Browser problem – unable to access the BPS Pro download area

[Tony Payne]

For some reason the update options never show up on my Hostgator hosted sites, so I usually have to download the zip file and use the import option.

The past week I have gone to http://www.ait-pro.com/admin/ but it just takes me to the dashboard, and I can’t for the life of me see an option anywhere to download the update.

Is it me? I have cleared my browser cache.

[AITpro Admin]

Have you tried using the BPS Pro Manual Upgrade Check link on the WordPress Plugins page, which takes you to the Plugin Update Check Pro-Tool.

Something you have installed in your Browser or computer (not very likely) is breaking the redirect into the Secure Download Area.  Try turning off/disabling all Browser add-ons or extensions depending on whichever Browser you are using.

[Tony Payne]

Yes I tried doing the Manual Upgrade Check, tried it on both sites I am using, albeit with Chrome.  Will try using Firefox to see if I still get the problem.

Last time I downloaded the zip file and that installed fine, but this time I can’t see it to download. I wondered if the link in the upgrade notification email was correct, it goes to the wp dashboard, but I thought it ought to go to a download page.

———————-

Edited to add:  Doing a manual upgrade check in Firefox didn’t show a new version available either.

[AITpro Admin]

Your Browser is not going to matter when doing a BPS Pro upgrade check.  If your site is blocking communication (plugin, firewall, Proxy, Host IP block, etc) with the api.ait-pro.com API Server then you are not going to be able to get an update/upgrade notification or install BPS Pro from within your WordPress Dashboard.  Your site would need to be able to communicate successfully with our API server.

There is a redirect when you login to the main site / Secure Download Area.  If you are not being redirected then something you have installed in your Browser is breaking that redirect or if you are using a Proxy or VPN then you will not be redirected or something installed on your computer is breaking the redirect into the Secure Download Area.

[Tony Payne]

Thanks. I will look further in the morning.

[AITpro Admin]

What is a bit worrisome and may indicate that your computer Browser has been hijacked/hacked is that you are unable to be redirected when logging into the Secure Download Area.  The Secure Download Area has protection against Browser hijacks/hacks.  If your Browser is hijacked/hacked then the redirect will be intentionally stopped/prevented since this could potentially compromise the Secure Download Area.

Download and Install Trend Micro HijackThis on your computer and run it.
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Download and Install Malwarebytes on your computer and run it.
https://www.malwarebytes.org/downloads/

[Tony Payne]

Neither Malwarebytes or Hijackthis showed any problems on my laptop.

A piece of additional information, I just noticed this…

When I click on the dashboard options that come up with an incorrectly loading page, I could see a link/redirect to “best-deals-products dot com” which if I try to access it directly redirects to “superfish dot com” which is flagged by WOT.

I will try tomorrow from my work pc to see if I get the same results. I am thinking though that if I can just re-install that might be better.

[Tony Payne]

Well some good progress, the simple things done but still a long way to go.

From my work pc I was able to access the BPS Pro download area, so I downloaded the zip file.

On one of my two “good” sites I still couldn’t get it to recognise that there was a new version of BPS Pro, but the zip file installed ok. Now have that fully up to date.  On the other site the option to update did show, so that is now bang up to date as well.

I need to figure out what is causing my laptop to redirect to the wp-admin page instead of the download, and also why it won’t recognise the plugin needs to be updated. That’s odd. But Malwarebytes, AVG Free etc did not show any problems. Will maybe reset Chrome as it’s been running slow at times, but I can’t get to the download page in Firefox either on the laptop.

[AITpro Admin]

Browser problems can happen to all Browsers that you have installed on a computer since most things are centrally used by all your Browsers and/or get installed on all your Browsers.  HijackThis is a more advanced Browser checking tool that does not automatically tell you what is wrong or what you need to do, but it is a very extensive advanced Browser checking tool and will show everything that is loading/installed/hooked into, etc in your Browsers.

Download and run HijackThis and then post the results so I can see if anything is unusual is in your Browser.  Depending on your OS version you may need to run HijackThis as an Administrator.  To do that, right mouse click on the HijackThis.exe file and click on “Run as administrator”.

