Websites being redirected to yandex.ru

I'm having the same problem too, noticed it on my iPhone, since yesterday, but I think it is affecting my Internet satellite receiver too as it is failing to connect to server.

What I would like to add here since I'm in Jordan too is that it doesn't seem to be a zain WiMAX problem, I'm connected through Orange Adsl and using their wireless router.

It doesn't seem to be a virus either, not on the devices at least.

Not sure what's causing this redirect.

Hi

I live in Amman and I havethe same problems on a windows based pc. Actual from today on two PCs.

I am using Orange ADSLconnection plus another ADSL I do not know which one but different from Orangeand Zain 3G wireless. I get the same problems with all 3 connections.

I have tried almost allmalware scanners available but to no avail.

Hans

Hello Guys,

I suffered over the last two and a half weeks from the same problem.

My Network Setup:

2 X Windows Laptops

1 X IPAD

1 X IPOD

Zain Router Connecting over HSPA GSM network

I tried everything

• I ran scans using all descent Anti(malware/spyware/Virus) tools in hand.
• I deleted all internet cache/history/cookies on all browsers.
• I blocked the domain and sub-domains of (yandex.ru) in all browsers.
• I tried changing DNS settings on the router, which is impossible on Zain router through HSPA setting.
• I even upgraded the firmware and hard reset the router just to make sure the router is intact.

But nothing from the above sustained for more than couple of hours.

The Solution

The only thing which worked for me was the following:

Basically:

1) Delete all browsing history and cookies for all browsers.

2) Add a host entry “yandex.ru” pointing to the IP-Address “127.0.0.1” in your operating system’s “hosts” file. (make sure this is the only entry).

Detailed solution:

STEP1) Clear internet cache/history/cookies on all browsers, and temp folders. You can do it manually or you can use a utility, I used CCleaner v3.14, it works for PC and there is also a release for Mac.

You can find CCleaner from below link:

http://www.piriform.com/ccleaner

STEP2) Edit the “hosts” file on your OS and add host “yandex.ru” with value “127.0.0.1”

Windows users:

• Browse to folder “C:\Windows\System32\drivers\etc\”
• Open file “hosts” using notepad and add the following line at the end:

  127.0.0.1 yandex.ru

For More details on how to manage hosts file, visit the link http://accs-net.com/hosts/how_to_use_hosts.html

I attached an image capture of my “hosts” file.

Mac OS X Users:

(you need the root password for below practice)

Add the following entry at the end of your “hosts” file

• 127.0.0.1 Yandex.ru

For more details please read both below links carefully,

"Please acquire technical assistance if you are NOT sure of what you are doing."

http://decoding.wordpress.com/2009/04/06/how-to-edit-the-hosts-file-in-mac-os-x- leopard/

http://support.apple.com/kb/TA27291

My Opinion

Our Ignorant ISPS’ DNS servers "most probably" where hacked by a Russian geek who really caused us this headache.

Driving our browsers to redirect to the stupid Russian search engine.

The Media

Zain admitted “In a way” that they do have a problem and they are working on a "solution" and occasionally injected an "apology-like" html page within some Zain customer browses telling their customers that they (the customers) are infected with a malware and they need to delete the browsing history.

Zain referenced both below News about the case:

.

English version from Jordan Times: http://insurance-technology.tmcnet.com/news/2011/12/16/6000415.htm

Arabic version from (Khabberni News): http://www.khaberni.com/more.asp?ThisID=66214&ThisCat=1

I Hope this helps

Regards

Hani..

THE ULTIMATE SOLUTION SO FAR
(for ones how have a Zain HSPA Wireless Routers)

Ok, my first solution would be fine for people who have a Machine running Windows or Mac OS X and have the experience and time to play around with core system settings.

That wouldn’t be so great for IPad, IPhone & IPod users since this needs JailBreaking and manipulating the system files inside IOS.

IF you have an HSPA Router, do the following:

1. In your browser open http://192.168.1.1 and Logon to your to your router.
   Default username/password are admin/zain, unless previously changed.
2. Select the “Security” tab from the menu. See Arrow (A) in below Figure.
3. Select the “Internet Access Policy” tab from the menu. See Arrow (B) in below Figure.
4. Enter the Policy Name in the text box, I named it “Deny Yandex”. See Point (1) in below Figure.
5. Make sure “Status” is Enabled. Point (2) in below Figure.
6. Set “Access Restriction” to Allow. Point (3) in below Figure.
7. Make Sure “Schedule” is Checked on “Everyday” and “24 Hours” Point (4) in below Figure.
8. Enter “yandex.ru” in “URL 1” to block it. Point (5) in below Figure.
9. Scroll all the way down and click “Save Settings” button.
10. Wait 15 seconds until settings are saved and page refreshes.

P.S. DO NOT FORGET TO CLEAR HISTORY AND COOKIES ON ALL BROWSERS AND ALL DEVICES ON YOUR HOME NETWORK

Enjoy smooth browsing.

If you have successfully applied above steps in your router, then you wouldn’t need any modification on “hosts” file inside your operating systems since this will block all your network traffic to yandex.ru.

Kandelfire, tell me if this works for you since you have opened the discussion and you do have an HSPA router.

Regards

Hani.

I had this problem, turns out the OmniBrowser extension on Safari was my problem. The default search engine was set to Yandex.ru. Removed that extension and the problem went away. From the looks of it, this may not help most people above, but I thought I might share.

Yep, same here. Thought it was malware of some kind, but Sean's right. My Extensions had OmniBar in there, and the Russian dev put locals on default. I chose another default search, problem solved.