Redirection problem on both pc's

This is a strange situation. Sometimes when we try to access the internet with IE wet get redirected too 195.238.10.14 We have scanned both pc's with xsoftspy se,spybot search&destroy and superantispyware free none of them found anything suspicious. The strange thing is internet works fine with Firefox. But the other user only want to use IE. Could please someone could help me?
Thanks in advance.

Niels

 

Scan for Browser Helper Objects.

 

Also scan for LSPs and check the host file and the DNS settings.

 

I performed a scan with bhoscanner it detected something but when I took a look in hijackthis it's was a part of prevx. So I don't think that it's a bad BHO. I can't find any reference for 195.238.10.14 in both hosts files. I don't know how I can check the dns settings or how to scan for lsp's and check if they are legitimate or not. Could you please help me? So I can check it on the second pc. The problem started after our router/modem was changed by someone of our isp. That person had configured everything. I have entered the ipaddress into my browser and then I go to a page of my isp. I had also contact them but they say all that it must be malware. Thanks both for you very quick replies. I really appreciated it.

Niels

 

- LSP:
SpyBot S&D (and SAS, I guess) has a LSP enumerator.
- DNS:
Check the network settings of your network adapter.

If you find nothing, then post a Hijackthis log in a specialized forum.

 

Thanks for your reply. I took a look but every reference in winsock seems fine. I've used spybot search&destroy to check it.

 

Hi all,

Reverse resolving the IP gives this : portal.skynet.be and you are belgium may be i give you a clue ;-)

MaB

 

Niels
you could try cwshredder and see if it's a varient of coolweb. scanner located here http://www.trendmicro.com/cwshredder/

 

Hi MaB

That was also the reason why I contacted them (Skynet is my isp) but they said that it must be malware. Thanks also for your reply.

Niels

Hi ravin

Thanks for your suggestion but I already had run cwsshredder on both pc's. Sorry that I forgot to mention that.
They were both clean.

Niels

 

One last suggestion might be to run winsock repair or lsp fix available here
http://wordpress.stars.manchester.ac.uk/hornet/security/spyware/

 

Hi ravin

Is it safe to use that tool? Because I don't want to loose my internet connection and provider settings.Thank you very much.

Niels

 

I have used the winsock repair tool many times with no problems. I have not used the lsp fix before. you could always make a restore point before running the tool and if all is not well simply restore.

 

Hi ravin

Thanks again. I will try it.

Niels