Found this (same problem, but no solution), posted 6 days ago: www.mcse.ms/message2735820.html
On Feb 11, 2008 1:19 PM, David Trent <[EMAIL PROTECTED]> wrote: > Rootkit Revealer found only three items-- two embedded nulls, and a system > restore rdb file hidden from Windows API. > > On Feb 11, 2008 1:07 PM, David Trent <[EMAIL PROTECTED]> wrote: > > > The language settings are for English. > > > > I'm running Rootkit Revealer now... > > > > On Feb 11, 2008 12:39 PM, Alex Eckelberry <[EMAIL PROTECTED]> > > wrote: > > > > > Why would it hijack to a legitimate Google site? > > > > > > Something else might be going on here. > > > > > > ------------------------------ > > > *From:* Christopher J. Bosak [mailto:[EMAIL PROTECTED] > > > *Sent:* Monday, February 11, 2008 3:35 PM > > > *To:* NT System Admin Issues > > > *Subject:* RE: IE7 redirecting to Google.de <http://google.de/> > > > > > > Gmail should redirect to mail.google.com > > > > > > > > > > > > Sounds like a browser hijack to me. > > > > > > > > > > > > *From:* David Trent [mailto:[EMAIL PROTECTED] > > > *Sent:* Monday, February 11, 2008 14:32 hrs > > > *To:* NT System Admin Issues > > > *Subject:* Re: IE7 redirecting to Google.de <http://google.de/> > > > > > > > > > > > > Gmail also redirects to Google Mail. > > > > > > On Feb 11, 2008 12:11 PM, <[EMAIL PROTECTED]> wrote: > > > > > > > > > We had a user get infected with something.... HOSTS file was clean but > > > the DNS servers had been modified (IPCONFIG /ALL showed two new ones at > > > the > > > top of the list). > > > > > > > > > > > > *"David Trent" <[EMAIL PROTECTED]>* > > > > > > 02/11/2008 03:09 PM > > > > > > Please respond to > > > "NT System Admin Issues" <[email protected]> > > > > > > To > > > > > > "NT System Admin Issues" <[email protected]> > > > > > > cc > > > > > > Subject > > > > > > Re: IE7 redirecting to Google.de <http://google.de/> > > > > > > > > > > > > > > > > > > > > > Nothing out of the ordinary in the hosts file, btw. > > > > > > On Feb 11, 2008 12:03 PM, David Trent <[EMAIL PROTECTED]> wrote: > > > Has anyone seen any spyware that does this? IE7 is set to open up a > > > google.com page as its first tab among several. For a split second, > > > the address bar shows google.com, then it changes to google.de and > > > displays that site. > > > > > > AV scan runs clean, and so does an anti-malware scan. > > > > > > XP SP2 system, with patches up to date. > > > > > > > > > > > > > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
