Re: browser redirection to forward.domainname.at

From: Ted Simmons (tedsimmons@qwest.net)
Date: 02/26/02

Previous message: Matthew.van.Eerde@hbinc.com: "RE: browser redirection to forward.domainname.at"
Maybe in reply to: Matthew.van.Eerde@hbinc.com: "browser redirection to forward.domainname.at"
Next in thread: Anthony Buser: "RE: browser redirection to forward.domainname.at"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 26 Feb 2002 12:50:11 -0600 (CST)
From: Ted Simmons <tedsimmons@qwest.net>
To: focus-ms@securityfocus.com, Matthew.van.Eerde@hbinc.com

I have run in to a simular problem,
I found that there was an extra Program that had modifyed the home page variable for
internet explorer - I found the culperate program in the start up items and in win.ini file.
The program would sense if the start page had changed and change it to its own page.

I would check the startup items - see what is loaded via the task manager ( compare
against no infected machine) and check the win.ini and other loading files for windows.

It was a harmless thing - and easy to remove.

------- Original Copy -------
>Subject: browser redirection to forward.domainname.at
>Date: 02/26/2002 11:03 AM
>From: Matthew.van.Eerde@hbinc.com
>To: focus-ms@securityfocus.com
>Cc: focus-virus@securityfocus.com

>A strange problem is surfacing on our network. Users will type in a website
>they have been to before, and they will be forwarded to
>
>http://forward.domainname.at/http://212.69.172.16/forward.php
>and then to
>http://212.69.172.16/forward.php
>
>Have we been hit by a virus? Or is there some name resolution hack on the
>internet?
>
>Typing in the ip address of a site
>http://216.168.252.86 for http://www.verisign.com for example
>goes to the correct site. nslookup prompts from the command line yeild the
>correct IP address.
>
>Workstations are Windows 2000 Professional SP2 with IE 6.
>
>Matthew van Eerde
>Software Engineer
>

============================================================
Ted Simmons
(303)995-9858 Cell
(303)914-8556 Home
ted@intradenver.net
=============================================================

Previous message: Matthew.van.Eerde@hbinc.com: "RE: browser redirection to forward.domainname.at"
Maybe in reply to: Matthew.van.Eerde@hbinc.com: "browser redirection to forward.domainname.at"
Next in thread: Anthony Buser: "RE: browser redirection to forward.domainname.at"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Please Help
... Not sure if this is the correct site but if it is here's the problem: ... Using Windows 2000 pro, and Internet Explorer 6. ... It seams that logging in after the first time makes little difference, ...
(microsoft.public.windows.inetexplorer.ie6.setup)
Re: Restoring IE6 SP2 after Removal of IE7
... the 'Cumulative Update for Internet Explorer for Windows XP Service Pack 2', ... though it does link to the correct site with some common sense reading. ...
(microsoft.public.windowsxp.general)