On Feb 16, 6:02 am, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "Symp EL" <no.s...@for.me>
>
> | Google.com and iGoogle (Google search works fine) started redirecting to
> |sitesure.com this morning. I have ran AVG, Spybot S&D, Windows Defender, CWS
> | Sredder and all have found nothing. My system is heavily protected and I use
> | a HOST file as well. Any ideas?
> |
>
> I have been thinking about this. You say you have an etc/hosts file but you still
> redirected.
> There is a new series of DNS Changer Trojans that AVG is presently failing to detect.
>
> Run HiJackThis!
> { Do NOT post the log here }
>
> Look for the following...
>
> O17 - HKLM\System\CS1\Services\Tcpip\..\{79E79409-5F0B-46F1-8C75-DAA276C25110}: NameServer =
> 85.255.116.52,85.255.112.108
> O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.52 85.255.112.108
>
> Is anything similar seen in the O17 entries ?
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

Dave, et al,

Has anyone figured out what caused the issue? We run sitesure.com, and
used to host Google Gadgets from the site. Recently, due to a billing
issue the domain name expired and the site went offline. Network
Solutions redirected the DNS entries to a "holding site" on their
servers until we noticed and renewed. Could this have contributed? I
apologize for any inconvenience, but we have done nothing intentional
to cause the problem. I am currently combing the server to ensure that
we were not hacked -- but can find nothing subspicious.

Bill Hall