewing this topic.

Offline mikeym

  • Posts: 1,305
  • Thornhurst, Pa USA
  • OS/Browser:
  • Win 7/Srvr 2008R2
  • Firefox 19.0
    • MikeyMs Thornhurst,PA Weather
3in1 page highjacked by i.trkjmp.com (SOLVED SORTA)
« on: March 29, 2013, 02:14:21 PM »
This just showed up a couple of days ago. When the 3in1 script loads after about 3 secs I get a page with "| Bookmark page (CTRL-D)" and it appears that it's trying to load data from i.trkjmp.com. This is a known malware site. I've run Malwarebytes and several anti virus programs with the same results. I've tried numerous fixes as suggested in Google searches with the same results. It only does this with FireFox or Chrome. IE works correctly. I've taken the link off of my flyout-menu, but the link is http://mikeymsweather.com/wx3in1.php
Any suggestions would be GREATLY appreciated.

Thanks

 :?

MikeyM
« Last Edit: March 30, 2013, 11:40:00 PM by mikeym »
http://mikeymsweather.com/

Another VERY Happy WD user
Shuttle XS36v4 8 GB RAM
Davis Vantage Pro 2 wireless w/ Davis solar sensor
Laser Snow Depth Sensor LR4/Fluke 414D working in WD thanks to Brian

Offline Budgie

  • Martin
  • Global Moderator
  • Posts: 6,026
  • CWOP: CW7959
  • Lochaber, Scotland
  • OS/Browser:
  • Win XP
  • MS IE 8.0
    • Lochaber-Weather
Re: 3in1 page highjacked by i.trkjmp.com
« Reply #1 on: March 29, 2013, 03:52:52 PM »
Have you checked your 3in1 page script for the code?
It's more than likely to be on there than in your browser and if you find something then re-upload the page if you have a copy on your PC and then change your FTP and account passwords.

Offline niko

  • syzygy
  • Global Moderator
  • Posts: 28,246
  • Crystal Ball broken! Please post the URL.
  • Northern California, U.S.A.
  • OS/Browser:
  • Win 7/Srvr 2008R2
  • MS IE 9.0
Re: 3in1 page highjacked by i.trkjmp.com
« Reply #2 on: March 29, 2013, 04:41:09 PM »
Googling for i.trkjmp it looks be a PC malware problem, is that the only page that ever shows the message?

Offline mikeym

  • Posts: 1,305
  • Thornhurst, Pa USA
  • OS/Browser:
  • Win 7/Srvr 2008R2
  • Firefox 19.0
    • MikeyMs Thornhurst,PA Weather
Re: 3in1 page highjacked by i.trkjmp.com
« Reply #3 on: March 29, 2013, 05:03:04 PM »
Budgie, Yes I've checked the script and even deleted it on the server and reloaded it.

Niko, yes definitely appears to be malware, but Malwarebytes isn't finding anything and yes, it only shows up on that one page

Thanks for looking.

MikeyM
http://mikeymsweather.com/

Another VERY Happy WD user
Shuttle XS36v4 8 GB RAM
Davis Vantage Pro 2 wireless w/ Davis solar sensor
Laser Snow Depth Sensor LR4/Fluke 414D working in WD thanks to Brian

Offline mikeym

  • Posts: 1,305
  • Thornhurst, Pa USA
  • OS/Browser:
  • Win 7/Srvr 2008R2
  • Firefox 19.0
    • MikeyMs Thornhurst,PA Weather
Re: 3in1 page highjacked by i.trkjmp.com
« Reply #4 on: March 29, 2013, 05:54:01 PM »
OK I removed all subdirectoies on the server relating to the 3in1 script and reinstalled everything on the server relating to the 3in1 scripts with the same results.

MikeyM
http://mikeymsweather.com/

Another VERY Happy WD user
Shuttle XS36v4 8 GB RAM
Davis Vantage Pro 2 wireless w/ Davis solar sensor
Laser Snow Depth Sensor LR4/Fluke 414D working in WD thanks to Brian

Offline Martyn

  • Davis VP2+ FARS/solar/UV
  • Posts: 996
  • Bristol, UK
  • OS/Browser:
  • Win 7/Srvr 2008R2
  • Firefox 19.0
    • Horfield/Filton, Bristol, UK weather station
Re: 3in1 page highjacked by i.trkjmp.com
« Reply #5 on: March 29, 2013, 06:35:39 PM »
Sounds like an .htaccess file in a directory is infected with a trojan and redirecting to the malware site? It may have been put there by a "backdoor" by the hackers. Once you have cleaned up any .htaccess files then check your directories for any php page names that you don't recognise (e.g. random characters).
« Last Edit: March 29, 2013, 06:39:15 PM by Martyn »
Martyn,
Bristol, UK

Twitter: https://twitter.com/HorfieldWeather
FB: https://www.facebook.com/bristolweather
CWOP: CW2888
WU: IBRISTOL3

Offline mikeym

  • Posts: 1,305
  • Thornhurst, Pa USA
  • OS/Browser:
  • Win 7/Srvr 2008R2
  • Firefox 19.0
    • MikeyMs Thornhurst,PA Weather
Re: 3in1 page highjacked by i.trkjmp.com
« Reply #6 on: March 30, 2013, 11:39:28 PM »
Thanks all
After hours and hours of troubleshooting this I just removed the 3in1 script from my site for now. Thanks

Cheers

 :(

MikeyM
http://mikeymsweather.com/

Another VERY Happy WD user
Shuttle XS36v4 8 GB RAM
Davis Vantage Pro 2 wireless w/ Davis solar sensor
Laser Snow Depth Sensor LR4/Fluke 414D working in WD thanks to Brian