subject:"RE\: Odd Redirects"

RE: Odd Redirects

2008-11-04 Thread Bill Songstad (WCUL)

See if your Marketing, PR and Compliance officers have a problem with
something like this:

Dear ,  Thank you for contacting  with this
matter.  As you probably know, any unusual activity associated with a
financial institution website could be a serious matter and should be
reported promptly.  We at  are committed to keeping your
personal and financial information secure. 

We have analyzed your issue and have come up with the following
conclusions which we at  believe you should consider
carefully as your private financial information may be at risk.  

1)  After numerous checks from various locations both inside and outside
the Credit Union, we have determined that no system within the Credit
Union is redirecting your web browser to .

2)  The most likely causes for your inappropriate redirect fall into two
categories: 

a)  Your browser cache is corrupted and needs to be cleared.  Please
follow the instructions at  to clear your
cache.

b)  The computer you are using is infected with some sort of malware.
If clearing your browser cache in the step above did not solve your
problem, please consult with a trusted IT expert to determine the best
way to identify and remove the infection.

3)  If your computer is indeed infected with malware, it may be possible
for a hacker to have collected your login information for our site as
well as others.  We Strongly urge you to contact all the financial
institutions which you may have visited from your computer since the
infection began and change the passwords to your accounts.  We recommend
that this be done as soon as possible via phone or in person or from a
PC known to be secure.

If you have any questions at all, please contact our help desk at  and we will be happy to help you evaluate your options.

Bill 

-Original Message-
From: David McSpadden [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 04, 2008 10:07 AM
To: NT System Admin Issues
Subject: RE: Odd Redirects

Fiddler 

Thanks for that.

Looks like I will have to try and explain DNS poisoning to a user that

believes my sites has been hijacked and all his personnel financial

information is being leaked all over the Internet.  I don't have the

heart to tell him that my site has not been jacked but his personnel

financial information is most likely being leaked all over the Internet,

but by his PC not my website.   

-Original Message-

From: Ziots, Edward [mailto:[EMAIL PROTECTED] 

Sent: Tuesday, November 04, 2008 1:04 PM

To: NT System Admin Issues

Subject: RE: Odd Redirects

Here is what I see from Fiddler on the url stream getting to that site.

All http /1.1 with 200 Error codes except for

http://www.imcu.org/includes/images/1p.gif which popped a 404 not found.

NO redirects seen to the malicious site, which seems to look like dns

poisoning on your end. Check dns, and check ya host files, and check

another from another computer than doesn't have BHO's in IE. 

Z

http://www.fiddler2.com/fiddler2/updatecheck.asp?isBeta=False

http://www.imcu.org/css/imcu_text_link_styles.css

http://www.imcu.org/SpryAssets/SpryTabbedPanels.js

http://www.imcu.org/SpryAssets/SpryTabbedPanels.css

http://www.imcu.org/images/bg_leftside.jpg

http://www.imcu.org/images/1p.gif

http://www.imcu.org/images/header-a.jpg

http://www.imcu.org/images/small_promo_homeloans.jpg

http://www.imcu.org/images/small_promo_auto_center.jpg

http://www.netit.financial-net.com:443

http://www.imcu.org/images/BG-logon2.jpg

http://www.imcu.org/ContentImageHandler.ashx?imageId=7144

http://www.imcu.org/images/title_latest_news.gif

http://www.imcu.org/images/title_rate_check.gif

http://www.imcu.org/ContentImageHandler.ashx?imageId=3571

http://www.imcu.org/ContentImageHandler.ashx?imageId=3787

http://www.imcu.org/images/small_promo_deposit_services.jpg

http://www.imcu.org/includes/images/1p.gif

http://www.netit.financial-net.com:443

http://www.netit.financial-net.com:443

http://www.imcu.org/images/logo-ncua.jpg

http://www.imcu.org/images/logo-eq-housing.jpg

http://www.imcu.org/images/bg_rightside.jpg

http://www.imcu.org/images/red_texture.gif

http://www.imcu.org/images/nav.jpg

Edward E. Ziots

Network Engineer

Lifespan Organization

Email: [EMAIL PROTECTED]

Phone: 401-639-3505

MCSE, MCP+I, ME, CCA, Security +, Network +

-Original Message-

From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] 

Sent: Tuesday, November 04, 2008 1:00 PM

To: NT System Admin Issues

Subject: Re: Odd Redirects

A walk-through?

--

ME2

On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]>

wrote:

> How do I explain that to joe user?

> 

> 

> 

> 

> 

> From: Sean Rector [mailto:[EMAIL PROTECTED]

> Sent: Tuesday, November 04, 2008 12:40 PM

> To: NT System Admin Issues

> Subject: RE: Odd Redirects

> 

> 

> 

> Check 4

RE: Odd Redirects

2008-11-04 Thread Ziots, Edward

NO problem, 

Also if you wanna dig into the guts of HTTP and see what is going on, I
highly recommend HTTP the Definite Guide by O'Reilly Books. It's a
killer book and has helped me so far troubleshoot a lot of PC browser to
web-server disconnects. 

Z

Edward E. Ziots
Network Engineer
Lifespan Organization
Email: [EMAIL PROTECTED]
Phone: 401-639-3505
MCSE, MCP+I, ME, CCA, Security +, Network +

-Original Message-
From: David McSpadden [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 04, 2008 1:07 PM
To: NT System Admin Issues
Subject: RE: Odd Redirects

Fiddler 
Thanks for that.
Looks like I will have to try and explain DNS poisoning to a user that
believes my sites has been hijacked and all his personnel financial
information is being leaked all over the Internet.  I don't have the
heart to tell him that my site has not been jacked but his personnel
financial information is most likely being leaked all over the Internet,
but by his PC not my website.   

