Default search for whole subnet points to bestmovies.com

First, I'm not sure it this should be in malware or network, could be either.

Second of all, thanks to everyone here. I've lurked here many times in the past and been able to use the tips here to fix many a problem on my computer and others both at home and at work. I pride myself on being able to research and fix the problems myself. But this one has me stumped. I would run the programs mentioned here, but I don't know where to start.

Third, a little background, if it will help. I am one of two IT managers for a small bank. We have two branches. The PDC is at the branch where my office is, the BDC at the other branch. We are using NAT and each branch is on it's own subnet. The problem we are having is only at the second branch and is as follows. Anytime someone at the other branch types in a URL that does not exist, instead of getting a 404 error, they get sent to bestmovies.com. When I first heard of this, I did try most of the tools to find out how it had been hijacked, but turned up nothing. As I have looked into this, I have found it come up on nearly every computer on that subnet. I have even taken my laptop in and tried it, and it comes up with that problem at the other branch, but not in my office.

We had a trainer come in about two weeks ago from one of our software venders to do some training on new software. It was embarasing to explain to her what was going on when she also got the search page on a URL typo while her laptop was connected to the network and a projector.

My thoughts are DNS related, but I have little experience in that area. I just remember Verasign or someone doing redirects at one time trying to sell domain names. If anyone has any ideas, I would apriciate it.

Thanks for your time.
Steve

 

Basically, all the other computers at that branch are connected to a router located at that branch. The BDC is also connected to the router at that branch. That server provideds DHCP/local DNS to provide NAT address to that branch. The branch is on it's own subnet. That branch is connected by frame relay to the Main branch. The main branch then connects to the internet. The problem is only at the remote branch, which leads me to believe that it is probably on the BDC, but where to start.

I'm trying to think of anything else that might be in between, but can't come up with anything. The other branch is about 15 miles away on the other side of the city. The router is managed by a third party, and I can't get into it so check into anything.

Thanks again for your help
Steve