So of course, it's Thanksgiving, I'm home for the day with family, and they tell me that their PC is acting "weird".
I'm looking for a little insight, because apparently I'm missing something. Here is what's happening:
No popups, nothing terribly annoying like rogue spyware or anything, however whenever you search for anything, you'll click the link that you're interested in and it will open a new browser window to some crapware.
Let's say I'm fed up and search for some security sites to get some nice anti-spyware or virus scan software. If I try and go to trendmicro.com or whatever, I get a 404 error. I can nslookup the addresses fine, however if I type in "ping trendmicro.com" or "ping safer-networking.org" it's just hitting my loopback address. I've checked my hosts file, and it's empty, so that's ruled out.
Is there anywhere else where name resolution occurs that I'm not aware of? Whatever it is it has to be local, because I can nslookup the domains fine.
I've also noticed that there's a process run by SYSTEM that's called iexplore.exe. I've searched the system for it but the only thing that comes up is the (supposedly) real IExplore.exe located under program files. Unfortunately, even when I kill this process, the same issue occurs.
I've checked the registry and msconfig startup stuff, and I see nothing suspicious. I've deactivated everything in there as well, but to no avail.
Spybot hasn't picked anything up, and when I ran hijack this I didn't see anything suspicious. I may post the log later when I can.
Regardless, I'll be taking the PC home for the weekend to work on it more. I'll post again when I have more info.
Any comments are appreciated. Thanks!
I'm looking for a little insight, because apparently I'm missing something. Here is what's happening:
No popups, nothing terribly annoying like rogue spyware or anything, however whenever you search for anything, you'll click the link that you're interested in and it will open a new browser window to some crapware.
Let's say I'm fed up and search for some security sites to get some nice anti-spyware or virus scan software. If I try and go to trendmicro.com or whatever, I get a 404 error. I can nslookup the addresses fine, however if I type in "ping trendmicro.com" or "ping safer-networking.org" it's just hitting my loopback address. I've checked my hosts file, and it's empty, so that's ruled out.
Is there anywhere else where name resolution occurs that I'm not aware of? Whatever it is it has to be local, because I can nslookup the domains fine.
I've also noticed that there's a process run by SYSTEM that's called iexplore.exe. I've searched the system for it but the only thing that comes up is the (supposedly) real IExplore.exe located under program files. Unfortunately, even when I kill this process, the same issue occurs.
I've checked the registry and msconfig startup stuff, and I see nothing suspicious. I've deactivated everything in there as well, but to no avail.
Spybot hasn't picked anything up, and when I ran hijack this I didn't see anything suspicious. I may post the log later when I can.
Regardless, I'll be taking the PC home for the weekend to work on it more. I'll post again when I have more info.
Any comments are appreciated. Thanks!