Hi all, this is Fabiano fron Italy.
I'm having exactly the same problem described in http://www.bleepingcomputer.com/forums/t/568272/google-search-redirected-to-fake-site/
but i'm not allowed to replay to that topic so i started a new one, sorry if i'm doing wrong.
Every now and then some process tries to downlad a proxy autoconfig script named "server.pac"
The problem appears with random frequency, sometime for three or four days it does not show up, then suddenly three times in the same day.
My antivirus (ESET) catches the event and stops the connection that tries to download the server.pac file from 18.104.22.168
and in the antivirus log the process associated with the event changes (sometimes it's "C:\Windows\System32\svchost.exe",
sometimes it's "C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE") so my guess is that somehow malicious
code is injected in legitimate processes.
The strange thing is that googling about this pulls out very few results, maybe this infection is new or has made few victims
or it's just that the majority of antiviruses don't catch it ..
My system is a windows 7 ultimate x64 fully patched, i have malwarebytes antimalware installed besides eset antivirus.
I can reinstall my pc but i would prefer to try to really understand what's going on and get rid of this pest.
So please tell me what can i do to help understanding this thing and, please, excuse my english ....