One of our client's PCs last week was infected with malware, pop-up windows. Threw everything at it (they have Sophos installed) Malwarebytes, Ccleaner, MS Safet Live. Thiese all did a good job, but then Sophos reported a possible rootkit, so I ran Kaspersky rootkit killer and this found and removed it.
All seemed fine. Our client now reports every so often when on the Web (using IE) web pages coming up with adverts. I've logged inot them remotely and seen it. In effect it's a dummy webpage with an advert. See attached screen snap. Not how it even mimicks the Google logo in the search entry field top right!
Today I ran malwarebytes which found some things, then CCleaner, also rootkit thing from Kasperksy (clean) finally I installed MS Security Essentials (clean).
This web page and variants still coming up. It can be closed with no problems but will appear again after 5 minutes or so.
Has anyone see this before? Any ideas how to remove it?
They're running Windows Vista on a Server 2008 R2 network, nothing reported on any other PCs on the network
(BTW the Anti-Spam Email Software zone is a mistake on my part! I meant anti-virus, I think. Can't workout how to change zone)