Hey Bleeping Computer community,
First post here, even though I use information from the forums all the time.
Please note, I have already solved the issue being explained; I want to know the "WHY" and "HOW". I recently had a customer that was complaining that all the sites he would try to go to in the Chrome browser would direct him to the German version of the site. I found this to be true when I was simply trying to download Belarc Advisor on his computer to take a profile of it; it took me to belarc.com/de/. I also noted the "?trackid=sp-006" being added to the end of my Google searches.
Long story short, I ended up figuring out why: I went into Chrome settings and looked at the "On startup" section. *Something* had changed his options to "Open a specific page or set of pages", and in there I found "https://www.google.com/?trackid=sp-006". I removed this, problem solved.
Other people have mention that is was also under "Search" ---> "Manage Search Engines" in the Settings menu of Chrome. The Google search engine had "?trackid=sp-006" attached to it somewhere, and as soon as they removed the "?trackid=sp-006" part it was fine. That was not my case, but I thought it would be good to mentioned as it solved others problems.
This is what I want to know: Why does this happen? How does this happen? If this resulted from some type of browser infection, how does the hacker benefit from it? Should I be worried that some of my clients information may be at risk or that his browsing history was being tracked, or is this simply something that has redirected their internet traffic? Is my client threatened in anyway by this?
It may seem like I'm over reacting a bit to the situation; I fixed the problem and he's doesn't have to learn German. But I want to stop simply fixing things for my clients and, instead, find out the why and how so I may better understand the situation and future situations.