-Original Message-
From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 04, 2008 1:04 PM
To: NT System Admin Issues
Subject: RE: Odd Redirects

Here is what I see from Fiddler on the url stream getting to that site.
All http /1.1 with 200 Error codes except for
http://www.imcu.org/includes/images/1p.gif which popped a 404 not found.
NO redirects seen to the malicious site, which seems to look like dns
poisoning on your end. Check dns, and check ya host files, and check
another from another computer than doesn't have BHO's in IE. 

Z

http://www.fiddler2.com/fiddler2/updatecheck.asp?isBeta=False
http://www.imcu.org/css/imcu_text_link_styles.css
http://www.imcu.org/SpryAssets/SpryTabbedPanels.js
http://www.imcu.org/SpryAssets/SpryTabbedPanels.css
http://www.imcu.org/images/bg_leftside.jpg
http://www.imcu.org/images/1p.gif
http://www.imcu.org/images/header-a.jpg
http://www.imcu.org/images/small_promo_homeloans.jpg
http://www.imcu.org/images/small_promo_auto_center.jpg
http://www.netit.financial-net.com:443
http://www.imcu.org/images/BG-logon2.jpg
http://www.imcu.org/ContentImageHandler.ashx?imageId=7144
http://www.imcu.org/images/title_latest_news.gif
http://www.imcu.org/images/title_rate_check.gif
http://www.imcu.org/ContentImageHandler.ashx?imageId=3571
http://www.imcu.org/ContentImageHandler.ashx?imageId=3787
http://www.imcu.org/images/small_promo_deposit_services.jpg
http://www.imcu.org/includes/images/1p.gif
http://www.netit.financial-net.com:443
http://www.netit.financial-net.com:443
http://www.imcu.org/images/logo-ncua.jpg
http://www.imcu.org/images/logo-eq-housing.jpg
http://www.imcu.org/images/bg_rightside.jpg
http://www.imcu.org/images/red_texture.gif
http://www.imcu.org/images/nav.jpg

Edward E. Ziots
Network Engineer
Lifespan Organization
Email: [EMAIL PROTECTED]
Phone: 401-639-3505
MCSE, MCP+I, ME, CCA, Security +, Network +

-Original Message-
From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 04, 2008 1:00 PM
To: NT System Admin Issues
Subject: Re: Odd Redirects

A walk-through?

--
ME2

On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]>
wrote:
> How do I explain that to joe user?
>
>
>
> 
>
> From: Sean Rector [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 12:40 PM
> To: NT System Admin Issues
> Subject: RE: Odd Redirects
>
>
>
> Check 4 hosts file?  DNS poisoning...
>
>
>
> Sean Rector, MCSE
>
>
>
> From: David McSpadden [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 12:27 PM
> To: NT System Admin Issues
> Subject: Odd Redirects
>
>
>
> I have a customer that is trying to get to www.imcu.org.  They are
getting
> redirected to www.manta.com.
>
> If the go to www.imcu.com they are fine.  I can get to both .org and
.com
> with no issues.
>
> What is redirecting them to manta.com? What can I tell them to do to
stop
> this behavior?
>
> So far I have told them to delete temporary files and cookies as well
as
> ipconfig /flushdns but what
>
> is the real problem with their pc???
>
>
>
>
>
>
>
>
>
> Data Security is everyone's responsibility.
>
>
>
>
>
>
>
>
>
> Information Technology Manager
> Virginia Opera Association
>
> E-Mail: [EMAIL PROTECTED]
> Phone:(757) 213-4548 (direct line)
> {*}
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Odd Redirects

2008-11-04 Thread David McSpadden

The BigE.
;-)
They about lost their minds with I took in off the desktops and made
them look for it in Programs.


It's good to be the King...

-Original Message-
From: Troy Meyer [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 04, 2008 1:21 PM
To: NT System Admin Issues
Subject: RE: Odd Redirects

It's all good.

What is funny is the solution is going to be having the user stop typing
in the address wrong or stop using an HTML link that is outdated.  It's
always those little things that we take for granted.

Geez we still get calls that the "Big Blue E" is broken.


-troy

-Original Message-
From: David McSpadden [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2008 10:13 AM
To: NT System Admin Issues
Subject: RE: Odd Redirects

Sorry for the smart @$$ remarks.  I am not supposed to create single
instance answers.  I am supposed to create generic answers for a broad
array of problems and then narrow them down.  Mostly I am not supposed
to talk with the customer's just keep our internal network up and
running.  Let the support staff help the customers with problems like
these.

-Original Message-
From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2008 1:13 PM
To: NT System Admin Issues
Subject: Re: Odd Redirects

