GroupStudy.com GroupStudy.com - A virtual community of network engineers
Home BookStore StudyNotes Links Archives StudyRooms HelpWanted Discounts Login
Re: OT:Web Browsing [7:91734] posted 08/13/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next] 
If they are XP machines do a netstat -o to see what processes are opening
what sockets. Also use a packet sniffer to see what is really going on.
You'll see if the first few packets go to the real site at first but then
are redirected. Still think its spyware but only you could tell for sure.


""PADGETT.LYNNE""  wrote in message
news:200408122055.i7CKtDBR017946@xxxxxxxxxxxxxxxxx
> Thanks to both of the suggestions that have been presented so far.  We
> have pest patrol running on all of the 500 PCs that are affected, along
> with the latest latest Trend stuff, latest Microsoft updates, and we've
> flushed the DNS cache.  The thing that's driving me nuts is that it's
> intermittent.
>
> Anyone else have any suggestions?
>
> -----Original Message-----
> From: Sam Sneed [mailto:vman76@xxxxxxxxxxxxx]
> Sent: Thursday, August 12, 2004 4:44 PM
> To: cisco@xxxxxxxxxxxxxx
> Subject: Re: OT:Web Browsing [7:91734]
>
>
> Check for spyware. I bet your connections are getting hijacked. Download
> spybot and adaware and run them. I guarantee it will fix the problem.
>
> PADGETT.LYNNE wrote:
> > Just wondering if any of you guys have run into this situation in the
> > past couple of days.  When web browsing to random sites (so far it has
>
> > affected delta.com, cnn.com, google.com, aa.com --just to name a few),
>
> > we are being redirected to the myfamily.com website.  Doing nslookups
> > resolves the name to the proper IP address, but you are unable to
> > browse to the site.  It's like a bogus page is placed in front of your
>
> > true destination.  After about 3-5 minutes you are able to access the
> > site again.
> >
> > We use and internal DNS server for outside queries.  As a process of
> > elmination excercise, in an effort to determine the source of the
> > problem, I changed a couple of my PCs to resolve to a DNS server on
> > the outside of our network.  When I do this, the PCs on the outside
> > are able to get to the sites that the internal DNS server is having a
> > problem with, while the one that gets its DNS from our internal server
>
> > is not. I suspect that our DNS server has been compromised, but was
> > wondering if any of you have run into a similar problem.
> >
> > TIA,
> >
> > Lynne




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=91750&t=91734
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html