Solved

ODD HIJACKER

Posted on 2012-04-04
5
461 Views
Last Modified: 2013-12-06
Have an odd hijacker situation. I have two users who are affected and they do exchange files etc.
Both are win 7 and outlook 2010 and 64 bit systems

We use SharePoint that is housed in Asia
These two users can log on and sometimes go to another page in SharePoint but then it either redirects to a avg.com search page or a cannot connect page.
They can go anywhere in the internet they want it is only happening with SharePoint. No one else in the office is affected. I tired Firefox and it has same issue but just display error page

I have Checked the Host file it looks the same as mine.
I check the DNS they are all set for detected automatically
I check interconnect there is no proxy checked.
I ran Windows Defender, AVG, Malabyte, Spy doctor, TDSkill, ISPFIX, Spybot nothing seems to find anything. I disable most add in also.
It has to be hidden in the registry is my feeling but then it does not take a reboot to come back.
My issue is The President is one of these and he is going to Asia Saturday morning. He accesses SharePoint all the time

Can anyone help me.
0
Comment
Question by:ssaver
  • 3
  • 2
5 Comments
 
LVL 6

Accepted Solution

by:
livanescu earned 500 total points
ID: 37808947
is there a chance they have AVG installed and some script in SharePoint (custom - jquery, ajax etc) would trigger AVG safe-shield (whatever would be the name) to interpret as an attack or a false response because it doesn't get/understand SharePoint in far-eastern language. If so, disabling the feature for the site would probably fix the issue...
0
 
LVL 1

Author Comment

by:ssaver
ID: 37809077
livanescu
If i understand you correctly we do use AVG.
would uninstalling AVG on my system here also have the same results? If so, I will uninstall it on one of the systems in the AM and see if that make a difference.

My only questions why all of a sudden we have beeen using it for a year now with no issue. unless they just installed it.
0
 
LVL 6

Assisted Solution

by:livanescu
livanescu earned 500 total points
ID: 37809354
continuing on the wild goose chase:

how to disable the AVG LinkScanner Surf-Shield
http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=113239

More on the way the LinkScanner works:
http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=174304#post_174304

They also mention the issue shows up in IE and FF; try  it in Chrome
0
 
LVL 1

Author Comment

by:ssaver
ID: 37810503
livanescu
Thanks for the help although it turned out to be DNS issue which he would not have discovered if it was not for you asking about installing new Ajax etc. which he said nothing new.  They were on a holiday and what you said made him especially when it started to happen to his users in TW (all VIPs) since it was a holiday. Murphy's Law what you going to do.
The server and IT are in SZ office.
He said this: I got a same issue from TW this morning. After checked, it seems our Domain Service Provider has some problem last night. Please let me know if US still have a problem. By the way, we didn't install any software in SP server recently.  
Even though it was not what we thought I am awarding you the points you made him look at things which is a tough thing to do they are never wrong you know. LOL.
Oh well a few more grey hairs will not hurt me.
0
 
LVL 1

Author Closing Comment

by:ssaver
ID: 37810513
Even though it was not what we thought I am awarding you the points you made him look at things which is a tough thing to do.
It was thier Domain Service Provider had some problem last night
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There are many HijackThis tutorials on the web already, so this article is about tips that help utilize HijackThis' full potential as a diagnostic tool. Download HijackThis from a TrendMicro link or from known reliable sources only. http://free.…
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now