I've tried long and hard to figure out what is going on with this, but I can't seem to find anything that explains it in any logs or scans, or even Googling it.
Recently at the company I work for a few emails have been strange. So far it only seems that four people are affected by this. They will send an email through our PMS Micros Opera, which we use through (a very very outdated version) Internet Explorer (which we cannot update unless risk not being able to use Opera) and it will generate Chinese characters in the email. It will completely replace the signature we have that is applied by our Exchange server.
䠼䵔㹌䠼䅅㹄ℼⴭ吠浥汰瑡敧敮慲整祢䔠捸慬浩牥䴠楡楄捳慬浩牥湯ㄠ㨱㔳ㄺ‸畔獥慤ⱹㄠ‷敓瑰浥敢〲㌱ⴠ㸭匼奔䕌琠灹㵥整瑸振獳倾戮扦㤶挳ⴰ㘶㝥㐭搱ⴱ敡㍢愭ㄱ摡昱〳搳‵ൻऊ䅍䝒义›挰挰瀰൴紊䥌戮扦㤶挳ⴰ㘶㝥㐭搱ⴱ敡㍢愭ㄱ摡昱〳搳‵ൻऊ䅍䝒义›挰挰瀰൴紊䥄晢㙢㌹っ㘭收ⴷㄴㅤ愭扥ⴳㅡ愱ㅤ㍦㌰㕤笠䴉剁䥇㩎〠浣〠浣〠瑰ൽ吊䉁䕌戮扦㤶挳ⴰ㘶㝥㐭搱ⴱ敡㍢愭ㄱ摡昱〳搳吵扡敬笠䴉剁䥇㩎〠浣〠浣〠瑰ൽ䐊噉匮捥楴湯‱ൻऊ慰敧›敓瑣潩ㅮൽ吊⹄湩潦笠䘉乏ⵔ䥓䕚›〹ഥ紊⼼呓䱙㹅⼼䕈䑁ാ㰊佂奄ാ㰊⁐汣獡㵳晢㙢㌹っ㘭收ⴷㄴㅤ愭扥ⴳㅡ愱ㅤ㍦㌰㕤㰾倯ാ㰊䅔䱂㹅†吼佂奄ാ 㰠剔ാ †㰠䑔㰾浩潢摲牥〽眠摩桴ㄽ㌸栠楥桧㵴〵猠捲✽楣㩤挶挳戳瀮杮摀扡㈱晦⸹㤴晢ㅣ摢‧㸯⼼䑔㰾启㹒†吼㹒††吼㹄䄼栠敲㵦栢瑴㩰⼯睷楨畢晦污摯睯瑮睯潣⽭㸢潈楬慤⁹湉畂晦污†††潄湷潴湷⼼㹁⼼䑔㰾启㹒†吼㹒††吼㹄䈼䨾摵⁹汇瑡桺景牥敇敮慲慍慮敧㱲䈯㰾启㹄⼼剔ാ 㰠剔ാ †㰠䑔挠慬獳椽普㹯㈶‰敄慬慷敲䄠敶畮ⱥ䈠晵慦潬奎ㄠ㈴㈰⼼䑔㰾启㹒†吼㹒††吼⁄汣獡㵳湩潦倾潨敮›ㄷⴶ㠸ⴶㄲㄲ⼼䑔㰾启㹒吼㹒吼⁄汣獡㵳湩潦䴾扯汩㩥㜠㘱㠭㐶㘭㠳㰶启㹄⼼剔‾†吼㹒††吼⁄汣獡㵳湩潦䘾硡›ㄷⴶ㠸ⴶ㤷㈴⼼䑔㰾启㹒†吼㹒††吼⁄汣獡㵳湩潦䔾慭汩☺扮灳㰻牨晥✽慭汩潴䨺汇瑡桺景牥䡀牡䡴瑯汥潣❭琠瑩敬✽汃捩潴猠湥浥楡潴䜠慬穴潨敦Ⱳ畊祤‧慴杲瑥✽㸧䝊慬穴潨敦䁲慈瑲潈整獬挮浯⼼㹡⼼䑔㰾启㹒†吼㹒††吼㹄䄼栠敲㵦栢瑴獰⼺眯睷昮捡扥潯潣⽭潨楬慤楹湮畢晦污摯睯瑮睯≮㰾浩潢摲牥〽眠摩桴㔽‵敨杩瑨㐽′牳㵣挧摩㠺㘰㈵⸹湰䁧愱㘸戰戰㐮㥡挴㜵✳⼠㰾䄯㰾⁁牨晥∽瑨灴㩳⼯睴瑩整潣⽭楨晢潬潤湷潴湷㸢椼杭戠牯敤㵲‰楷瑤㵨㘵栠楥桧㵴㈴猠捲✽楣㩤ㄷ㥥㜲瀮杮ㅀ昲敡㕡⸴戴摢换㥦‧㸯⼼㹁䄼栠敲㵦栢瑴獰⼺瀯湩整敲瑳挮浯栯牡桴瑯汥≳㰾浩潢摲牥〽眠摩桴㔽‵敨杩瑨㐽′牳㵣挧摩㈺㜷㉡湰䁧㤳ㅥㄷ摥㐮愲捦敦❦⼠㰾䄯㰾启㹄⼼剔㰾启佂奄㰾启䉁䕌ാ㰊⁐汣獡㵳晢㙢㌹っ㘭收ⴷㄴㅤ愭扥ⴳㅡ愱ㅤ㍦㌰㕤㰾倯㰾䈯䑏㹙⼼呈䱍>
䠼䵔㹌䠼䅅㹄ℼⴭ吠浥汰瑡敧敮慲整祢䔠捸慬浩牥䴠楡楄捳慬浩牥湯〠㨳㤲㈺‶牆摩祡〲匠灥整扭牥㈠″ⴭാ㰊呓䱙⁅祴数琽硥⽴獣㹳⹐愹〱㔲慤攭㘴ⴳ戴ㄷ戭㜰ⴴ捣〸昹㤵ㄵ㠹笠䴉剁䥇㩎〠浣〠浣〠瑰ൽ䰊⹉愹〱㔲慤攭㘴ⴳ戴ㄷ戭㜰ⴴ捣〸昹㤵ㄵ㠹笠䴉剁䥇㩎〠浣〠浣〠瑰ൽ䐊噉㤮ㅡ㈰搵ⵡ㑥㌶㐭㝢ⴱぢ㐷挭㡣㤰㕦㔹㤱‸ൻऊ䅍䝒义›挰挰瀰൴紊䅔䱂⹅愹〱㔲慤攭㘴ⴳ戴ㄷ戭㜰ⴴ捣〸昹㤵ㄵ㠹慔汢ൻऊ䅍䝒义›挰挰瀰൴紊䥄敓瑣潩ㅮ笠瀉条㩥匠捥楴湯റ紊䑔椮普ൻऊ但呎匭婉㩅㤠┰ൽ㰊匯奔䕌ാ㰊䠯䅅㹄䈼䑏㹙值挠慬獳㤽ㅡ㈰搵ⵡ㑥㌶㐭㝢ⴱぢ㐷挭㡣㤰㕦㔹㤱㸸⼼㹐吼䉁䕌ാ 㰠䉔䑏㹙†吼㹒††吼㹄椼杭戠牯敤㵲‰楷瑤㵨㜱‵敨杩瑨㠽‸牳㵣挧摩戺愲㤴⸳湰䁧㌳㕦㘴㐮扢㤸挶✷⼠㰾启㹄⼼剔ാ 㰠剔ാ †㰠䑔㰾⁁牨晥∽瑨灴⼺眯睷栮敩扸晵慦潬楡灲牯潣⽭㸢潈楬慤⁹湉硅牰獥愦灭※†††畓瑩獥䈠晵慦潬ⴠ䄠物潰瑲⼼㹁⼼䑔㰾启㹒†吼㹒††吼㹄䈼䌾牨獩慴传⌦㈸㜱䰻畡桧楬Ɱ䜠湥牥污䴠湡条牥⼼㹂⼼䑔㰾启㹒†吼㹒††吼⁄汣獡㵳湩潦ㄾㄳ䈠敵汬䄠敶畮ⱥ䌠敨步潴慷慧奎ㄠ㈴㔲⼼䑔㰾启㹒†吼㹒††吼⁄汣獡㵳湩潦倾潨敮›ㄷⴶ㌶ⴱ㜸〰⼼䑔㰾启㹒ഠ 㰠剔ാ †㰠䑔挠慬獳椽普㹯慆㩸㜠㘱㘭ㄳ㠭㠷㰷启㹄⼼剔ാ 㰠剔ാ †㰠䑔挠慬獳椽普㹯浅楡㩬渦獢㭰愼栠敲㵦洧楡瑬㩯潣⌦㤳氻畡桧楬䁮慨瑲潨整獬挮浯‧楴汴㵥䌧楬正琠敳摮攠慭汩琠♏㠣ㄲ㬷慌杵汨湩桃楲瑳❡琠牡敧㵴✧挾♯㌣㬹慬杵汨湩桀牡桴瑯汥潣㱭愯㰾启㹄⼼剔ാ 㰠剔ാ †㰠䑔㰾⁁牨晥∽瑨灴⼺眯睷昮捡扥潯潣⽭潨楬慤楹湮硥牰獥扳晵慦潬楡灲牯≴㰾浩潢摲牥〽眠摩桴㔽‵敨杩瑨㐽′牳㵣挧摩携㈳㔸⸴湰䁧ㅥ㤰㤱㐴㐮愲晥搰✰⼠㰾䄯㰾⁁牨晥∽瑨灴㩳⼯睴瑩整潣⽭楨硥晢潬楡灲牯≴㰾浩潢摲牥〽眠摩桴㔽‶敨杩瑨㐽′牳㵣挧摩昺昹愲⸳湰䁧㘹㈲挷㌲㐮愲㘶㉤✹⼠㰾䄯㰾⁁牨晥∽瑨灴㩳⼯楰瑮牥獥潣⽭慨瑲潨整獬㸢椼杭戠牯敤㵲‰楷瑤㵨㔵栠楥桧㵴㈴猠捲✽楣㩤㡡㥢戵瀮杮㡀愳ㅢ换⸴戴㝢っづ‧㸯⼼㹁⼼䑔㰾启㹒⼼䉔䑏㹙⼼䅔䱂㹅值挠慬獳㤽ㅡ㈰搵ⵡ㑥㌶㐭㝢ⴱぢ㐷挭㡣㤰㕦㔹㤱㸸⼼㹐⼼佂奄㰾䠯䵔㹌ഀ
Now even though it replaces the signature that is added on server side, the fact that it (mostly) happens with sending an email through Opera and that it (currently) only affects four (known) people I concluded that it must be something that is happening client side. We had one of the people try simply sending an email from Outlook directly and it came through just fine. I'm not entirely sure about this, but I have an inkling of it.
I ran a HijackThis scan on one of the PCs that have this problem and got the following results:
I briefly looked through this, but quickly got frustrated because I'm not familliar with the specific computer so I have no idea if for example anything would be masquarding as something else because I simply don't know what software has been installed.
Though this particular workstation wil be replaced soon, the other three are fairly new.
I simply cannot get my head around what it could be. Maybe it is server side. But then why would it only affect certain users in certain situations?
EDIT: I'd like to mention I found something very similar that seemed to affect Internet Explorer on other websites, but none seem to have actually solved this problem. Links are as follows:
Edited by xvicarious, 26 September 2013 - 12:52 PM.