1

Sorry for the title, its hard to put the problem into proper words.

Basically, in Firefox or Chrome, I try to navigate to stackoverflow.com.

The request fails and the URL I see in the navigation bar is:

http://d2e24t2jgcnor2.webhostoid.com/Secure/Error?URL=http%3A%2F%2Fstackoverflow.com%2F&ResponseCode=504&user_id=5b5033d3-3543-4b7c-9844-055afde93841&uc=20140915&subid=20140915&source=browsersafeguard-rockettab-spigot&version=1.0.5370.12627&implementation_id=browsersafeguard-rockettab-spigot%20&block_host=False&reg=False&redirectms=True

This looks shady and my internet seems slower lately. I have a few questions:

  1. Why is my request going through this strange URL?
  2. Do the query parameters reveal my identity?
  3. How can I stop this?

I use my cell phone’s 3G network and tether it to my laptop.

unor
  • 3,196
pad
  • 121

3 Answers3

3

BrowserSafeguard with RocketTab is malware that gets installed surreptitiously when you load certain "free" software. This link describes the "product". See this link for additional information on how to remove it.

The gist of their removal procedure is to uninstall it from Windows and then run a number of anti-malware programs. The malware has a number of obnoxious features--adware, browser hijacker, and its virus engine--and they recommend a separate tool to eliminate each feature.

I never heard of the two they recommend running first and can't comment on their necessity or efficacy. You could always start with the last two and see it they solve the problem. The last two recommended programs are Malwarebytes Anti-Malware Free and HitmanPro, both well known, effective products.

fixer1234
  • 28,064
1

I had this issue as well. I struggled with it for 3 days - turns out I had ended up with something called 'Rocket Tab' which wouldn't let me open any websites at all! Looked for any new programs recently installed in my laptop and found rocket tab and deleted it. I can rest in peace now!

Cfinley
  • 1,435
trisha
  • 26
1

I experienced a similar issue with pages displaying references to d2e24t2jgcnor2.webhostoid.com if I mistyped a domain name. I found that GeniusBox adware bundled with Vuze had installed itself as a proxy server for both HTTP and HTTPS traffic on the system. It also installed a certificate titled "DO_NOT_TRUST_FiddlerRoot" in the root certificates list so that it could intercept HTTPS traffic without a warning being displayed to a user by his/her web browser that there was now a "man-in-the-middle" intercepting HTTPS traffic. I wonder if the GeniusBox developer(s) thought it funny to install a root certificate with "DO_NOT_TRUST" as part of the issuer name or just copied what was done for the Fiddler proxy server software that someone might install for debugging web connectivity issues without bothering to make any changes. For anyone else experiencing a similar problem, look for "GeniusBox" under "Uninstall or change a program" within the Windows Control Panel.

moonpoint
  • 5,268
  • 2
  • 21
  • 22