We began having problems yesterday morning that seem to have gotten progressively worse in the meantime. We have a Windows 2003 / XP / Windows 7 domain environment, all behind a Watchguard x1250e firewall.
Users began complaining that there were certain sites they couldn't get to, while others were fine. Some of the problematic sites were banking sites. I checked the firewall logs and found that several computers on the LAN were trying to pass outgoing traffic on port 80 to a set of IP addresses in the 70.96.0.x range. The firewall is blocking this outgoing traffic with messages like this:
"192.168.x.x. > 22.214.171.124...ZangoBar|180Solutions|BT, destination IP on Spyware Blocklist, firewall drop."
As time has gone on, more and more of our computers are attempting to send packets out to the banned range of IP addresses. We're still unable to reach certain banking sites and also can't reach Microsoft Update and can't download updates directly from the AVG site. Has anyone experienced something similar? It feels like all the computers on this LAN have hijacked browsers......IE & Firefox both produce similar results.
I'm in the process of updating AVG to the latest version, but would love to know if somebody else out there has had a similar experience and how you got through it.
Thanks in advance, EE community,