From: Dan Shterev @Macnamara_Dan
Today I would like to share a issue which arose with one of our clients recently, and most importantly, the solution.
The problem was quite tricky - when internet explorer is opened a message pops up on the screen asking you to complete a survey otherwise will not let you browse the page.
Of course, if you click to start the survey you were automatically redirected to one of those silly websites where you can play poker, games etc.
The funny thing was that you could not get rid of this message in any way in Internet explorer.
It would be natural to assume that it could be easily fixed, however this was not the case.
I tried to reset Internet Explorer-which in most of the cases would solve your problem with Internet explorer. However, in this case the message kept appearing.
I tried logging on as administrator but the message continued to appear even when opening stable sites like bbc.co.uk or aol.com.
Interesting enough was that there wasn’t any information in Google about this message in particular which I was getting on the screen so I had to find my way to resolve this issue.
After running an antivirus scan I did not get any viruses detected, then I tried Malwarebytes but it was the same-the computer looked clean and not infected at all.
I checked the running processes but still I didn’t see anything suspicious but I decided to run one more check with Trojan Remover. The difference between Malwarebytes and Trojan remover is that TR checks all running processes and if some of them are infected it tries to clean and repair them. To my surprise TR detected infected file called infocard.exe, which I had noticed before with HijackThis but ignored because the description of the file says: "infocard.exe is a Windows CardSpace from Microsoft Corporation belonging to Microsoft® .NET Framework". This naturally made me think it was insignificant.
Basically the file was needed by Windows but it was infected and this was causing the browser to be hijacked-meaning that whatever you do when try to open page this process was trying to redirect you to certain web pages - potentially unsafe ones.
After rebooting the machine, TR had successfully cleaned the file and the problem was gone.
Problem:
Message popup in Internet Explorer could not let you access address bar or browse websites – instead trying to redirect you to unsafe websites.
Solution:
1. Run Trojan Remover – disinfecting “infocard.exe”
2. Reboot
No comments:
Post a Comment