Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Web Browser re direct - please HELP!!

Created: 09 Jan 2013 | 7 comments

Hi,

One of our users has an issue with a web browser redirecting. To try and resolve this i have;

Ran a full scan with SEP 12.1.1000.157 RU1

Ran IE with no add ons. This seems to improve the issue but does not completely resolve it

Checked within programs and features and there does not seem anything suspicious in there

The operating system is Windows 7 64 bit SP1

Regards

Leon

Comments 7 CommentsJump to latest comment

Chetan Savade's picture

Hi,

Check the host file if it has any suspicious/malicous entries.

Check the DNS settings if it's intact

Check the IE add-ons/ BHO's installed

Check for any suspicious files on the system

If none of the above work. We will need to collect SST with load point analysis for further analysis.

Check this article:

https://www-secure.symantec.com/connect/articles/u...

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

JDR1990's picture

Hi,

have checked all you have suggested and also ran Symantec Power eraser which did not find any issues

regards

Leon

Chetan Savade's picture

Hello Leon,

In that case there might be a new unknown threat.

You should run Symantec Support tool (SST) to find out suspicious file, refer the following article.

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

After submission of suspicious files you will receive tracking number, please share tracking number with us so we can provide you more update on this.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

.Brian's picture

Check your HOSTS file to see if it has been modified. Also flush your DNS cache.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Plan of Action - 

1) Disable the System Restore http://support.microsoft.com/kb/283073

2) Disable the Browser Helper Objects on all Installed Browsers

3) Check the Host file of the machine if it has been tampered with. If yes, make the necessary changes to the host file.

4) Login to the machine as a Different User and check if this issue is occurying?

If this issue is not occurying, you may like to delete the Infected User Profile after taking a back up of necessary files.

5) To check if there are any Suspicious files on the machine, work on the steps provided in the article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team. 

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Also, Check these Threads with similar issue - 

https://www-secure.symantec.com/connect/forums/help-removing-virus-redirects-web-page

https://www-secure.symantec.com/connect/forums/popup-and-redirect-virus

https://www-secure.symantec.com/connect/forums/help-re-direct-virus

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.