I have a problem with google searches that occasionally point me to sites containing only nonsense. The nasty thing is, it happens only occasionally, like every hour or so of browsing which made me believe several times I solved the issue. A redirection of the link always happens but this is not the problem. The link displayed is already doggy and if I type in the found url directly in the browser, I always get "No Permission". If the response is an URL that i happen to know, then I am always redirected to the correct site.
The problem started during the weekend on my computer and that of my wife and for every browser, Firefox, Chrome, Edge. Mobiles are not affected though. I run Linux (Tumbleweed) and my wife Windows 10.
So I thought it must be my router, ASUS ac68u. Hence I factory reseted it, changed the password and installed the newest firmware (well, it did it automatically). But the problem persisted.
I ran a virus scanner on my wife’s Windows 10 and it found nothing. I also set another DNS server on all machines, 184.108.40.206, the only DNS address I remembered from ancient times. But also no luck.
My conclusion is that only google queries are affected (no problem with duckduckgo). But that is not plausible, because the SSH keys would also ad to be faked by the attacker. My browser says it’s google when right clicking on the lock.
I really do not know where to look further. Next thing I will probably do is install a fresh OS, which is easy enough on Linux, but on Windows this will be a lot more work.
BTW, everything I install in Linux is from the package manager. I have compiled a few projects from github though.
The first dodgy site I saw was the infamous "You won a price" scam. But all security sites say it is a browser hack. I cannot imagine five browsers have been hacked at the same time on two different operating systems.