+1

--
ME2



On Tue, Nov 4, 2008 at 1:07 PM, Troy Meyer <[EMAIL PROTECTED]>
wrote:
> Are we missing something here, what exactly are you asking?  Are all
of your clients unable to access the site?  Then you are obviously
looking at a higher level issue with name resolution and you need to
check out your internal dns servers.  Launch an nslookup and see what ip
it responds to for that server.  Then change the server in nslookup to
4.2.2.1 and try again.
>
> If only one user is having the issue can you walk them through
checking for entries in the c:\windows\system32\drivers\etc\hosts file.
>
> If you wanted to script the checking of that hosts file for entries,
you certainly could, but is it worth it for one user?  Will it solve a
malware issue that added invalid entries into a host file?
>
> Unfortunately I don't think there is a fix all script out there that
magically detects the issue and resolves the problem, if there was, we
all would be doing something else.
>
> -troy
>
> -Original Message-
> From: David McSpadden [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 9:58 AM
> To: NT System Admin Issues
> Subject: RE: Odd Redirects
>
> Maybe.  I have 35k+ customers. I am looking for something scripted for
> the front line Service Reps to give them.  And you PC has been jacked
> isn't one of the things my customers like to hear...
> :-)
>
> -Original Message-
> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 1:00 PM
> To: NT System Admin Issues
> Subject: Re: Odd Redirects
>
> A walk-through?
>
> --
> ME2
>
>
>
> On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]>
> wrote:
>> How do I explain that to joe user?
>>
>>
>>
>> 
>>
>> From: Sean Rector [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, November 04, 2008 12:40 PM
>> To: NT System Admin Issues
>> Subject: RE: Odd Redirects
>>
>>
>>
>> Check 4 hosts file?  DNS poisoning...
>>
>>
>>
>> Sean Rector, MCSE
>>
>>
>>
>> From: David McSpadden [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, November 04, 2008 12:27 PM
>> To: NT System Admin Issues
>> Subject: Odd Redirects
>>
>>
>>
>> I have a customer that is trying to get to www.imcu.org.  They are
> getting
>> redirected to www.manta.com.
>>
>> If the go to www.imcu.com they are fine.  I can get to both .org and
> .com
>> with no issues.
>>
>> What is redirecting them to manta.com? What can I tell them to do to
> stop
>> this behavior?
>>
>> So far I have told them to delete temporary files and cookies as well
> as
>> ipconfig /flushdns but what
>>
>> is the real problem with their pc???
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Data Security is everyone's responsibility.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Information Technology Manager
>> Virginia Opera Association
>>
>> E-Mail: [EMAIL PROTECTED]
>> Phone:(757) 213-4548 (direct line)
>> {*}
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/

RE: Odd Redirects

2008-11-04 Thread Troy Meyer

It's all good.

What is funny is the solution is going to be having the user stop typing in the 
address wrong or stop using an HTML link that is outdated.  It's always those 
little things that we take for granted.

Geez we still get calls that the "Big Blue E" is broken.


-troy

-Original Message-
From: David McSpadden [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2008 10:13 AM
To: NT System Admin Issues
Subject: RE: Odd Redirects

Sorry for the smart @$$ remarks.  I am not supposed to create single
instance answers.  I am supposed to create generic answers for a broad
array of problems and then narrow them down.  Mostly I am not supposed
to talk with the customer's just keep our internal network up and
running.  Let the support staff help the customers with problems like
these.

-Original Message-
From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2008 1:13 PM
To: NT System Admin Issues
Subject: Re: Odd Redirects

+1

--
ME2



On Tue, Nov 4, 2008 at 1:07 PM, Troy Meyer <[EMAIL PROTECTED]>
wrote:
> Are we missing something here, what exactly are you asking?  Are all
of your clients unable to access the site?  Then you are obviously
looking at a higher level issue with name resolution and you need to
check out your internal dns servers.  Launch an nslookup and see what ip
it responds to for that server.  Then change the server in nslookup to
4.2.2.1 and try again.
>
> If only one user is having the issue can you walk them through
checking for entries in the c:\windows\system32\drivers\etc\hosts file.
>
> If you wanted to script the checking of that hosts file for entries,
you certainly could, but is it worth it for one user?  Will it solve a
malware issue that added invalid entries into a host file?
>
> Unfortunately I don't think there is a fix all script out there that
magically detects the issue and resolves the problem, if there was, we
all would be doing something else.
>
> -troy
>
> -Original Message-
> From: David McSpadden [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 9:58 AM
> To: NT System Admin Issues
> Subject: RE: Odd Redirects
>
> Maybe.  I have 35k+ customers. I am looking for something scripted for
> the front line Service Reps to give them.  And you PC has been jacked
> isn't one of the things my customers like to hear...
> :-)
>
> -Original Message-
> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 1:00 PM
> To: NT System Admin Issues
> Subject: Re: Odd Redirects
>
> A walk-through?
>
> --
> ME2
>
>
>
> On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]>
> wrote:
>> How do I explain that to joe user?
>>
>>
>>
>> ____
>>
>> From: Sean Rector [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, November 04, 2008 12:40 PM
>> To: NT System Admin Issues
>> Subject: RE: Odd Redirects
>>
>>
>>
>> Check 4 hosts file?  DNS poisoning...
>>
>>
>>
>> Sean Rector, MCSE
>>
>>
>>
>> From: David McSpadden [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, November 04, 2008 12:27 PM
>> To: NT System Admin Issues
>> Subject: Odd Redirects
>>
>>
>>
>> I have a customer that is trying to get to www.imcu.org.  They are
> getting
>> redirected to www.manta.com.
>>
>> If the go to www.imcu.com they are fine.  I can get to both .org and
> .com
>> with no issues.
>>
>> What is redirecting them to manta.com? What can I tell them to do to
> stop
>> this behavior?
>>
>> So far I have told them to delete temporary files and cookies as well
> as
>> ipconfig /flushdns but what
>>
>> is the real problem with their pc???
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Data Security is everyone's responsibility.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Information Technology Manager
>> Virginia Opera Association
>>
>> E-Mail: [EMAIL PROTECTED]
>> Phone:(757) 213-4548 (direct line)
>> {*}
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Odd Redirects

2008-11-04 Thread Micheal Espinola Jr

np - I understand.  I also meant my response to be
"walkthrough/copy/boilerplate".  Of course you want a very carefully
crafted response to customer issues such as these. In some cases it
simply cannot be explained to a customer, and you have to walk them
through a visualization of their issue.

