When I try to log into one of my credit card accounts I get redirected to some other sites. It only happens to this one account when I try to access the site from my desktop, doesn't do it on my phone. I've deleted cookies and run Malaware Bytes and get the same results.

Looking for suggestions what I need to do to correct this.

Thanks.

Redirected or sent straight to a different site?

Http://bank.com becomes
Https://bank.com becomes
Http://differentiate.com ?

Or does your browser say bank.com in the URL but the display a different site?

What computer are you on?

It’s Barclayus goes to this may take a moment then to either clickcomfirmation or a tumblr site (completely different site and address). It’s an Asus desktop with windows 10.

I agree that it is very suspicious then. I’m not a Windows 10 person, so I can’t offer specific advice for that, but I would be changing important passwords.

You've got a redirect virus or browser hijack PUP. Basically you'll need to manually uninstall the unwanted program, then run Malwarebytes again.

May be helpful: How To Remove Adware, Pop-up Ads & Malware From Microsoft Edge

Get adwcleaner from malwarebytes’ website. Run that.

quote:

Originally posted by drabfour:
It’s Barclayus goes to this may take a moment then to either clickcomfirmation or a tumblr site (completely different site and address). It’s an Asus desktop with windows 10.

Are you spelling it correctly?

It’s Barclaysus...

https://www.securebanking.barc...95-F86D-C52ADCAE875B

At some point, you dropped the s off of Barclays.

All the websites I find with Barclays have the s.

Delete anything you have without the S and retype it with the s and try again.

quote:

Originally posted by sig2392:
At some point, you dropped the s off of Barclays.

All the websites I find with Barclays have the s.

Delete anything you have without the S and retype it with the s and try again.

Just a typo in this post. I visit it often so it already comes up correctly in the address bar.

Try using a different browser on the desktop. If that works ok, then use the browser that gives you trouble in its safe mode with all plugins and browser extensions disabled. Might give you an idea where the problem’s coming from.

^^^ yes same on both Chrome and Yahoo.

Here's a question for networking wizards: Could drabfour's problem have anything to do with a malicious DNS server?

I have barely enough knowledge in this area to ask questions, certainly not enough to answer them.

If you are running a windows machine, a HOSTS file may have been altered maliciously to direct requests to some other site.

I have not personally experienced this but it is easy enough to check.

This article describes how to check it.
If you are not on windows, please disregard.

quote:

Originally posted by DonDraper:

quote:

Originally posted by drabfour:
It’s Barclayus goes to this may take a moment then to either clickcomfirmation or a tumblr site (completely different site and address). It’s an Asus desktop with windows 10.

Are you spelling it correctly?

Well damn apparently this WAS the problem I just ASSumed the correct spelling popped up when I typed it in the address bar as it usually does.

Thanks for all the suggestions. Off to the corner I go with my dunce cap.

quote:

Originally posted by V-Tail:
Here's a question for networking wizards: Could drabfour's problem have anything to do with a malicious DNS server?

I have barely enough knowledge in this area to ask questions, certainly not enough to answer them.

I went back searching for this thread to see what the resolution was, not being a Windows desktop person. I have, however, been a DNS person for a long time.

In short... yes. If an upstream DNS service returned an address that went to a bad site instead of the intended, that could certainly happen. Breaking into the DNS zone itself (such as barclaysus.com) is harder and usually more noticeable. Cache poisoning of a DNS service closer to the client is easier in some respects and less noticeable by Barclays, but still not some trivial matter.
Poisoning intervening network gear to send DNS queries to a bad actor has occurred. For example, 8.8.8.8 (Googles public DNS) queries suddenly being sent to China who gives results that direct financial sites to hacker sites).
A more likely play would be poisoning of a local cache on the client host itself, or built into the browser, via some downloaded malware, or an entry placed into a local hosts file (mentioned previously in the thread).
Routers can play a hand here. Either they are proving a DNS resolver service for internal clients, or just the fact that they see every packet that goes by and could craft a response. Router security is important.
DNS over HTTPS is a proposed standard that could address a few issues such as validating the source of the result. I wonder about scaling and performance in these scenarios, but I’m out of that service provider game at this point.