Welch Company
San Francisco, CA
S U M M A R Y
DIARY: December 29, 2010 06:21 AM Wednesday;
Rod Welch
Trend Micro requests confirm Firefox Google search redirection problem.
1...Summary/Objective
2...Virus Google Search Redirection Trend Micro Did Not Find Cause
3...Trend Micro Additional Instructions Investigate Google Search Problem
..............
Click here to comment!
CONTACTS
0201 - Trend Micro, Inc.
020101 - Ms. Elena (Len) Quitoriano; Customer Support Representative
020103 - Consumer Support Team
SUBJECTS
C16 Virus Redirection Search Google Case 1-1-395893663 Trend Micro R
2803 -
2803 - ..
2804 - Summary/Objective
2805 -
280501 - Follow up ref SDS 10 0000. ref SDS 9 0000.
280502 -
280503 -
280504 -
280505 -
280507 - ..
2806 -
2807 -
2808 - Progress
2809 -
280901 - Virus Google Search Redirection Trend Micro Did Not Find Cause
280902 - Trend Micro Additional Instructions Investigate Google Search Problem
280903 -
280904 - Follow up ref SDS 10 716S, ref SDS 9 716S.
280905 -
280906 - Background on current efforts reported on 101223 1314, ref SDS 8 716S,
280907 - and resulting in Trend Micro assigning new case number 1-1-395893663.
280908 - ref SDS 8 CJ7H On 101227 Trend Micro reports hijackthis.exe log did
280909 - not solve Google search redirection virus problem; Trend Micro
280910 - requestsd customer perform another 28 steps, ref SDS 10 3G5F; Trend
280911 - Micro notified these steps did not solve the problem. ref SDS 10 NU8S
280913 - ..
280914 - Received another letter from Allan at Trend Micro saying...
280915 -
280916 - 1. Subject: [SR1-1-395893663] Website Redirection
280917 - Date: 28 Dec 2010 19:51:06 +0800
280918 - From: Trend Micro Technical Support <GCC_CONSRECEIVE@support.trendmicro.com>
280919 - To: rod@welchco.com
280921 - ..
280922 - 2. Dear Rod,
280924 - ..
280925 - 3. Thank you for letting us know that redirection only occurs in
280926 - your c16 computer [...responding to letter submitted on 101227
280927 - 0948. ref SDS 10 WR6G...]. Please confirm what web browser are
280928 - you using (Netscape and Firefox are two different web browser).
280929 - To check for name and version, open a new web browser session.
280930 - Go to Help and click on About. Please reply to this email with
280931 - the name and version.
280932 -
280933 - [...below, on 101229 0621 notify Trend Micro that Google
280934 - Search redirection virus problem only occurring with
280935 - Firefox. ref SDS 0 HW7G
280937 - ..
280938 - 4. Note: We would appreciate a response from you within 24 to 48
280939 - hours from the date you receive this email. After the given
280940 - time frame, your case will be presumed resolved and closed.
280941 - You will also receive a feedback from us confirming the status
280942 - of your case. Should you still have concerns regarding your
280943 - issue, please simply reply to this email.
280945 - ..
280946 - 5. To ensure timely response on your cases, please check your
280947 - "spam" folders too. If this email is tagged as spam, please
280948 - mark this message as "not spam" email.
280950 - ..
280951 - 6. Have a great day!
280952 -
280961 - ..
280962 - 9. In order for us to have a history of our correspondence, please
280963 - do not delete the subject and the contents of this email.
280965 - ..
280966 - ===========================================================================
280967 - For future inquiries, you may visit our support page using the link below:
280968 -
280969 - http://esupport.trendmicro.com/support/consumer/consumerhome.do
280971 - ..
280972 - ===========================================================================
280973 -
280974 -
280976 - ..
2810 -
2811 -
2812 - 0647
2813 -
281301 - Submitted response letter to Trend Micro saying...
