OK, apparently this started around the middle of last month, and it's still happening. It's happened twice to my co-worker and I wonder if there's a definite fix as the AV companies apparently haven't nailed it down yet.
Here's what's happening...
All Google and Yahoo searches through IE and Firefox are being redirected through the address 126.96.36.199
When using Firefox, you'll notice "188.8.131.52" instead of "connecting to Google" in the status bar.
The subsequent search terms show relevant results in the text and all, but the associated links are horribly wrong.
When this happens, you will also find a file named wdmaud.sys
Also there will be an associated registry entry at HKLM\Software\Microsoft\Windows NT\Current Version\drivers32
It will be a key named "aux" with a value of "wdmaud.sys"
The general consensus of opinions is that the attack vector is a tainted PDF that gets payloaded from a banner ad or hidden iframe, and it may also be a rootkit.
Have you come across this?
If so, did you get rid of it?
Where did you find the most helpful advice?
The reality is that this is a new threat that needs to be dealt with quickly.
Changed title of topic so folks know this about a virus, not just a personal annoyance.