Had to create a new account here due to forums moving and me not being here for ages.
Anyway. I run into this weird issue the other day on an XP machine. No matter what site you went to in firefox, you ended up at hugedomainsDOTcom. I thought it was a HOST hijack but checked and I'd deleted the host file long ago to stop anything hijacking it. I scanned the machine, found nothing. I looked at a Process Monitor trace, nothing. Both IE and Firefox appeared to be affected pointing to some sort of possible DNS poisioning? Never tried Chrome.
Rebooted. Logged back in and all now fine. Odd, maybe it was memory based.
Anyway. Attempting to fix the issue I was VNCed into the machine via a Windows 7 machine. Suddenly the Windows 7 machine started to have similar issues, nowhere near as bad though. Example vid:
on the Windows 7 machine it only affects Firefox, IE and Chrome are fine and only appears to happen if you do a search in the address bar. Instead of going off and searching Google, it redirects to hugedomains.
Both machines are on a domain (a test domain setup at home). It's probably not a perfect Domain setup as I'm still learning and I think DNS on it really isn't that good. So I thought it might be that.
I disable the NIC on the Windows 7 machine and do the search again in Firefox again and it attempts to do a Google search but obviously fails. Turn the NIC back on, do the same search and get redirected to hugedomains again.
So maybe the TCP/IP stack is infected if possible?
I start up a VM in VMWare of XP that has been turned off for months. It is connected to the domain, I do a test straight away, suffers the same issue in Firefox. The NIC on the VM is setup as Bridged so "Connected directly to the physical network". I roll the VM back to the last snapshot which was an old version of FF and off the domain. No longer suffers the issue.
I connect it to the domain, update FF, test suffers the issue again.
DC is 10.0.0.100 and the Primary DNS on the VM XP is 10.0.0.100 and the secondary is 10.0.0.1 (which is the router). I did this because I'm no expert and I think DNS is bit messed on the DC, so machines can look at the router instead.
With this setup the VM XP has the issue, only in FF. I then note, if I remove the secondary 10.0.0.1 and just let it use the DNS of the DC, it no longer suffers the issue (oh and it's default gateway is the 10.0.0.1). As soon as I enable the secondary DNS again of 10.0.0.1, issue comes back.
This was now pointing to the router being the issue. I remove the secondary from the Windows 7 machine, do a test in FF and the issue disappears. I renable the secondary, still issue has gone. But do the same on the VM and it was still doing it.
Really weird issue that is pointing to an possible issue with the router? It's a Draytek Vigor2800VG.