Posted 23 April 2011 - 07:02 AM
I have often seen this problem. Most of the time (assuming the main infection has been removed), the "hosts" file has been modified by the malware. I recommend downloading a free program called "hostsman" and installing it. You can find it on many freeware/shareware software sites such as softpedia, or download.com. This will make clearing the hosts file much easier. You can do it without such a program, but windows will make it more difficult to save the corrected file without renaming the old one first. Hostsman makes this process much easier. Otherwise, the hosts file is located in C:\windows\system32\drivers\etc\. Unless you use hostsman, you will have to open it in a text editor, and clear out the redirect entries. Likely any line that does not begin with a "#" may be suspect, unless you had another program that put valid entries in there, which is unlikely. When you try to save the corrected hosts file, you may have trouble, as it may be "in use" or system permissions will not allow saving the file. This is why I reommend using the hostsman program.
Other things to check are proxy server settings installed in your browser (in internet explorer go to "tools/internet options/connections/lan settings/ and try clearing the "use proxy server" checkbox, if it is checked). Malware will frequently install a proxy server address to control your browser traffic, and redirect you via a proxy server. Also, in rare cases, some malware can alter network router settings and put improper DNS server addresses into your router, which will allow all browser requests to resolve to non-legitemate servers, which may redirect your web browsing. But the most likely culprit is probably your hosts file, so get the hostsman program, and check it.