IE8 erro page hijack, on internal domain clients

Home Forums Other Misc IE8 erro page hijack, on internal domain clients

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    Server 2008-hosted corporate domain, some remote connections thru dedicated IPSec site-to-site tunnels, some through client VPN-to-concentrator tunnels. Really odd behavior started recently: the home page for all domain members is an internally-hosted Sharepoint 2008 or newer page, but the URL is not formed for open Internet travel. It’s of the pattern “http://< /” with no “www” or “.com” bits added. Internal DNS resolves, external DNS has no clue. So if you’re not connected to the local domain, you should get an error page to the effect of “…could not connect due to no dot/domain info”. But said error page looks like a custom html doc, and bears no resemblance at all to a typical IE error page.

    Recently, the error page has changed to a survey, soliciting info about how you feel about the current King Abdullah of Saudi Arabia! You see his picture, then 3 links below it: Like him, don’t like him, don’t care. Anyone who’s seen this error page show up because they’ve opened IE and the tunnel is not in effect for whatever reason, have started getting nervous about malware, myself included.

    I used to work for this company, and still retain admin access into the system under a convoluted contractual situation. Unfortunately, I know virtually nil about html coding, etc., so don’t know where to look to see if something’s been replaced and is now pushing out to clients. The internal admins have decided that this exhibits a problem on the open internet, but it can only be duplicated on PCs that are domain members. Trying to access the correct page from a home PC doesn’t give anything close to the same behavior.

    What I’m after is some idea where to look on a client PC for the error pages that IE uses to display info, so I can see about identifying the corrupted doc. All reasonable suggestions appreciated.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.