Websites being redirected to yandex.ru

Hello Guys,

I suffered over the last two and a half weeks from the same problem.

My Network Setup:

2 X Windows Laptops

1 X IPAD

1 X IPOD

Zain Router Connecting over HSPA GSM network

I tried everything

• I ran scans using all descent Anti(malware/spyware/Virus) tools in hand.
• I deleted all internet cache/history/cookies on all browsers.
• I blocked the domain and sub-domains of (yandex.ru) in all browsers.
• I tried changing DNS settings on the router, which is impossible on Zain router through HSPA setting.
• I even upgraded the firmware and hard reset the router just to make sure the router is intact.

But nothing from the above sustained for more than couple of hours.

The Solution

The only thing which worked for me was the following:

Basically:

1) Delete all browsing history and cookies for all browsers.

2) Add a host entry “yandex.ru” pointing to the IP-Address “127.0.0.1” in your operating system’s “hosts” file. (make sure this is the only entry).

Detailed solution:

STEP1) Clear internet cache/history/cookies on all browsers, and temp folders. You can do it manually or you can use a utility, I used CCleaner v3.14, it works for PC and there is also a release for Mac.

You can find CCleaner from below link:

http://www.piriform.com/ccleaner

STEP2) Edit the “hosts” file on your OS and add host “yandex.ru” with value “127.0.0.1”

Windows users:

• Browse to folder “C:\Windows\System32\drivers\etc\”
• Open file “hosts” using notepad and add the following line at the end:

  127.0.0.1 yandex.ru

For More details on how to manage hosts file, visit the link http://accs-net.com/hosts/how_to_use_hosts.html

I attached an image capture of my “hosts” file.

Mac OS X Users:

(you need the root password for below practice)

Add the following entry at the end of your “hosts” file

• 127.0.0.1 Yandex.ru

For more details please read both below links carefully,

"Please acquire technical assistance if you are NOT sure of what you are doing."

http://decoding.wordpress.com/2009/04/06/how-to-edit-the-hosts-file-in-mac-os-x- leopard/

http://support.apple.com/kb/TA27291

My Opinion

Our Ignorant ISPS’ DNS servers "most probably" where hacked by a Russian geek who really caused us this headache.

Driving our browsers to redirect to the stupid Russian search engine.

The Media

Zain admitted “In a way” that they do have a problem and they are working on a "solution" and occasionally injected an "apology-like" html page within some Zain customer browses telling their customers that they (the customers) are infected with a malware and they need to delete the browsing history.

Zain referenced both below News about the case:

.

English version from Jordan Times: http://insurance-technology.tmcnet.com/news/2011/12/16/6000415.htm

Arabic version from (Khabberni News): http://www.khaberni.com/more.asp?ThisID=66214&ThisCat=1

I Hope this helps

Regards

Hani..

THE ULTIMATE SOLUTION SO FAR
(for ones how have a Zain HSPA Wireless Routers)

Ok, my first solution would be fine for people who have a Machine running Windows or Mac OS X and have the experience and time to play around with core system settings.

That wouldn’t be so great for IPad, IPhone & IPod users since this needs JailBreaking and manipulating the system files inside IOS.

IF you have an HSPA Router, do the following:

1. In your browser open http://192.168.1.1 and Logon to your to your router.
   Default username/password are admin/zain, unless previously changed.
2. Select the “Security” tab from the menu. See Arrow (A) in below Figure.
3. Select the “Internet Access Policy” tab from the menu. See Arrow (B) in below Figure.
4. Enter the Policy Name in the text box, I named it “Deny Yandex”. See Point (1) in below Figure.
5. Make sure “Status” is Enabled. Point (2) in below Figure.
6. Set “Access Restriction” to Allow. Point (3) in below Figure.
7. Make Sure “Schedule” is Checked on “Everyday” and “24 Hours” Point (4) in below Figure.
8. Enter “yandex.ru” in “URL 1” to block it. Point (5) in below Figure.
9. Scroll all the way down and click “Save Settings” button.
10. Wait 15 seconds until settings are saved and page refreshes.

P.S. DO NOT FORGET TO CLEAR HISTORY AND COOKIES ON ALL BROWSERS AND ALL DEVICES ON YOUR HOME NETWORK

Enjoy smooth browsing.

