In Windows, there’s a file under the** C:\Windows\System32\Drivers\etc** directory called “hosts”. This file contains a list of domain names (such as ebay.com) to IP addresses (such as the IP address to a site pretending to be ebay). Normally this file is empty because your nameserver is being used, but malware writers will add in their own entries into this file. If you type “ebay.com” and there’s an entry to “ebay.com” in there, you’ll be taken to the IP address there instead of the real Ebay site.
Try to see if you can open that file with Notepad. You won’t be able to edit that file to remove the bogus entries, but you can at least see if it is filled with bogus entries).
If you can’t get to that directory via Windows Explorer or open it up with Notepad, open up a Windows’ Console: Look under the Program Menu under the Start menu. Go to Accessories. When you bring up a Window, type in the following commands:
This will display the hosts file one screen full at a time. As I said, it should not contain any entries (Lines starting with “#” are comments). If it contains anything except possibly a reference to localhost or local, you’ve got troubles.