I'm having an odd problem which seems to be some sort of malware or dns redirction with a XP SP3 machine at volunteer run non-profit I help out at. (No one is paid.) I've been working on this for about 2 days off and on.
Within the last month or so, people started noticing weird results with Google Chrome. Certain things would fail like trying to open www.gmail.com (error was host not found). In IE8, it got a certificate error. If the certificate error was ignored you wound up at https://www.gmail.com/intl/en/mail/help/about.html. Things seemed to work in Firefox except you also wound up at that URL.
I noticed that Malwarebytes was not running (probably because the trial period had expired). I entered a license but it was unable to update (unable to communicate with server - also suggests DNS issues).
I was unable to download Spyhunter (it would never start to download IIRC).
Similar machines plugged in to the same network worked fine.
ipconfig /all showed nothing weird.
I took the disk home (where I am now), installed it in the same model hardware (Dell Optiplex 755) and noticed similar problems. So, this isn't HW or time or even ISP related.
I ran a full scan using the current version of Norton 360 and found nothing important (I think this found a softonic downloader .exe, which I think has been there for a while; even if this was the infection vector, there should be some other signature of the actual infection).
I copied Spyhunter.something.com using the alternative installation instructions from another machine and as soon as I started it, the machine would freeze and need a hard restart (this *might* be a red-herring).
I noticed the hosts file (\windows\system32\drivers\etc) had an entry 0.0.0.0 for www.bdsmlibrary.com and apparently has since 12/07/2012, so I think that is another red-herring. Just to be sure I replaced the hosts file with a clean copy from one of my home machines running XP. The problems persisted (www.gmail.com and unable to install spyhunter or update malwarebytes).
I tried turning dns caching off as per one of the recommendations on the Spyhunter forums (net stop dnscache). The problems persisted (with www.gmail.com and unable to install spyhunter or update malwarebytes).
At this point I booted to safe mode with networking (where I am now).
(in safe mode) I was able to install spyhunter using the alternative installation instructions. I was also able to update malwarebytes.
(in safe mode) I ran spyhunter. It found nothing relevant (85 tracking cookies; they were cleaned and didn't come back on a subsequent run).
(in safe mode) I ran malwarebytes. It found nothing relevant (the softonic installer .exe described above and the fact the logoff was missing from the start menu).
The problems (most notably opening www.gmail.com getting weird results or failing depeding on the browser) persist.
Now, I could have just re-imaged this machine for less trouble than I've gone through already, but I'm really curious to know what is going on especially if it stops it from happening in the future. Besides running Norton 360, I do plan to make sure the Malwarebytes is running in the future.