If you have successfully applied above steps in your router, then you wouldn’t need any modification on “hosts” file inside your operating systems since this will block all your network traffic to yandex.ru.

Kandelfire, tell me if this works for you since you have opened the discussion and you do have an HSPA router.

Regards

Hani.

If you haven't changed the default password on your Wimax router, or if you didn't change it to a very secure one, it's possible that someone has hacked it and changed the DNS server settings in the router. You should check DNS settings on BOTH wireless routers.

I have the same problem in Amman JO, traffic on all devices connected to the router are getting redirected to yandex.ru. My wireless broadband ISP which uses Wimax technology have told me that I need to clear history cache etc and clear the %temp% folder however nothing has worked so far. The problem became too annoying I had to get a backup connected that works beautifully now. I am still experiencing difficulties using my main connection as 95% of my traffic gets channelled to russian spider search engine site.

I have used free and paid public DNS services, tried using private DNS servers of a friend of mine on the device trying to access the web itself, the wireless router, and on the Wimax gateway but I keep getting the same results.

Could the problem be with the router itself? I did a 30-30-30 hard reset and it wont go away. My 2 desktops, visitors laptops, many iDevices and my video gaming console all can't seem to be able to get rid of the problem.

If you do figure out any time please update the thread!

Do you have similar problems when you're not on your home network? For example, try on your friend's network and see if you experience the same thing. Similarly, what happens if your friend tries to connect from your home network?

I ruled out the local dns problem, dns on the wireless router (Asus rtn16), all is well. also all the devices are clean.

I believe that the problem is inside the wimax gateway provided by my isp. I am testing 3 troubled devices on a new connection and they're working properly. I also introduced a completely new, untouched device to the troubled network and traffic became troubled immediately as if the device has been infected with the same problem.

Try changing dns by accessing the webpage of the wimax gateway, you can add new dns servers but the problem will stay I believe. I am going to try channel all traffic through a VPN server and see how it goes

Temporary solution proposed by zain technical support after a big fight over the phone... (works just fine)

Add yandex.ru to the List of blocked websites under the settings/options menu in the security section, this needs to be done for each browser you use. Whether ur cache is cleared or not, you will be able to avoid the sudden redirection to yandex. Your browser will show a notification that yandex has been blocked (it will block it three attempts of redirection, I took the three yandex.ru/*********** blocked sites and added them in full to the list of blocked sites under the security section in each and every browser on every single device accessing the hspa+ gateway)

My browsing is a **** lot easier now, speed though went a little down, not a problem for me as long as I can get things done)

Tech support promised a permanent solution the coming week.

I still haven't had the chance to try the VPN option. Will give it a shot and update the thread

My Grandma knows more than Zain Technical Support.

To fix this annoying DNS redirect just do tho following

- Go to system prefrences -> Network

- Delete the active en3 connection

- disable the ipv6 - make it off

- unplug the zain usp and plug it in again and connect.

this will clear the cache between you and the ISP and renew the DNS settings.

Cheers,

Amer Dababneh

Amér., couldnt really do this on the wimax gateway, or on any iOS powered device. Using new dns servers and blocking the www solved it for me. It could also be that the problem has been corrected somewhere else at zains end. I do agree their tech support has very little capability to solve serious issues.

Are you the same amer dababneh from ages ago on irc?

M. Obeidat

Go to Network Settings > airport > Advanced > TCP/IP and click on Renew DHCP

and put the Configure IPv6 to OFF , Then clear the browsers cash > reset the router.

Hope this gonna work.

Yes am the same Amer lol . Wait enta Yah00? lol

I'm having the same problem too, noticed it on my iPhone, since yesterday, but I think it is affecting my Internet satellite receiver too as it is failing to connect to server.

What I would like to add here since I'm in Jordan too is that it doesn't seem to be a zain WiMAX problem, I'm connected through Orange Adsl and using their wireless router.

It doesn't seem to be a virus either, not on the devices at least.

Not sure what's causing this redirect.

Hi

I live in Amman and I havethe same problems on a windows based pc. Actual from today on two PCs.

I am using Orange ADSLconnection plus another ADSL I do not know which one but different from Orangeand Zain 3G wireless. I get the same problems with all 3 connections.

I have tried almost allmalware scanners available but to no avail.

Hans