Had a customer call in because he was on the LA Times website and clicked on a link that caused his browser to pop-up a Microsoft warning. The warning said he was infected and needed to pay. He hit control-alt-delete and closed chrome. He restarted his machine and called us.
I opened Chrome and looked at the start page. It was set to “http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND”. When I put that URL into another browser it took me to just Google. I figured the rest was unecessary and reset his home page to just be “http://www.google.com”.
I downloaded a rootkit scan tool from Bleeping Computer and ran a quick scan. We also use Vipre Anit-virus. I updated the difinitions and ran a full deep scan with Vipre. Nothing else was wrong.
I hope this helps someone else out there…