The problem we are facing here in our company started around 1 week back after an employee installed an application on his colleagues pc.
As soon as he installed that application, every computer on the network that had it's ip address configured by DHCP was not able to browse the web, when a user would open a browser a web page saying "Update Your browser" with a button would display.... and upon running an "IPCONFIG" to view that particular pc's details it would keep the ip address and subnet mask the same but would change the entries for the DHCP Adddress, DNS address, would also change the mac-address in the entries....
we are using McAfee as our anti-virus for protection and we called up McAfee tech support and they mentioned that it's not a virus so they wont be able to help out with it.... we are suffering with this and temporarily all our cients have been assigned static addresses...
I formatted the flash of the cisco 2821 router and reinstalled the ios and plugged it to an isolated network and it seemed fine but as soon as i plugged the router back to the company network the same thing.... the dhcp on the router I suspect is being spoofed by this malware and is acting as the DHCP server and handing out the dns and dhcp values.....
appreciate all the help i can get...
Regards,
Aamer
PS: Attached is a screenshot of the web page that shows up when someone tries to access the internet using DHCP as well as the OTL Report.