xg4ken on Google shopping ads

m_bedoya
m_bedoya Posts: 3 New Member

Hi,

 

I've been using your VPN for a couple of weeks and I am observing xg4ken redirects on Google shopping ads. This happens on iOS and Windows 10 when the VPN is on. I had to remove it manually on Windows 10 but I don't know how to handle iOS and anyway the problem dissapears when the VPN is off so this is an issue with DNS lookups on your VPN.

 

Please look into this.

 

Thanks,

 

Mauricio

Comments

  • m_bedoya
    m_bedoya Posts: 3 New Member

    The problem still there in my Windows 10 machine when I turn on the VPN.  I have to turn it off to get to bestbuy.com following an ad on Google and when I turn it on it goes to a xg4ken page. 

     

    I also get the following if I try to go to BestBuy directly

     

    Inactivity Timeout


    Description: Too much time has passed without sending any data for document.

     

    -Mauricio

  • Ukko
    Ukko Posts: 3,961 Superuser

    Hello,

     

    Sorry for my reply.

     

    I not sure what is it "xg4ken" or "bestbuy.com" - but Google search able to give result that (at least, some months before your experience - else one user of F-Secure Freedome was with such trouble - he also registered there under community... most likely.... but probably did not ask about this trouble); You able to re-check such topics, where he pointed out some problems and where available some "solutions?!" (which was work for him):

     

    - General ask under Google-support

     

    - Some suggestions and potential solutions for troublestuck (under tenforums.com)

     

    - Some additional meanings (under some another forum)

     


    If I normally understand there suspected something as malware (or even more - malvertising), but based on some points and view - does it possible that there just bestbuy.com have some kind of "affiliative/ref"-programs; Which can be with many malicious, suspicious or rogue results.

    General potential meanings - that it work when you with Freedome - just because it create triggers for "track" you ... maybe as fresh user (while not using VPN... it kind of "remember" that there do not required any tricks). But it just potential suggestions.

     

    View that both situations about two certain websites and F-Secure Freedome (in somewhat reason) looks something... which should be with proper investigation.

     

    There most likely (and will be good) required proper official response from F-Secure Community Managers (and what if they already have proper advices, solutions or explanations) - but maybe you able try to contact F-Secure Support directly: https://www.f-secure.com/en/web/home_global/contact-support (not sure if it can be useful or helpful; but usually it not work with weekends?! - so - maybe it good to try today);

     

    Sorry for my reply.

     

    Thanks.

  • Hi m_bedoya,

     

    Could you please elaborate on your issue further? But based on your description, we do protect against these malicious xg4ken ads.

     

    Is your Browsing protection and Tracking protection turned on in Freedome?

  • m_bedoya
    m_bedoya Posts: 3 New Member

    Just checked this thread today after a notification about the issue being closed. 

     

    I am not able to provide any more leads now as my memory fails (this happened again while browsing on my phone). I was going to check something on a link sent to me (was not a BestBuy, was something related to travel and I cannot reproduce the issue now) and the xg4ken showed up. Had to turn off the VPN for a sec to view the link. 

     

    Yes, I have browsing and tracking protection on when this happens and the problem goes away when I turn off the VPN defeating the purpose of having one in the first place. The bad redirection appears when I turn on the VPN protection again! And it disappears when I turn it off.

     

    The reason I am sure it is the VPN problem is that this happens on my phone and tablet that are iOS (Apple) devices and it is not a coincidence that even the bestbuy.com website is not accessible when I turn the VPN on on all platforms (Windows 10, iOS).  What I mean by getting to BestBuy is to type www.bestbuy.com in the browser using the us-northwest location. I can get inside any link in the bestbuy.com domain but not into the main website. This is not a big issue for me, but it only happens using your product. If I use Vancouver-CA I go to an international BestBuy and then when I select the US as my location it does not go there (this in iOS). In Windows, I don't even get to the international site using the Vancouver location.

     

    This is what I get with the VPN on for a particular link

    <removed xg4gen ad link>

     

    This is the same with the VPN off:

    http://www.bestbuy.com/site/sony-cyber-shot-rx100-20-2-megapixel-digital-camera-black/5755149.p?skuId=5755149&cmp=RMX&extStoreId=450&ref=212&loc=1&ksid=0b324bb9-ce78-4de7-89ff-79d932986ae7&ksprof_id=3&ksaffcode=pg218886&ksdevice=c&lsft=ref:212,loc:2&gclid=CO78vc_TvtQCFUWUfgoducIFaA

     

    I almost forgot about this until the issue happened again today. Not being able to access one website when the VPN is on is not a big problem, but it makes me feel less secure when your product is the one causing the redirection to malicious sites. I discovered about this malware after started using your product, never had any issues with that particular malware before.

     

    EDIT: Removed malicious link

     

    Thanks.

  • Nickynew
    Nickynew Posts: 1 New Member

    The xg4ken is a malicious malware domain report the problem to the FBI.

  • Hi @m_bedoya,

     

    Please check what the hosts file on the Windows computer looks like:

    1.    Open Notepad
    2.    File -> Open…
    3.    Browse to Local Disk (C: ) -> Windows -> System32 -> drivers -> etc
    4.    Change the selection in the bottom right corner to “All Files”
    5.    Select the “hosts” file and click Open

    Are there any references to bestbuy.com or xg4ken.com? Those are an indication that there is an infection on the computer, redirecting to the xg4ken.

    On the computer, with Freedome OFF, please do this in the command prompt:

    Nslookup www.bestbuy.com

    Then turn Freedome ON and do the same in the command prompt.

    Please send us screenshots of both of those tries.

  • Näsäviisas
    Näsäviisas Posts: 784 Superuser
    Some notice:

    In Google search: what is xg4ken
    A lot of information about xg4ken,
    For example: "on my computer this stops me from getting to bestbuy.com".

    Näsäviisas
This discussion has been closed.