Conclusion: this is some kind of DNS poisoning redirecting to a spoofed google site. Reverse DNS lookup = 64-28-190-83-rev.cernel.net ie: non-google domain as far as I can tell.
Looking through some other blogs and at my comupter in question the DNS server settings in the TCP/IP control panel are shown to be set manually to two servers 188.8.131.52/184.108.40.206. I have also seen
another similar server in this blog http://www.geekstogo...om-t204906.html. A simple fix may be to revert DNS selection to automatic then flush the dns cache. However I cannot say which malicious program has altered these settings. These "DNS-servers" reverse IP to user.mvnet.at - which seems like a funny name for a legit DNS server. Conclusion: some malware has manually altered DNS to request from this sever which is most likely run by the joker behind all this.
Edited by docdlb, 14 July 2008 - 06:25 PM.