Beginning in the early hours of Sunday morning (Beijing time), the school network got hijacked by a redirect virus. The jackass responsible for doing this, of course, decided to use a page that seems to be legitmate as the page that the browsers (all of them, including the androids) are redirected to is a real service. I’m not fool enough to click on any of the links on the page. The other issue is that it’s mighty annoying. Of course, being a hijacking virus, there’s little doubt (if any) that leaving the bloody thing on the computers, cell phones, tablets, etc. connected to the school network will screw things and people over like there’s no tomorrow.
For those in the know on how to get rid of stuff like this, could you give me a “for dummies” answer to the following?
[ol][li]What are the step-by-step instructions for removing this scum from each known browser?[/li][li]What are the step-by-step instructions for removing this scum from android devices (cell phones and tablets)?[/li][li]What are the step-by-step instructions for removing this scum from iPads and iPhones?[/li][li]Why can’t the people who come up with these viruses be put in solitary confinement forever with no Internet or telephone access?[/ol][/li]
Okay. I’m just (half) kidding about #4, but I’ll really appreciate whatever information/instructions the TM here can lay on me.
FYI: A number of us teachers, both Chinese and foreign, reside in the staff dorms and have paid access to the school network. For those computers, we are not restricted from admin functions. For our work computers, we are restricted and only the IT department personnel have admin access. The school is a boarding school, so almost all the students live in the school dorms and, AFAIK, do not have access to the school network other than during class or study hall, during which they must use the school computers.
What the heck drives people to make malware anyway? :mad::mad::mad::mad:
It’s not a virus. Your DNS server is redirecting requests for yet-unknown reasons (many suspect Chinese government censorship), but the individual computers/phones have no malware on them, at least none that is causing this problem.
Thanks! Just yesterday, the school’s IT folks fixed my work computer. Today, during lunch, I took my own computer into the IT office for them to fix it. They did a stellar job on both.
I know that “government surveillance” along with “TGFWOC” is a popular candidate for slow connection/dropped connection/other computer problems (and deservedly so; even one rep to parliament last session said so on the floor–basically his point was that the blocking/slow speed are holding China back in the area of computer technology); however, I really do not think it is the culprit for this. If it were, even the “fix” would not work, other than driving people to use a VPN. And the widespread use of VPNs here, even by the Chinese populace is not exactly a secret. This thing catching the IT folks blindsided is a (possibly minor) point in favor of it not being government-directed. On the other hand, a point in favor of it being the culprit is that it did hijack pages on computers using the most popular VPN program in China.
Our IT department sent out this link (in Chinese) which provided a solution that is working for everyone so far.
Still on the androids, though; so looks like I’ll be doing some major backing up and then restoring. Drat.
Forgot something. Sadly, I cannot do a factory reset on my phone until June as I must be in Korea to restore the Kakaotalk–if I reset the phone, then the device recognition for that program goes away.
Well, damn. The fix does stop the site from loading, but now an occasional site will get redirected. What it ends up as is the wpkg(dot)org in the address bar and just a blank web page.
Apparently, the issue’s done and over with; at least, according to China Daily it is for now. You can probably safely disregard the infographic at the top of the page. The key is that the government (along with, presumably, “the Party”) and the Internet service providers here are aware that they have some security issues they need to get and keep fixed as their clientele aren’t just taking it lying down.
One nifty thing is that a few sites that had been previously blocked here are now not blocked. Of course, I haven’t tried accessing any web sites with my phone; however, my tablet is still hosed.