Sorry for the topic title, that can be changed once we figure out what it is.
Earlier this week Google announced that is it detecting proxy redirects when clicking on search engine results with a big banner telling the user that they may be infected. However, I am still seeing redirecting going on when you click on search results on some machines. Some call this the Shopica virus though you can get redirected to many other sites besides shopica.com. There doesn't appear to be any scheduled task or service or rundll32 running that could account for this. There is also no proxy turned on or any other IE registry setting that is causing this.
What is strange to me about this virus is that the redirects are going to what appear to be legitimate sites, not criminal (exploits, droppers) infections. Could this be the work of some business that redirects users to their partners in order to solicit?
I would appreciate any insight and maybe a name and/or dropper for this frustrating redirector if anyone else has any. Thanks!
Earlier this week Google announced that is it detecting proxy redirects when clicking on search engine results with a big banner telling the user that they may be infected. However, I am still seeing redirecting going on when you click on search results on some machines. Some call this the Shopica virus though you can get redirected to many other sites besides shopica.com. There doesn't appear to be any scheduled task or service or rundll32 running that could account for this. There is also no proxy turned on or any other IE registry setting that is causing this.
What is strange to me about this virus is that the redirects are going to what appear to be legitimate sites, not criminal (exploits, droppers) infections. Could this be the work of some business that redirects users to their partners in order to solicit?
I would appreciate any insight and maybe a name and/or dropper for this frustrating redirector if anyone else has any. Thanks!
