A Data Science Central Community
You type in a domain name, say www.wellsfargo.com in your browser (say Chrome), and a website with broken links, broken images and badly formatted text, shows up. When you click on any link, it "redirects" you to what seems to be a true Wells Fargo page. You try with a different browser (say IE), and you experience the same problem. You visit finance.yahoo.com, and you get an 310 error message saying "recursive redirect found on the web page". You do a search on Google to find what the problem might be, and follow instructions to clean the mess, using various regsrv32 commands, but it does not work. When rebooting, the problem still persists, and on reboot, you get an error message saying "Genuine Windows Validation Not Available".
This has all the hallmarks of being infected with a virus, yet the Wells Fargo issue (which concerned me most) is, in my opinion, not a redirect to a Trojan site. Upon further checking, it's appeared to be a problem with web site certifications. Note that I also experienced some IP errors, probably arising because of a conflict between wireless and land line Internet connections.
Very interestingly, I've found that "someone" (a virus? my kids?) changed the date on my machine, from September 10, 2011, to October 10, 2011. After fixing this date issue, everything went back to (almost) normal, Wells Fargo and Yahoo Finance working perfectly fine. Note that earlier, I signed in onto Wells Fargo with fake login / passwords a few times, because I thought I was the victim of some new type of extremely sophisticated Internet fraud, trying to steal access to my account. Even when I entered the IP address of the Wells Fargo domain (http://18.104.22.168 rather than http://www.wellsfargo.com) on the browser, I had the same problem, until I (manually) fixed the mess.
Now that I've fixed the mess, I believe that it was possibly a virus, but that the (apparently bogus) Wells Fargo web site that I visited was actually entirely genuine, but not properly rendered by IE, Chrome etc, due to the date on my computer being wrong.
My big question, however, is: could a fraudster manage to install a virus so bad that even if you actually type in the domain name (or its IP address) in Chrome or IE, it redirects to a fake Wells Fargo account, yet the domain name showing up in your browser is still wellsfargo.com, rather than an obvious fake redirect (as is typically the case with current viruses)? That is, could the virus manage to fully hide the fraudulent redirect, by somehow rewriting some parameters in the core of the Windows system?