281302 -
281303 - 1. Subject: Re: [SR1-1-395893663] Website Redirection
281304 - Date: Wed, 29 Dec 2010 07:09:56 -0800
281311 - ..
281312 - 3. Confirming my letter yesterday, redirection is only occurring
281313 - on c16, HP HDX 18t notebook, and only when running Mizola
281314 - Firefox, also called Netscape, and only on Windows XP operating
281315 - system.
281317 - ..
281318 - 4. C16 has xp, w7 32-bit, and w7 64-bit in a multi-boot
281319 - configuration. Redirection only occurs on xp mode, which is
281320 - used 100% of the time.
281321 -
281322 - [...below on 101229 0621 at 1743 letter from Trend Micro
281323 - requests additional steps for customer to diagnose virus
281324 - causing Google Search redirection. ref SDS 0 4S8G
281326 - ..
281327 - 5. Another problem lately has been slow access to URLs on the
281328 - Internet. This also only occurs on c16 in xp mode.
281330 - ..
281331 - 6. Recently bought HP Pavilion Elite HPE 490t. It is configured
281332 - the same as c16. Have been using w7 32-bit, because did not
281333 - have video drivers for xp. Yesterday finally got xp device
281334 - drivers for video adapter on c17. For the past 2 weeks, c17
281335 - has shown no redirection nor slow access to the Internet.
281337 - ..
281338 - 7. This morning installed ccleaner on c16 in xp mode. It
281339 - identifies temporary files and cookies that can be removed to
281340 - increase performance. Ccleaner found about 4 GB of temporary
281341 - files and removed them. Also found a number of issues to fix
281342 - in the xp registry. Booted c16 and tested for continuing
281343 - problems.
281345 - ..
281346 - 8. C16 now seems to load URL calls faster from the Internet.
281348 - ..
281349 - 9. Ran same test doing Google search reported in my letter to TR
281350 - on 101227, and got similar redirection results for Netscape and
281351 - IE (see the letter to TR on 101227 below). They both return
281352 - the correct target file opening the cache.
281354 - ..
281355 - 10. So seems like there is still some kind of virus that is hard to
281356 - detect infecting xp on c16.
281358 - ..
281359 - 11. Hoping your team can help resolve this difficult problem.
281360 -
281366 -
281367 -
281368 -
281370 - ..
2814 -
2815 -
2816 - 1743
2817 -
281701 - Received another letter from Trend Micro saying...
281702 -
281703 - 1. Subject: [SR1-1-395893663] Website Redirection
281704 - Date: 30 Dec 2010 14:34:15 (PST)
281711 - ..
281712 - 2. Thank you for letting us know that you are using Mozilla
281713 - Firefox as your web browser. [...responding to the letter
281714 - earlir today on 101229 0621, shown above. ref SDS 0 HW7G, and
281715 - referencing the report to Trend Micro that performing 28 steps
281716 - requested by Trend Micro failed to correct virus protection
281717 - failure of Pccillin, shown in the record on 101227 0948.
281718 - ref SDS 10 NU5P...]
281720 - ..
281721 - 3. Please follow the instructions below to reset the web browser
281722 - settings to default:
281723 -
281724 - 1. Close down Firefox completely: At the top of the Firefox
281725 - window, click the File menu, and select the Quit menu item.
281726 -
281727 - 2. In Windows, click Start, open the All Programs list, and
281728 - avigate to the Mozilla Firefox folder. In the Mozilla
281729 - Firefox folder, select Mozilla Firefox (Safe Mode).
281731 - ..
281732 - 3. To reset your user preferences, click to put a check mark
281733 - by Reset all user preferences to Firefox defaults.
281735 - ..
281736 - 4. To apply your changes, click Make Changes and Restart.
281737 - Firefox will restart with your settings changed back to the
281738 - defaults.
281740 - ..