[AITpro Admin]

When I click on the dashboard options that come up with an incorrectly loading page, I could see a link/redirect to “best-deals-products dot com” which if I try to access it directly redirects to “superfish dot com” which is flagged by WOT.

What you stated above sounds like a typical/classic Browser hijack. 😉  After looking at those websites some more I think “legitimate” websites is not the correct term to use to describe these sites.  They are not directly/intentionally malicious, but I suspect that the redirect is due to something installed in your Browser that falls into the category of spyware/adware, such as the this known Superfish spyware/adware:  Superfish Window Shopper.

[Tony Payne]

I am thinking you may be right.

Although my scans have not shown any problems, Chrome has been experiencing Shockwave/Flash crashes regularly in the last few weeks, and the help suggests to delete the profile and to recreate it.

I am going to run HiJackThis again tonight and will post the results. Will then also create a new profile on Chrome.

Will also see what I can do about Firefox, since that also does not load pages correctly.

[AITpro Admin]

Before I got into Software stuff I did a decade+ of computer help desk stuff/Network Admin stuff/Network Engineering stuff so it’s kind of like breathing to me if you know what I mean. 😉

Yep, your Profile/Profiles will be contaminated, your Registry and some other areas of your computer, but if you manually remove the offending crap from your Profile/Profiles then that will normally stop whatever is occurring so that you can move forward with the rest of the crap cleanup.

Make sure your Browser is closed/shutdown.  You want to manually delete everything that is in these folders first so that something is not automatically reinstalled again while you are doing cleanup (Windows 7 – other OS systems are similar):

Users\[your admin profile name]\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Users\[your admin profile name]\AppData\Local\Temp\

Then look through all of your Profiles:  Local, LocalLow and Roaming for anything that looks like it should not be there.  If you have doubts then Google it.

When in doubt rename a folder before you delete it.  I like to rename folders with an underscore, which moves the folder up to the top of the directory/folder list.  Makes it easier to keep track of what you are doing.  Example:  Superfish renamed to _Superfish.

[AITpro Admin]

If my hunch is correct about what is going on with your laptop then before you do anything do these Google searches:  superfish spyware removal and window shopper adware removal.  This will give you a starting point to what you should be looking for or probably all the steps – step by step to remove this crap.

[Tony Payne]

I have reset Chrome by deleting the profile and letting it rebuild. I did allow it to sync so hopefully that hasn’t done any damage.

Below is the log from HijackThis. Hopefully nothing odd there, but if there is, it’s good to know so I can eliminate it.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:59:42 PM, on 8/18/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 30.0 (en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Cobian Backup 11\cbInterface.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Documents and Settings\Tony\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en-GB&source=mpes
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Cobian Backup 11 interface] "C:\Program Files\Cobian Backup 11\cbInterface.exe" -service
O4 - HKLM\..\Run: [XMouseButtonControl] C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe /notportable
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Tony\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0913b] C:\Documents and Settings\Tony\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid af820962881e47d3a3c4d1681a6196f6-4efb9d0a221ca9abc65eaea55febfccac4616b3c --CMPID 0913b
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_1A4BDEB44329684FAEA59C04FD1B2075] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1364296211072
O17 - HKLM\System\CCS\Services\Tcpip\..\{B94255E9-66BA-4480-832C-F1BA4ADED456}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 11\cbVSCService11.exe
O23 - Service: Cobian Backup 11 Gravity (CobianBackup11) - Luis Cobian, CobianSoft - C:\Program Files\Cobian Backup 11\cbService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8927 bytes

[AITpro Admin]

Everything looks good.  I don’t see anything obvious that is spyware or adware.

Just a general FYI – You may want to take a look at this serverfault topic on using Google’s DNS servers vs using your ISP’s DNS servers.  I assume Google’s DNS servers are going to be faster in the majority of cases, but just thought you might be interested in looking at this topic.

http://serverfault.com/questions/169279/should-i-use-my-isps-dns-or-googles-8-8-8-8

[Author]

Posts