Web Browser re direct - please HELP!!
Created: 09 Jan 2013 | 7 comments
Hi,
One of our users has an issue with a web browser redirecting. To try and resolve this i have;
Ran a full scan with SEP 12.1.1000.157 RU1
Ran IE with no add ons. This seems to improve the issue but does not completely resolve it
Checked within programs and features and there does not seem anything suspicious in there
The operating system is Windows 7 64 bit SP1
Regards
Leon
Discussion Filed Under:
Comments 7 Comments • Jump to latest comment
Hi,
Check this thread
https://www-secure.symantec.com/connect/forums/pop...
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hi,
Check the host file if it has any suspicious/malicous entries.
Check the DNS settings if it's intact
Check the IE add-ons/ BHO's installed
Check for any suspicious files on the system
If none of the above work. We will need to collect SST with load point analysis for further analysis.
Check this article:
https://www-secure.symantec.com/connect/articles/u...
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Hi,
have checked all you have suggested and also ran Symantec Power eraser which did not find any issues
regards
Leon
HI,
Check this thread and Check vikram Suggestion
https://www-secure.symantec.com/connect/forums/hel...
Check this blog
https://www-secure.symantec.com/connect/blogs/troj...
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Hello Leon,
In that case there might be a new unknown threat.
You should run Symantec Support tool (SST) to find out suspicious file, refer the following article.
Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec
After submission of suspicious files you will receive tracking number, please share tracking number with us so we can provide you more update on this.
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Check your HOSTS file to see if it has been modified. Also flush your DNS cache.
SEP Knowledge Base
Endpoint SWAT
Hello,
Plan of Action -
1) Disable the System Restore http://support.microsoft.com/kb/283073
2) Disable the Browser Helper Objects on all Installed Browsers
3) Check the Host file of the machine if it has been tampered with. If yes, make the necessary changes to the host file.
4) Login to the machine as a Different User and check if this issue is occurying?
If this issue is not occurying, you may like to delete the Infected User Profile after taking a back up of necessary files.
5) To check if there are any Suspicious files on the machine, work on the steps provided in the article below:
Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec
Also, Check these Threads with similar issue -
https://www-secure.symantec.com/connect/forums/help-removing-virus-redirects-web-page
https://www-secure.symantec.com/connect/forums/popup-and-redirect-virus
https://www-secure.symantec.com/connect/forums/help-re-direct-virus
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Would you like to reply?
Login or Register to post your comment.