--
ME2



On Tue, Nov 4, 2008 at 1:13 PM, David McSpadden <[EMAIL PROTECTED]> wrote:
> Sorry for the smart @$$ remarks.  I am not supposed to create single
> instance answers.  I am supposed to create generic answers for a broad
> array of problems and then narrow them down.  Mostly I am not supposed
> to talk with the customer's just keep our internal network up and
> running.  Let the support staff help the customers with problems like
> these.
>
> -Original Message-
> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 1:13 PM
> To: NT System Admin Issues
> Subject: Re: Odd Redirects
>
> +1
>
> --
> ME2
>
>
>
> On Tue, Nov 4, 2008 at 1:07 PM, Troy Meyer <[EMAIL PROTECTED]>
> wrote:
>> Are we missing something here, what exactly are you asking?  Are all
> of your clients unable to access the site?  Then you are obviously
> looking at a higher level issue with name resolution and you need to
> check out your internal dns servers.  Launch an nslookup and see what ip
> it responds to for that server.  Then change the server in nslookup to
> 4.2.2.1 and try again.
>>
>> If only one user is having the issue can you walk them through
> checking for entries in the c:\windows\system32\drivers\etc\hosts file.
>>
>> If you wanted to script the checking of that hosts file for entries,
> you certainly could, but is it worth it for one user?  Will it solve a
> malware issue that added invalid entries into a host file?
>>
>> Unfortunately I don't think there is a fix all script out there that
> magically detects the issue and resolves the problem, if there was, we
> all would be doing something else.
>>
>> -troy
>>
>> -Original Message-
>> From: David McSpadden [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, November 04, 2008 9:58 AM
>> To: NT System Admin Issues
>> Subject: RE: Odd Redirects
>>
>> Maybe.  I have 35k+ customers. I am looking for something scripted for
>> the front line Service Reps to give them.  And you PC has been jacked
>> isn't one of the things my customers like to hear...
>> :-)
>>
>> -Original Message-
>> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, November 04, 2008 1:00 PM
>> To: NT System Admin Issues
>> Subject: Re: Odd Redirects
>>
>> A walk-through?
>>
>> --
>> ME2
>>
>>
>>
>> On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]>
>> wrote:
>>> How do I explain that to joe user?
>>>
>>>
>>>
>>> 
>>>
>>> From: Sean Rector [mailto:[EMAIL PROTECTED]
>>> Sent: Tuesday, November 04, 2008 12:40 PM
>>> To: NT System Admin Issues
>>> Subject: RE: Odd Redirects
>>>
>>>
>>>
>>> Check 4 hosts file?  DNS poisoning...
>>>
>>>
>>>
>>> Sean Rector, MCSE
>>>
>>>
>>>
>>> From: David McSpadden [mailto:[EMAIL PROTECTED]
>>> Sent: Tuesday, November 04, 2008 12:27 PM
>>> To: NT System Admin Issues
>>> Subject: Odd Redirects
>>>
>>>
>>>
>>> I have a customer that is trying to get to www.imcu.org.  They are
>> getting
>>> redirected to www.manta.com.
>>>
>>> If the go to www.imcu.com they are fine.  I can get to both .org and
>> .com
>>> with no issues.
>>>
>>> What is redirecting them to manta.com? What can I tell them to do to
>> stop
>>> this behavior?
>>>
>>> So far I have told them to delete temporary files and cookies as well
>> as
>>> ipconfig /flushdns but what
>>>
>>> is the real problem with their pc???
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Data Security is everyone's responsibility.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Information Technology Manager
>>> Virginia Opera Association
>>>
>>> E-Mail: [EMAIL PROTECTED]
>>> Phone:(757) 213-4548 (direct line)
>>> {*}
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Odd Redirects

2008-11-04 Thread David McSpadden

Sorry for the smart @$$ remarks.  I am not supposed to create single
instance answers.  I am supposed to create generic answers for a broad
array of problems and then narrow them down.  Mostly I am not supposed
to talk with the customer's just keep our internal network up and
running.  Let the support staff help the customers with problems like
these.

-Original Message-
From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 04, 2008 1:13 PM
To: NT System Admin Issues
Subject: Re: Odd Redirects

+1

--
ME2



On Tue, Nov 4, 2008 at 1:07 PM, Troy Meyer <[EMAIL PROTECTED]>
wrote:
> Are we missing something here, what exactly are you asking?  Are all
of your clients unable to access the site?  Then you are obviously
looking at a higher level issue with name resolution and you need to
check out your internal dns servers.  Launch an nslookup and see what ip
it responds to for that server.  Then change the server in nslookup to
4.2.2.1 and try again.
>
> If only one user is having the issue can you walk them through
checking for entries in the c:\windows\system32\drivers\etc\hosts file.
>
> If you wanted to script the checking of that hosts file for entries,
you certainly could, but is it worth it for one user?  Will it solve a
malware issue that added invalid entries into a host file?
>
> Unfortunately I don't think there is a fix all script out there that
magically detects the issue and resolves the problem, if there was, we
all would be doing something else.
>
> -troy
>
> -Original Message-
> From: David McSpadden [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 9:58 AM
> To: NT System Admin Issues
> Subject: RE: Odd Redirects
>
> Maybe.  I have 35k+ customers. I am looking for something scripted for
> the front line Service Reps to give them.  And you PC has been jacked
> isn't one of the things my customers like to hear...
> :-)
>
> -Original Message-
> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 1:00 PM
> To: NT System Admin Issues
> Subject: Re: Odd Redirects
>
> A walk-through?
>
> --
> ME2
>
>
>
> On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]>
> wrote:
>> How do I explain that to joe user?
>>
>>
>>
>> ____________
>>
>> From: Sean Rector [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, November 04, 2008 12:40 PM
>> To: NT System Admin Issues
>> Subject: RE: Odd Redirects
>>
>>
>>
>> Check 4 hosts file?  DNS poisoning...
>>
>>
>>
>> Sean Rector, MCSE
>>
>>
>>
>> From: David McSpadden [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, November 04, 2008 12:27 PM
>> To: NT System Admin Issues
>> Subject: Odd Redirects
>>
>>
>>
>> I have a customer that is trying to get to www.imcu.org.  They are
> getting
>> redirected to www.manta.com.
>>
>> If the go to www.imcu.com they are fine.  I can get to both .org and
> .com
>> with no issues.
>>
>> What is redirecting them to manta.com? What can I tell them to do to
> stop
>> this behavior?
>>
>> So far I have told them to delete temporary files and cookies as well
> as
>> ipconfig /flushdns but what
>>
>> is the real problem with their pc???
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Data Security is everyone's responsibility.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Information Technology Manager
>> Virginia Opera Association
>>
>> E-Mail: [EMAIL PROTECTED]
>> Phone:(757) 213-4548 (direct line)
>> {*}
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Odd Redirects