281741 - 4. After doing the instructions above, please check if the problem
281742 - still persists. If by chance the solution did not work, please
281743 - reply back to this email and provide more information so that
281744 - we can proceed with the next troubleshooting steps.
281745 -
281746 - [...below on 101229 0621 at 1817 (PST) letter responds to
281747 - Trend Micro reporting performance of additional
281748 - instructions, and there is no evident correction to Google
281749 - Search redirection virus problem, and this problem is
281750 - unique to c16 Windows XP mode, in that Google search works
281751 - correctly on c16 in Windows 7 32-bit, and 64-bit, and on
281752 - c17 on all 3 modes. ref SDS 0 7H7O
281754 - ..
281755 - 5. Note: We would appreciate a response from you within 24 to 48
281756 - hours from the date you receive this email. After the given
281757 - time frame, your case will be presumed resolved and closed.
281758 - You will also receive a feedback from us confirming the status
281759 - of your case. Should you still have concerns regarding your
281760 - issue, please simply reply to this email.
281762 - ..
281763 - 6. To ensure timely response on your cases, please check your
281764 - "spam" folders too. If this email is tagged as spam, please
281765 - mark this message as "not spam" email.
281767 - ..
281768 - 7. Have a great day!
281778 - ..
281779 - 10. In order for us to have a history of our correspondence, please
281780 - do not delete the subject and the contents of this email.
281782 - ..
281783 - ===========================================================================
281784 - For future inquiries, you may visit our support page using the link below:
281785 -
281786 - http://esupport.trendmicro.com/support/consumer/consumerhome.do
281788 - ..
281789 - ===========================================================================
281790 -
281791 -
281792 -
281793 -
281795 - ..
2818 -
2819 -
2820 - 1817
2821 -
282101 - Letter responds to Trend Micro saying...
282102 -
282103 - 1. Subject: Re: [SR1-1-395893663] Website Redirection
282104 - Date: Wed, 29 Dec 2010 18:28:05 -0800
282111 - ..
282112 - 2. Responding to your letter dated 101229 1434 (pst), after making
282113 - changes 1 - 4 in TR's letter, shown above, ref SDS 0 4S8G, to
282114 - Firefox on c16 running Windows XP, and performing the test
282115 - search specification using Google for...
282116 -
282117 - "HP Pavilion Elite HPE 490t"
282119 - ..
282120 - Google returns a list; the 4th entry in the list is...
282121 -
282122 - "HP Pavilion Elite HPE-490t series | HP® Official Store"
282124 - ..
282125 - 3. Opening this choice, Firefox returns following URL...
282126 -
282127 - "BudgetMatch"
282128 -
282129 - http://www.budgetmatch.net/us/a002_2/searcha.php?keyword=Hp+P+Avilion+Elite+Hpe+490t&aff=and2-2714
282130 -
282131 - ...which appears to be a "redirection" specification. If the
282132 - Back control is selected, Firefox is stuck; fails to return the
282133 - Google results.
282134 -
282135 - [On 101230 1158 letter from Trend Micro requests additional
282136 - steps to correct Google search redirection virus.
282137 - ref SDS 11 437L
282139 - ..
282140 - 4. The same spec search using IE on c16 in wxp returns the correct
282141 - URL for the 4th choice...
282142 -
282143 - "HP Home & Home Office
282144 -
282145 - HP Pavilion Elite HPE-490t series"
282147 - ..
282148 - http://www.shopping.hp.com/webapp/series/category/desktops/HPE490t_series/3/computer_store
282150 - ..
282151 - 5. The above result also occurs on c17 in wxp and w7 32-bit.
282153 - ..
282154 - 6. This seems to suggest that something has infected Netscape on
282155 - c16 in Windows XP operating mode.
282157 - ..
282158 - 7. Thanks very much for continued assistance.
282159 -
282165 -
282166 -
282167 -
282168 -
282169 -
282170 -
2822 -
Distribution. . . . See "CONTACTS"