Browser keeps redirecting in IE8

[skuzzzzy]

Hello im working on a clients computer.

After coming back from china, his IE company homepage keeps redirecting him to, bjdnserror2.wo.com.cn.
IE still shows his homepage as the correct company homepage but it gets auto redirected.

Ive done the following,
cleared cookies, history
deleted IE settings restore stock IE settings
ran malwarebytes
winsock reset and flushed dns
made sure no addons for IE were enabled.

If he opens a fav shortcut for the company page it loads without issue, and there is no issues with chrome.

Anything else I could try?

 

[richc46]

In addition to malwarebytes, run your anti virus.
Use the online scanner, eset.
Good Luck

 

[skuzzzzy]

Ive ran symantic virus scan aswell, forced group policy.

This is happening foir everyone in the group who recently went to china on business.

 

[ThrashZone]

Hi,
Review Jacee’s instructions to run Adwcleaner here post #7,
Ignore the title of the thread,
http://www.sevenforums.com/system-security/316404-instant-savings-app.html
Screen shot of the download button to use for Adwcleaner

http://www.superantispyware.com/?tag=SUPERANTISPYWARE
This one is the longest up to 4 hours, the others are only about 45 minutes,
http://www.microsoft.com/security/scanner/en-us/default.aspx

If all else fails contact the business in question,
Cheers.

 

[Slartybart]

Try this: http://www.sevenforums.com/tutorials/338877-kaspersky-tdsskiller-detect-repair-tdss-rookits.html

When you get to step 7, accept the recommendations by TDSSkiller on the first run.
- after the 2nd TDSSkiller launch - you'll see the Analyze section in the instructions that follow.

You can do your own research or post the most recent TDSSkiller log if you need help.

ref: Analysis Result for Trojan/Win32.Romeo.bv[FakeAV]

Bill
.

 

[skuzzzzy]

I really dont have much time to site and run a bunch more scans onto his computer because he is very busy,
Ive logged into my account and theres no issue with my internet explorer redirecting, so seems to only be connected to his prifile.

My supervisor says it then has to be in HKEY_CURRENT_USER in the registry, then I went to software/microsoft/internet explorer
and I believe main controls the homepage but all of the office computers show "http://go.microsoft.com/fwlink/?Linkid=69157" which is not what our homepages are.

Im fixing to just reformat his computer, was just checking to see if you knew of anything I could check in the registry

 

[Slartybart]

You reset IE: deleted IE settings restore stock IE settings - I think "http://go.microsoft.com/fwlink/?Linkid=69157" is the default home page when you reset IE.

You can just set the home page to whatever the company standard is or you can spend time reformatting and reinstalling.

If you don't want to check for a Trojan - that's your call. You take the full responsibility if there is a virus and it causes more issues on all of those machines. This is happening for everyone in the group who recently went to china on business.

edit: Wait a minute... are your borrowers IE 8?

 

[richc46]

As mentioned in my post, I thought that it was a virus and others agree. Let me add before doing anything try Adwcleaner, as suggested. It has helped many. As mentioned this could be a Trojan with many potential problems, in addition to the home page. Be sure to do a format and clean install, if you desire to reinstall to solve the problem.

 

[skuzzzzy]

You reset IE: deleted IE settings restore stock IE settings - I think "http://go.microsoft.com/fwlink/?Linkid=69157" is the default home page when you reset IE.

You can just set the home page to whatever the company standard is or you can spend time reformatting and reinstalling.

If you don't want to check for a Trojan - that's your call. You take the full responsibility if there is a virus and it causes more issues on all of those machines. This is happening for everyone in the group who recently went to china on business.

edit: Wait a minute... are your borrowers IE 8?

Yes they are using IE8, the homepage is set to the proper company homepage and does go there before being redirected.
But in the registry it says the homepage is set to microsoft, which it is not.

Its not that I dont want to run another virus application, its time does not allow for me to do so since the user is busy, my boss thinks its a simple fix - something related to the user going to china and china messing with dns? to block sites, but I would had thought flush dns would had taking care of that.

Im in the process of building a machine for that user now, was just hoping to have a few things to look for in the registry for when the others get back from china since they are experiencing the same thing.

And thanks for the suggestions for the anti malware, its just these people dont have the time for me to work on thier machine unless its a simple quick fix.

 

[Slartybart]

Understood - you're at the mercy of the user and your supervisor.

A clean install will certainly fix all but hardware ailments, as long as you clean the disk (some malware hides in the root sectors). The thing is you don't know if there is malware or not ... so the clean install is probably your best bet.

Good luck,

Bill
.

 

[KernelSoftware]

This is obviously too late to help the original poster, but in a case like this, something simple to check is the Internet Explorer shortcut. The IE command line accepts a URL that is displayed on open and overrides the homepage stored in the registry. Thus, even a registry search won't find the unwanted URL. Some malware cleaners will detect this and fix it, but most that we have tested do not fix it in all infected user profiles. This might even affect the IE shortcut listed on the System Tools menu. To fix this issue, just edit each IE shortcut's Properties and remove the unwanted URL from the Target command line.