As title, seems there's a trojan on my server
When I put a url like
localhost/mysite
it redirect to the site free-merchants.com and then return to my site...
But if I put
127.0.0.1/mysite
all work correctly...
Then, what is? I scan with avast and malwarebytes and no virus...
With HijackThis I can't see any strange thing...
File hosts have only row
127.0.0.1 localhost
Can be a bug of my webserver that run with
Apache/2.2.21 (Win32) PHP/5.4.32
Or what I must scan?
Use JRT (junkware removal tool) and Adware-removal tool (from techsupportall)
these 2 programs are wonderful to discover PUP, just an addition to malware bytes which is already excellent.
It seems like a unwanted change by a trojan or such...
check your hosts-file for malicious entries.
(ref.: https://en.wikipedia.org/wiki/Hosts_(file) )
For me it was JQuery Debugger Extension:
https://chrome.google.com/webstore/detail/jquery-debugger/dbhhnnnpaeobfddmlalhnehgclcmjimi?utm_source=chrome-app-launcher-info-dialog
For me it's was Translation Selection Extension https://chrome.google.com/webstore/detail/translate-selection/goanabmlmgfinmjohhepcpffcnkeobjm. When I deleted this extension, all works fine
We caught an infected Chrome Reloader Extension:
http://howtoremove.guide/remove-auto-refresh-plus-chrome-firefox/
:-(
For me it was the Chomemarks extension.