2008-11-04 Thread David McSpadden

Isn't one of the PC's that I administrate.  Just one customer and I have
had difficult dealings with him in the past.  He thinks everyone is out
to get him and I am giving his information away to the top bidder.  If I
get a free hour or two I will give him a call and let him know his PC is
screwed and he should put fdisk on a bootable floppy and then reformat
the 0 partition of his PC.

-Original Message-
From: Troy Meyer [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 04, 2008 1:07 PM
To: NT System Admin Issues
Subject: RE: Odd Redirects

Are we missing something here, what exactly are you asking?  Are all of
your clients unable to access the site?  Then you are obviously looking
at a higher level issue with name resolution and you need to check out
your internal dns servers.  Launch an nslookup and see what ip it
responds to for that server.  Then change the server in nslookup to
4.2.2.1 and try again.

If only one user is having the issue can you walk them through checking
for entries in the c:\windows\system32\drivers\etc\hosts file.

If you wanted to script the checking of that hosts file for entries, you
certainly could, but is it worth it for one user?  Will it solve a
malware issue that added invalid entries into a host file?

Unfortunately I don't think there is a fix all script out there that
magically detects the issue and resolves the problem, if there was, we
all would be doing something else.

-troy

-Original Message-
From: David McSpadden [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2008 9:58 AM
To: NT System Admin Issues
Subject: RE: Odd Redirects

Maybe.  I have 35k+ customers. I am looking for something scripted for
the front line Service Reps to give them.  And you PC has been jacked
isn't one of the things my customers like to hear...
:-)

-Original Message-
From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2008 1:00 PM
To: NT System Admin Issues
Subject: Re: Odd Redirects

A walk-through?

--
ME2

On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]>
wrote:
> How do I explain that to joe user?
>
>
>
> 
>
> From: Sean Rector [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 12:40 PM
> To: NT System Admin Issues
> Subject: RE: Odd Redirects
>
>
>
> Check 4 hosts file?  DNS poisoning...
>
>
>
> Sean Rector, MCSE
>
>
>
> From: David McSpadden [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 12:27 PM
> To: NT System Admin Issues
> Subject: Odd Redirects
>
>
>
> I have a customer that is trying to get to www.imcu.org.  They are
getting
> redirected to www.manta.com.
>
> If the go to www.imcu.com they are fine.  I can get to both .org and
.com
> with no issues.
>
> What is redirecting them to manta.com? What can I tell them to do to
stop
> this behavior?
>
> So far I have told them to delete temporary files and cookies as well
as
> ipconfig /flushdns but what
>
> is the real problem with their pc???
>
>
>
>
>
>
>
>
>
> Data Security is everyone's responsibility.
>
>
>
>
>
>
>
>
>
> Information Technology Manager
> Virginia Opera Association
>
> E-Mail: [EMAIL PROTECTED]
> Phone:(757) 213-4548 (direct line)
> {*}
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Odd Redirects

2008-11-04 Thread Micheal Espinola Jr

+1

--
ME2



On Tue, Nov 4, 2008 at 1:07 PM, Troy Meyer <[EMAIL PROTECTED]> wrote:
> Are we missing something here, what exactly are you asking?  Are all of your 
> clients unable to access the site?  Then you are obviously looking at a 
> higher level issue with name resolution and you need to check out your 
> internal dns servers.  Launch an nslookup and see what ip it responds to for 
> that server.  Then change the server in nslookup to 4.2.2.1 and try again.
>
> If only one user is having the issue can you walk them through checking for 
> entries in the c:\windows\system32\drivers\etc\hosts file.
>
> If you wanted to script the checking of that hosts file for entries, you 
> certainly could, but is it worth it for one user?  Will it solve a malware 
> issue that added invalid entries into a host file?
>
> Unfortunately I don't think there is a fix all script out there that 
> magically detects the issue and resolves the problem, if there was, we all 
> would be doing something else.
>
> -troy
>
> -Original Message-
> From: David McSpadden [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 9:58 AM
> To: NT System Admin Issues
> Subject: RE: Odd Redirects
>
> Maybe.  I have 35k+ customers. I am looking for something scripted for
> the front line Service Reps to give them.  And you PC has been jacked
> isn't one of the things my customers like to hear...
> :-)
>
> -Original Message-
> From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 1:00 PM
> To: NT System Admin Issues
> Subject: Re: Odd Redirects
>
> A walk-through?
>
> --
> ME2
>
>
>
> On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]>
> wrote:
>> How do I explain that to joe user?
>>
>>
>>
>> 
>>
>> From: Sean Rector [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, November 04, 2008 12:40 PM
>> To: NT System Admin Issues
>> Subject: RE: Odd Redirects
>>
>>
>>
>> Check 4 hosts file?  DNS poisoning...
>>
>>
>>
>> Sean Rector, MCSE
>>
>>
>>
>> From: David McSpadden [mailto:[EMAIL PROTECTED]
>> Sent: Tuesday, November 04, 2008 12:27 PM
>> To: NT System Admin Issues
>> Subject: Odd Redirects
>>
>>
>>
>> I have a customer that is trying to get to www.imcu.org.  They are
> getting
>> redirected to www.manta.com.
>>
>> If the go to www.imcu.com they are fine.  I can get to both .org and
> .com
>> with no issues.
>>
>> What is redirecting them to manta.com? What can I tell them to do to
> stop
>> this behavior?
>>
>> So far I have told them to delete temporary files and cookies as well
> as
>> ipconfig /flushdns but what
>>
>> is the real problem with their pc???
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Data Security is everyone's responsibility.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Information Technology Manager
>> Virginia Opera Association
>>
>> E-Mail: [EMAIL PROTECTED]
>> Phone:(757) 213-4548 (direct line)
>> {*}
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Odd Redirects

