I followed all directions from the above link. None of the scans found anything. My roommate was telling me that her iPhone was getting redirected as well. I checked the DNS settings for the iPhone and this is what I found.
220.127.116.11, 18.104.22.168, 22.214.171.124
The last ip is legitimate from my ISP in Alaska. The thing is that none of those DNS servers servers should even be listed at all. I have a Windows 2012 server on my network that is giving out DNS and DHCP and the DNS should be the address of the Server. I have on occasion found these DNS servers on my computer but I called my ISP and they were doing maintainece at the time so I ignored it.
The second ip does not resolve at all so felioniti.com must be the bad seed of the DNS. I have a Linksys router which is suseptable to the Moon router code so I reset it back to factory defaults and updated the firmware and made sure that remote Admin was turned off as per the instructions at the Linksys website. >
Another interesting article about the Moon Malware. It specifically states that is uses Phony DNS
All devices in the house now show the proper DNS settings and I am hoping that I won't be getting any more pop ups. I will repost if this comes back but for now I have my fingers crossed.
Thanks for your time and effort in assisting me.
I really do hope that this helps others as I struggled with it for a week before posting here. I work in IT and am a fair hand at removing viruses. This totally eluded me and the help provided by BC Advisor set me on the right path. Bleeping Computer is bar none the best site for Virus/Malware help and I am sure that it is much appreciated by everyone in the IT community.
Kudo to all.
Edited by BC12398, 05 July 2014 - 09:14 AM.