(The names have been changed to protect the innocent)
So, user A complains that they are unable to access Google, when they attempt to a spyware warning pops up. No other site is affected. User brings laptop to netadmins, user has never logged into laptop. Error can’t be happening here.
The next morning, user A complains to helpdesk that they still can’t get to Google on said laptop. Huh? We explained to the user yesterday that they couldn’t possibly be using the laptop, no one besides administrator had logged in. So, helpdesk person goes to look at the problem again. Finds out this isn’t on the laptop, but on the desktop. So, helpdesk person looks at it, sees spyware warning pop-up, calls netadmin.
Netadmin assumes that user must have been made local admin for some strange reason and all manner of spyware must be installed, starts looking around on the hard drive remotely, finds nothing out of the ordinary. Checks to make sure user is not a local admin, and user is not. So, using some remote control software, takes a look at the desktop. Sure enough, there’s a spyware warning window popped in the front. What the hell? How did site hijacking spyware get installed without being a local admin?
Looking at the address line solves the mystery: http://www.goggle.com/ (I wouldn’t recommend visiting that site).
Glad I got to use my 4 year degree today.