2008-11-04 Thread David McSpadden

Fiddler 
Thanks for that.
Looks like I will have to try and explain DNS poisoning to a user that
believes my sites has been hijacked and all his personnel financial
information is being leaked all over the Internet.  I don't have the
heart to tell him that my site has not been jacked but his personnel
financial information is most likely being leaked all over the Internet,
but by his PC not my website.   

-Original Message-
From: Ziots, Edward [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 04, 2008 1:04 PM
To: NT System Admin Issues
Subject: RE: Odd Redirects

Here is what I see from Fiddler on the url stream getting to that site.
All http /1.1 with 200 Error codes except for
http://www.imcu.org/includes/images/1p.gif which popped a 404 not found.
NO redirects seen to the malicious site, which seems to look like dns
poisoning on your end. Check dns, and check ya host files, and check
another from another computer than doesn't have BHO's in IE. 

Z

http://www.fiddler2.com/fiddler2/updatecheck.asp?isBeta=False
http://www.imcu.org/css/imcu_text_link_styles.css
http://www.imcu.org/SpryAssets/SpryTabbedPanels.js
http://www.imcu.org/SpryAssets/SpryTabbedPanels.css
http://www.imcu.org/images/bg_leftside.jpg
http://www.imcu.org/images/1p.gif
http://www.imcu.org/images/header-a.jpg
http://www.imcu.org/images/small_promo_homeloans.jpg
http://www.imcu.org/images/small_promo_auto_center.jpg
http://www.netit.financial-net.com:443
http://www.imcu.org/images/BG-logon2.jpg
http://www.imcu.org/ContentImageHandler.ashx?imageId=7144
http://www.imcu.org/images/title_latest_news.gif
http://www.imcu.org/images/title_rate_check.gif
http://www.imcu.org/ContentImageHandler.ashx?imageId=3571
http://www.imcu.org/ContentImageHandler.ashx?imageId=3787
http://www.imcu.org/images/small_promo_deposit_services.jpg
http://www.imcu.org/includes/images/1p.gif
http://www.netit.financial-net.com:443
http://www.netit.financial-net.com:443
http://www.imcu.org/images/logo-ncua.jpg
http://www.imcu.org/images/logo-eq-housing.jpg
http://www.imcu.org/images/bg_rightside.jpg
http://www.imcu.org/images/red_texture.gif
http://www.imcu.org/images/nav.jpg

Edward E. Ziots
Network Engineer
Lifespan Organization
Email: [EMAIL PROTECTED]
Phone: 401-639-3505
MCSE, MCP+I, ME, CCA, Security +, Network +

-Original Message-
From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 04, 2008 1:00 PM
To: NT System Admin Issues
Subject: Re: Odd Redirects

A walk-through?

--
ME2

On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]>
wrote:
> How do I explain that to joe user?
>
>
>
> 
>
> From: Sean Rector [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 12:40 PM
> To: NT System Admin Issues
> Subject: RE: Odd Redirects
>
>
>
> Check 4 hosts file?  DNS poisoning...
>
>
>
> Sean Rector, MCSE
>
>
>
> From: David McSpadden [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 12:27 PM
> To: NT System Admin Issues
> Subject: Odd Redirects
>
>
>
> I have a customer that is trying to get to www.imcu.org.  They are
getting
> redirected to www.manta.com.
>
> If the go to www.imcu.com they are fine.  I can get to both .org and
.com
> with no issues.
>
> What is redirecting them to manta.com? What can I tell them to do to
stop
> this behavior?
>
> So far I have told them to delete temporary files and cookies as well
as
> ipconfig /flushdns but what
>
> is the real problem with their pc???
>
>
>
>
>
>
>
>
>
> Data Security is everyone's responsibility.
>
>
>
>
>
>
>
>
>
> Information Technology Manager
> Virginia Opera Association
>
> E-Mail: [EMAIL PROTECTED]
> Phone:(757) 213-4548 (direct line)
> {*}
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Odd Redirects

2008-11-04 Thread Troy Meyer

Are we missing something here, what exactly are you asking?  Are all of your 
clients unable to access the site?  Then you are obviously looking at a higher 
level issue with name resolution and you need to check out your internal dns 
servers.  Launch an nslookup and see what ip it responds to for that server.  
Then change the server in nslookup to 4.2.2.1 and try again.

If only one user is having the issue can you walk them through checking for 
entries in the c:\windows\system32\drivers\etc\hosts file.

If you wanted to script the checking of that hosts file for entries, you 
certainly could, but is it worth it for one user?  Will it solve a malware 
issue that added invalid entries into a host file?

