Solved

ODD HIJACKER

Posted on 2012-04-04
5
462 Views
Last Modified: 2013-12-06
Have an odd hijacker situation. I have two users who are affected and they do exchange files etc.
Both are win 7 and outlook 2010 and 64 bit systems

We use SharePoint that is housed in Asia
These two users can log on and sometimes go to another page in SharePoint but then it either redirects to a avg.com search page or a cannot connect page.
They can go anywhere in the internet they want it is only happening with SharePoint. No one else in the office is affected. I tired Firefox and it has same issue but just display error page

I have Checked the Host file it looks the same as mine.
I check the DNS they are all set for detected automatically
I check interconnect there is no proxy checked.
I ran Windows Defender, AVG, Malabyte, Spy doctor, TDSkill, ISPFIX, Spybot nothing seems to find anything. I disable most add in also.
It has to be hidden in the registry is my feeling but then it does not take a reboot to come back.
My issue is The President is one of these and he is going to Asia Saturday morning. He accesses SharePoint all the time

Can anyone help me.
0
Comment
Question by:ssaver
  • 3
  • 2
5 Comments
 
LVL 6

Accepted Solution

by:
livanescu earned 500 total points
ID: 37808947
is there a chance they have AVG installed and some script in SharePoint (custom - jquery, ajax etc) would trigger AVG safe-shield (whatever would be the name) to interpret as an attack or a false response because it doesn't get/understand SharePoint in far-eastern language. If so, disabling the feature for the site would probably fix the issue...
0
 
LVL 1

Author Comment

by:ssaver
ID: 37809077
livanescu
If i understand you correctly we do use AVG.
would uninstalling AVG on my system here also have the same results? If so, I will uninstall it on one of the systems in the AM and see if that make a difference.

My only questions why all of a sudden we have beeen using it for a year now with no issue. unless they just installed it.
0
 
LVL 6

Assisted Solution

by:livanescu
livanescu earned 500 total points
ID: 37809354
continuing on the wild goose chase:

how to disable the AVG LinkScanner Surf-Shield
http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=113239

More on the way the LinkScanner works:
http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=174304#post_174304

They also mention the issue shows up in IE and FF; try  it in Chrome
0
 
LVL 1

Author Comment

by:ssaver
ID: 37810503
livanescu
Thanks for the help although it turned out to be DNS issue which he would not have discovered if it was not for you asking about installing new Ajax etc. which he said nothing new.  They were on a holiday and what you said made him especially when it started to happen to his users in TW (all VIPs) since it was a holiday. Murphy's Law what you going to do.
The server and IT are in SZ office.
He said this: I got a same issue from TW this morning. After checked, it seems our Domain Service Provider has some problem last night. Please let me know if US still have a problem. By the way, we didn't install any software in SP server recently.  
Even though it was not what we thought I am awarding you the points you made him look at things which is a tough thing to do they are never wrong you know. LOL.
Oh well a few more grey hairs will not hurt me.
0
 
LVL 1

Author Closing Comment

by:ssaver
ID: 37810513
Even though it was not what we thought I am awarding you the points you made him look at things which is a tough thing to do.
It was thier Domain Service Provider had some problem last night
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Malware on Windows 10 machine 14 111
Checkpoint Endpoint Managment 3 76
Videos Blocked on espn.com 7 202
Regedit Register where from, why everyday need to clean them  ? 13 83
These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question