In <So%2e.82$I12.688@news.uswest.net>, Petebert wrote:

>I just started getting redirected to a search engine while trying to go to a
>few normal sites, heres where it sends me http://find-it.web-search.la/
>
>Ad Aware and Spybot dont find anything to remove, any suggestions?

This appears to be the result of DNS poisoning:

Previous Next

Handler's Diary March 30th 2005
Another round of DNS cache poisoning

(from handler Kyle Haugsness)

We are investigating another round of DNS cache poisoning. Reports
have come in from some very large commercial organizations and they
report using only Windows DNS servers that are secured against the
attack or using Windows 2003. We are trying to identify whether this
is a bug on Windows DNS servers. The symptoms of the current attack
are as follows:

1. We still have not identified the trigger. If you know how people
are being forced to the malicious DNS server (below), please let us
know.

2. The malicious DNS server is 216.127.88.131. We are in the process
of trying to get this IP address blackholed. In the meantime, the
server is poisoning the entire .COM domain. It returns the following 3
IP addresses for any hostname lookup in .COM:


209.123.63.168 / 64.21.61.5 / 205.162.201.11


3. The 3 IP addresses above return a simple HTML page with the
following embedded URLs. These servers are trying to drop malware on
your machine, so DO NOT browse to them:

vparivalka .org /G7 /anticheatsys.php?id=36381
find-it .web-search .la
-----------
http://isc.sans.org/diary.php?date=2005-03-30