|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ted Simmons (tedsimmons
qwest.net)Date: Tue Feb 26 2002 - 12:50:11 CST
I have run in to a simular problem,
I found that there was an extra Program that had modifyed the home page variable for
internet explorer - I found the culperate program in the start up items and in win.ini file.
The program would sense if the start page had changed and change it to its own page.
I would check the startup items - see what is loaded via the task manager ( compare
against no infected machine) and check the win.ini and other loading files for windows.
It was a harmless thing - and easy to remove.
------- Original Copy -------
>Subject: browser redirection to forward.domainname.at
>Date: 02/26/2002 11:03 AM
>From: Matthew.van.Eerdehbinc.com
>To: focus-mssecurityfocus.com
>Cc: focus-virussecurityfocus.com
>A strange problem is surfacing on our network. Users will type in a website
>they have been to before, and they will be forwarded to
>
>http://forward.domainname.at/http://212.69.172.16/forward.php
>and then to
>http://212.69.172.16/forward.php
>
>Have we been hit by a virus? Or is there some name resolution hack on the
>internet?
>
>Typing in the ip address of a site
>http://216.168.252.86 for http://www.verisign.com for example
>goes to the correct site. nslookup prompts from the command line yeild the
>correct IP address.
>
>Workstations are Windows 2000 Professional SP2 with IE 6.
>
>Matthew van Eerde
>Software Engineer
>
============================================================
Ted Simmons
(303)995-9858 Cell
(303)914-8556 Home
tedintradenver.net
=============================================================
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]