Google Search hijacked only when not being observed. With Fiddler Capture normal results are returned.

4 posts, 0 answers
  1. Derek
    Derek avatar
    2 posts
    Member since:
    Jan 2016

    Posted 01 Feb Link to this post

     It looks like something is using the FiddlerRoot certificate as a means to hijack google.  I posted about it on superuser at the below link.  I'd really like to not have to reinstall Windows.  

    http://superuser.com/questions/1034394/google-search-hijacked-only-when-not-being-observed-attaching-a-debugger-return?noredirect=1#comment1443610_1034394

     

  2. Derek
    Derek avatar
    2 posts
    Member since:
    Jan 2016

    Posted 01 Feb in reply to Derek Link to this post

  3. Tsviatko Yovtchev
    Admin
    Tsviatko Yovtchev avatar
    408 posts

    Posted 04 Feb Link to this post

    Hello,

    Could you, please, confirm that you are getting HTTPS traffic signed by DO_NOT_TRUST_FiddlerRoot derived  certificate when Fiddler is not running?

    Regards,
    Tsviatko Yovtchev
    Telerik
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Feedback Portal and vote to affect the priority of the items
  4. EricLaw
    EricLaw avatar
    67 posts
    Member since:
    Oct 2012

    Posted 04 Feb in reply to Derek Link to this post

    Various pieces of adware/malware have been coded such that when you start Fiddler (or another debugger) the malware detects the debugger stops its malicious behavior in an attempt to avoid detection. You should run a proper antivirus/antimalware program to clean your machine.

Back to Top