Thanks again everyone for your input. I'm still puzzled. I saw that a couple of you use Peerblock. So I downloaded and subscribed. I found that the list that was blocking it was from I-block list called for Pornography. I installed Peerblock on all my systems. I found that everyone of them was "blocking" body4u.diy.myrice.com. Background: I'm an IT Specialist that is good at a lot of stuff, but master of none.
WARNING: Do NOT go to any of links or addresses posted in this message. I probably shouldn't state the addresses, but I don't know how to get my point across without doing so.
I noticed in Peerblock that body4u.diy.myrice.com would do a series of 5 - 10 entries, followed by asnbm.myftpsite.net. The asnbm.x.x Google results are produce less results that the original problem. I'm still at a loss.
VMs: 2 Domain controllers and a File server. All 3 are running Windows Sever 2012.
This is a test environment so that I can learn my trade.
2 Desktops 1 Laptop: All running Windows 7 x64 Pro
1 Linux Web server with Wordpress installed
When I first encountered this, I shut down my web server. The symptoms persisted.
I installed Peerblock on every system, and found that body4u.diy.myrice.com was being blocked on each system/vm. The blocking occurred at random times, it kind of seemed like a round robin kind of issue.
I downed my DC's and File server. The issue persisted. I downed the ESX server, and still had issues. I downed each PC and the issue persisted. My DHCP server is set for only 10 addresses between xxx.xxx.xxx.100 to xxx.xxx.xxx.110. Why does it say its using x.x.x.255? I have no idea. I shutdown my network, and all traffic from offending site stopped. This tells me its definitely driven externally. I shut down all devices. I kept my ESX vm environment down. I powered each pc up by itself, and peerblock still blocked the offending site.
I've ran Malwarebytes plus its root kit scanner, Hitman, Combofix, AdwCleaner, TDSKiller, and RKill. None of them found anything. Is there another tool I should use?
There seems to be a little more hits on this issue when doing a Google search lately. They seem to lead towards a search engine, browser redirect, or malware issue. However, none of the "fixes" resolved the problem. There were several fixes that included the registry, but I saw none of the registry entries that applied to this issue.
Some of the symptoms found on searches are: Browser redirects, pop up ads, slows down internet, and overall makes your system sluggish. None of these seem to be affecting my systems. Possibly could be because of my protection? I don't know, that's what scares me. It's what's going on in the background that has me worried.
I'm perplexed, and well, rather pissed. I've never seen this before. My instinct is to format and reload all of my systems. But, If all of my systems are infected with this BS, how would I know that if I recover from backup that I wouldn't just get infected again.
Other sites have mentioned uninstalling recent software. The only thing recent I downloaded was OCCT. This is a hardware monitoring package that helps with system stability issues when overclocking. I uninstalled it, and ran full malware/virus checks again. I haven't installed anything else prior to this issue.
I apologize that this post is so long, but these are my steps and thought processes. If someone knows of, or has a better idea of what I should do, PLEASE help me. I'm humble, and can take constructive criticism well. I just want to get to the bottom of this.