Unfortunately I don't think there is a fix all script out there that magically 
detects the issue and resolves the problem, if there was, we all would be doing 
something else.

-troy

-Original Message-
From: David McSpadden [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2008 9:58 AM
To: NT System Admin Issues
Subject: RE: Odd Redirects

Maybe.  I have 35k+ customers. I am looking for something scripted for
the front line Service Reps to give them.  And you PC has been jacked
isn't one of the things my customers like to hear...
:-)

-Original Message-
From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2008 1:00 PM
To: NT System Admin Issues
Subject: Re: Odd Redirects

A walk-through?

--
ME2

On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]>
wrote:
> How do I explain that to joe user?
>
>
>
> 
>
> From: Sean Rector [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 12:40 PM
> To: NT System Admin Issues
> Subject: RE: Odd Redirects
>
>
>
> Check 4 hosts file?  DNS poisoning...
>
>
>
> Sean Rector, MCSE
>
>
>
> From: David McSpadden [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 12:27 PM
> To: NT System Admin Issues
> Subject: Odd Redirects
>
>
>
> I have a customer that is trying to get to www.imcu.org.  They are
getting
> redirected to www.manta.com.
>
> If the go to www.imcu.com they are fine.  I can get to both .org and
.com
> with no issues.
>
> What is redirecting them to manta.com? What can I tell them to do to
stop
> this behavior?
>
> So far I have told them to delete temporary files and cookies as well
as
> ipconfig /flushdns but what
>
> is the real problem with their pc???
>
>
>
>
>
>
>
>
>
> Data Security is everyone's responsibility.
>
>
>
>
>
>
>
>
>
> Information Technology Manager
> Virginia Opera Association
>
> E-Mail: [EMAIL PROTECTED]
> Phone:(757) 213-4548 (direct line)
> {*}
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Odd Redirects

2008-11-04 Thread Ziots, Edward

Here is what I see from Fiddler on the url stream getting to that site.
All http /1.1 with 200 Error codes except for
http://www.imcu.org/includes/images/1p.gif which popped a 404 not found.
NO redirects seen to the malicious site, which seems to look like dns
poisoning on your end. Check dns, and check ya host files, and check
another from another computer than doesn't have BHO's in IE. 

Z


http://www.fiddler2.com/fiddler2/updatecheck.asp?isBeta=False
http://www.imcu.org/css/imcu_text_link_styles.css
http://www.imcu.org/SpryAssets/SpryTabbedPanels.js
http://www.imcu.org/SpryAssets/SpryTabbedPanels.css
http://www.imcu.org/images/bg_leftside.jpg
http://www.imcu.org/images/1p.gif
http://www.imcu.org/images/header-a.jpg
http://www.imcu.org/images/small_promo_homeloans.jpg
http://www.imcu.org/images/small_promo_auto_center.jpg
http://www.netit.financial-net.com:443
http://www.imcu.org/images/BG-logon2.jpg
http://www.imcu.org/ContentImageHandler.ashx?imageId=7144
http://www.imcu.org/images/title_latest_news.gif
http://www.imcu.org/images/title_rate_check.gif
http://www.imcu.org/ContentImageHandler.ashx?imageId=3571
http://www.imcu.org/ContentImageHandler.ashx?imageId=3787
http://www.imcu.org/images/small_promo_deposit_services.jpg
http://www.imcu.org/includes/images/1p.gif
http://www.netit.financial-net.com:443
http://www.netit.financial-net.com:443
http://www.imcu.org/images/logo-ncua.jpg
http://www.imcu.org/images/logo-eq-housing.jpg
http://www.imcu.org/images/bg_rightside.jpg
http://www.imcu.org/images/red_texture.gif
http://www.imcu.org/images/nav.jpg


Edward E. Ziots
Network Engineer
Lifespan Organization
Email: [EMAIL PROTECTED]
Phone: 401-639-3505
MCSE, MCP+I, ME, CCA, Security +, Network +

-Original Message-
From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 04, 2008 1:00 PM
To: NT System Admin Issues
Subject: Re: Odd Redirects

A walk-through?

--
ME2



On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]>
wrote:
> How do I explain that to joe user?
>
>
>
> 
>
> From: Sean Rector [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 12:40 PM
> To: NT System Admin Issues
> Subject: RE: Odd Redirects
>
>
>
> Check 4 hosts file?  DNS poisoning...
>
>
>
> Sean Rector, MCSE
>
>
>
> From: David McSpadden [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 12:27 PM
> To: NT System Admin Issues
> Subject: Odd Redirects
>
>
>
> I have a customer that is trying to get to www.imcu.org.  They are
getting
> redirected to www.manta.com.
>
> If the go to www.imcu.com they are fine.  I can get to both .org and
.com
> with no issues.
>
> What is redirecting them to manta.com? What can I tell them to do to
stop
> this behavior?
>
> So far I have told them to delete temporary files and cookies as well
as
> ipconfig /flushdns but what
>
> is the real problem with their pc???
>
>
>
>
>
>
>
>
>
> Data Security is everyone's responsibility.
>
>
>
>
>
>
>
>
>
> Information Technology Manager
> Virginia Opera Association
>
> E-Mail: [EMAIL PROTECTED]
> Phone:(757) 213-4548 (direct line)
> {*}
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Odd Redirects

2008-11-04 Thread David McSpadden

Maybe.  I have 35k+ customers. I am looking for something scripted for
the front line Service Reps to give them.  And you PC has been jacked
isn't one of the things my customers like to hear...
:-)

-Original Message-
From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 04, 2008 1:00 PM
To: NT System Admin Issues
Subject: Re: Odd Redirects

A walk-through?

