Chris Barber wrote:

>I have a user on a home network that has an oddity I have not seen
>before while using search engines. On the PC we have tried Yahoo,
>Google, MSN, Lycos, not sure but we may have done a few other, but the
>actions are all the same. We enter a search item, say ACE, and the
>results come back of course ACE Hardware is in the list. When I mouse
>over the link the URL displayed IE Status indicates the correct URL
>for ACE Hardware. Now when I or he clicks on the link we go to some
>other ads page, we click back and click the link a second time and get
>sent to a second ad site. After clicking back a second time and then
>clicking the link for the third time we get to the ACE Hardware site.
>One note on this is that the URL we are directed to is not the same as
>the link so I know it is not a DNS Hijack, but more of a redirect
>
>This happens with any and every site we have looked for in the last
>week or so. The "Anomaly" began shortly before Christmas.
>
>The PC is currently running ZoneAlarm and no messages have indicated
>any new software trying to gain access to the network. I have also
>run AdAware SE, Spybot, and MS Anti-Spyware. Currently running on the
>PC is Symantec AV with the latest updates, I have also run McAfee from
>a boot Disk.
>
>At this point I am thinking it may be some form of Browser Helper
>Object or some registry hack, but I am out of ideas to further
>investigate, clean and protect against this in the future.
>
>Does anyone have any suggestions or ideas on what I could try next?
>
>Thanks in advance for the help.
>
>Chris.
>
>
>
>
Hi,

What happens with an alternative brower such Opera or Firefox ?
Making the test would indicate if the hack is using Internet Explorer or
not.

François

[ reply ]