Solved

ODD HIJACKER

Posted on 2012-04-04
5
460 Views
Last Modified: 2013-12-06
Have an odd hijacker situation. I have two users who are affected and they do exchange files etc.
Both are win 7 and outlook 2010 and 64 bit systems

We use SharePoint that is housed in Asia
These two users can log on and sometimes go to another page in SharePoint but then it either redirects to a avg.com search page or a cannot connect page.
They can go anywhere in the internet they want it is only happening with SharePoint. No one else in the office is affected. I tired Firefox and it has same issue but just display error page

I have Checked the Host file it looks the same as mine.
I check the DNS they are all set for detected automatically
I check interconnect there is no proxy checked.
I ran Windows Defender, AVG, Malabyte, Spy doctor, TDSkill, ISPFIX, Spybot nothing seems to find anything. I disable most add in also.
It has to be hidden in the registry is my feeling but then it does not take a reboot to come back.
My issue is The President is one of these and he is going to Asia Saturday morning. He accesses SharePoint all the time

Can anyone help me.
0
Comment
Question by:ssaver
  • 3
  • 2
5 Comments
 
LVL 6

Accepted Solution

by:
livanescu earned 500 total points
Comment Utility
is there a chance they have AVG installed and some script in SharePoint (custom - jquery, ajax etc) would trigger AVG safe-shield (whatever would be the name) to interpret as an attack or a false response because it doesn't get/understand SharePoint in far-eastern language. If so, disabling the feature for the site would probably fix the issue...
0
 
LVL 1

Author Comment

by:ssaver
Comment Utility
livanescu
If i understand you correctly we do use AVG.
would uninstalling AVG on my system here also have the same results? If so, I will uninstall it on one of the systems in the AM and see if that make a difference.

My only questions why all of a sudden we have beeen using it for a year now with no issue. unless they just installed it.
0
 
LVL 6

Assisted Solution

by:livanescu
livanescu earned 500 total points
Comment Utility
continuing on the wild goose chase:

how to disable the AVG LinkScanner Surf-Shield
http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=113239

More on the way the LinkScanner works:
http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=174304#post_174304

They also mention the issue shows up in IE and FF; try  it in Chrome
0
 
LVL 1

Author Comment

by:ssaver
Comment Utility
livanescu
Thanks for the help although it turned out to be DNS issue which he would not have discovered if it was not for you asking about installing new Ajax etc. which he said nothing new.  They were on a holiday and what you said made him especially when it started to happen to his users in TW (all VIPs) since it was a holiday. Murphy's Law what you going to do.
The server and IT are in SZ office.
He said this: I got a same issue from TW this morning. After checked, it seems our Domain Service Provider has some problem last night. Please let me know if US still have a problem. By the way, we didn't install any software in SP server recently.  
Even though it was not what we thought I am awarding you the points you made him look at things which is a tough thing to do they are never wrong you know. LOL.
Oh well a few more grey hairs will not hurt me.
0
 
LVL 1

Author Closing Comment

by:ssaver
Comment Utility
Even though it was not what we thought I am awarding you the points you made him look at things which is a tough thing to do.
It was thier Domain Service Provider had some problem last night
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

There are many HijackThis tutorials on the web already, so this article is about tips that help utilize HijackThis' full potential as a diagnostic tool. Download HijackThis from a TrendMicro link or from known reliable sources only. http://free.…
PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now