Ayuda de vídeo de Screencast

Web Browser re direct - please HELP!!

Created: 09 Enero 2013 | 7 comments

Hi,

One of our users has an issue with a web browser redirecting. To try and resolve this i have;

Ran a full scan with SEP 12.1.1000.157 RU1

Ran IE with no add ons. This seems to improve the issue but does not completely resolve it

Checked within programs and features and there does not seem anything suspicious in there

The operating system is Windows 7 64 bit SP1

Regards

Leon

Comentarios ComentariosIr al último comentario

el cuadro de los Chetan Savade

Hi,

Check the host file if it has any suspicious/malicous entries.

Check the DNS settings if it's intact

Check the IE add-ons/ BHO's installed

Check for any suspicious files on the system

If none of the above work. We will need to collect SST with load point analysis for further analysis.

Check this article:

https://www-secure.symantec.com/connect/articles/u...

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

el cuadro de los JDR1990

Hi,

have checked all you have suggested and also ran Symantec Power eraser which did not find any issues

regards

Leon

el cuadro de los Chetan Savade

Hello Leon,

In that case there might be a new unknown threat.

You should run Symantec Support tool (SST) to find out suspicious file, refer the following article.

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

After submission of suspicious files you will receive tracking number, please share tracking number with us so we can provide you more update on this.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

el cuadro de los Brɨan

Check your HOSTS file to see if it has been modified. Also flush your DNS cache.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

el cuadro de los Mithun Sanghavi

Hello,

Plan of Action - 

1) Disable the System Restore http://support.microsoft.com/kb/283073

2) Disable the Browser Helper Objects on all Installed Browsers

3) Check the Host file of the machine if it has been tampered with. If yes, make the necessary changes to the host file.

4) Login to the machine as a Different User and check if this issue is occurying?

If this issue is not occurying, you may like to delete the Infected User Profile after taking a back up of necessary files.

5) To check if there are any Suspicious files on the machine, work on the steps provided in the article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Also, Check these Threads with similar issue - 

https://www-secure.symantec.com/connect/forums/help-removing-virus-redirects-web-page

https://www-secure.symantec.com/connect/forums/popup-and-redirect-virus

https://www-secure.symantec.com/connect/forums/help-re-direct-virus

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.