--
ME2



On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]>
wrote:
> How do I explain that to joe user?
>
>
>
> 
>
> From: Sean Rector [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 12:40 PM
> To: NT System Admin Issues
> Subject: RE: Odd Redirects
>
>
>
> Check 4 hosts file?  DNS poisoning...
>
>
>
> Sean Rector, MCSE
>
>
>
> From: David McSpadden [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 12:27 PM
> To: NT System Admin Issues
> Subject: Odd Redirects
>
>
>
> I have a customer that is trying to get to www.imcu.org.  They are
getting
> redirected to www.manta.com.
>
> If the go to www.imcu.com they are fine.  I can get to both .org and
.com
> with no issues.
>
> What is redirecting them to manta.com? What can I tell them to do to
stop
> this behavior?
>
> So far I have told them to delete temporary files and cookies as well
as
> ipconfig /flushdns but what
>
> is the real problem with their pc???
>
>
>
>
>
>
>
>
>
> Data Security is everyone's responsibility.
>
>
>
>
>
>
>
>
>
> Information Technology Manager
> Virginia Opera Association
>
> E-Mail: [EMAIL PROTECTED]
> Phone:(757) 213-4548 (direct line)
> {*}
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Odd Redirects

2008-11-04 Thread Micheal Espinola Jr

A walk-through?

--
ME2



On Tue, Nov 4, 2008 at 12:48 PM, David McSpadden <[EMAIL PROTECTED]> wrote:
> How do I explain that to joe user?
>
>
>
> 
>
> From: Sean Rector [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 12:40 PM
> To: NT System Admin Issues
> Subject: RE: Odd Redirects
>
>
>
> Check 4 hosts file?  DNS poisoning…
>
>
>
> Sean Rector, MCSE
>
>
>
> From: David McSpadden [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 04, 2008 12:27 PM
> To: NT System Admin Issues
> Subject: Odd Redirects
>
>
>
> I have a customer that is trying to get to www.imcu.org.  They are getting
> redirected to www.manta.com.
>
> If the go to www.imcu.com they are fine.  I can get to both .org and .com
> with no issues.
>
> What is redirecting them to manta.com? What can I tell them to do to stop
> this behavior?
>
> So far I have told them to delete temporary files and cookies as well as
> ipconfig /flushdns but what
>
> is the real problem with their pc???
>
>
>
>
>
>
>
>
>
> Data Security is everyone's responsibility.
>
>
>
>
>
>
>
>
>
> Information Technology Manager
> Virginia Opera Association
>
> E-Mail: [EMAIL PROTECTED]
> Phone:(757) 213-4548 (direct line)
> {*}
>
>
>
>
>
>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Odd Redirects

2008-11-04 Thread David McSpadden

How do I explain that to joe user?

From: Sean Rector [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 04, 2008 12:40 PM
To: NT System Admin Issues
Subject: RE: Odd Redirects

Check 4 hosts file?  DNS poisoning...

Sean Rector, MCSE

From: David McSpadden [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 04, 2008 12:27 PM
To: NT System Admin Issues
Subject: Odd Redirects

I have a customer that is trying to get to www.imcu.org
<http://www.imcu.org/> .  They are getting redirected to www.manta.com
<http://www.manta.com/> .

If the go to www.imcu.com <http://www.imcu.com/>  they are fine.  I can
get to both .org and .com with no issues.

What is redirecting them to manta.com? What can I tell them to do to
stop this behavior?

So far I have told them to delete temporary files and cookies as well as
ipconfig /flushdns but what

is the real problem with their pc???

Data Security is everyone's responsibility.

Information Technology Manager
Virginia Opera Association 

E-Mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>

Phone:(757) 213-4548 (direct line)
{*}

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Odd Redirects

2008-11-04 Thread Sean Rector

Check 4 hosts file?  DNS poisoning...

 

Sean Rector, MCSE

 

From: David McSpadden [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, November 04, 2008 12:27 PM
To: NT System Admin Issues
Subject: Odd Redirects

 

I have a customer that is trying to get to www.imcu.org
 .  They are getting redirected to www.manta.com
 .

If the go to www.imcu.com   they are fine.  I can
get to both .org and .com with no issues.

What is redirecting them to manta.com? What can I tell them to do to
stop this behavior?

So far I have told them to delete temporary files and cookies as well as
ipconfig /flushdns but what

is the real problem with their pc???

 

 

 

 

Data Security is everyone's responsibility.

 

 

 

 

Virginia Opera's 2008-2009 Season ... "Viva la passione!"
IL TROVATORE - THE ELIXIR OF LOVE - TOSCA - THE BARBER OF SEVILLE
Visit us online at www.vaopera.org or call 1-866-OPERA-VA (1-866-673-7282).
Subscribe or purchase tickets online now!
 
This e-mail and any attached files are confidential and intended solely for the 
intended recipient(s). Unless otherwise specified, persons unnamed as 
recipients may not read, distribute, copy or alter this e-mail. Any views or 
opinions expressed in this e-mail belong to the author and may not necessarily 
represent those of Virginia Opera. Although precautions have been taken to 
ensure no viruses are present, Virginia Opera cannot accept responsibility for 
any loss or damage that may arise from the use of this e-mail or attachments.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Odd Redirects

RE: Odd Redirects

RE: Odd Redirects

RE: Odd Redirects

Re: Odd Redirects

RE: Odd Redirects

RE: Odd Redirects

Re: Odd Redirects

RE: Odd Redirects

RE: Odd Redirects

RE: Odd Redirects

RE: Odd Redirects

Re: Odd Redirects

RE: Odd Redirects

RE: Odd Redirects

15 matches

Site Navigation

Mail list logo

Footer information