Longish post but only because i'm trying to give as much info as i think may assist.
A major and safe website that i've used for many years is the Manchester Evening News. It's won many awards. Very recently i had noticed in the status bar of IE that the progress bar never reaches 100% although the page displays without anything apparently missing. Also, more importantly i see an endless stream of blisteringly fast (I'll space the ip address out so nobody can click on it ) "waiting for mookie1 .com" and several variants such as 'b. mookie1 .com' and 't. mookie1 . com'.
I opened up TCPView and within minutes there are thousands of Endpoints all with the same ip address in the Remote Address column in a TIME_WAIT state. They continue proliferating at a speedy rate until firstly IE freezes then my computer does the same. (I'll space the ip address out so nobody can click on it,) it is 208.71.125.1 Although a Google search for that address refers to 't. mookie1 .com from tracker12'
I've run full NIS scans also a MWB scan (does NOT run live on my computer but have found it a great back-up AV) and a Root Kit Detector etc all return ok.
From Googling and using site checker sites and Honey Pot checks i see that the site is associated with cookies/advertising. The Google checker reveals; What is the current listing status for mookie1.com? This site is not currently listed as suspicious. What happened when Google visited this site? Of the 15639 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-04-14, and the last time suspicious content was found on this site was on 2012-02-06. Malicious software includes 2 exploit(s). Successful infection resulted in an average of 4 new process(es) on the target machine. Malicious software is hosted on 3 domain(s), including (i've omitted the addresses here). 4 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including (i've omitted the addresses here). This site was hosted on 5 network(s) including AS33694 (247REALMEDIA), AS13345 (ROCKYNET), AS26914 (FUSIONSTORM). Has this site acted as an intermediary resulting in further distribution of malware? Over the past 90 days, mookie1.com did not appear to function as an intermediary for the infection of any sites. Has this site hosted malware? No, this site has not hosted malicious software over the past 90 days.
A major concern to me, as i'm not educated in such matters, is for the first time i can ever recollect in TCPView the Local Port had an entry saying 'PPTP'. As far as i can tell that relates to a VPN. I don't have a VPN set up as far as i'm aware lol. It may have been a coincidence as i don't think i've seen it since when opening up TCP VIew whilst checking the Mookie invasion.
Oh yeah, i did actually add 'mookie1.com' to my list of blocked addresses under IE tools/options/privacy, to no avail it would seem as it carries on opening up endpoints regardless. Can anyone shed some light on the above matters and how i can block this mookie1 thing. Whilst i do have Firefox and Google Chrome i prefer to use IE 98% of the time, so please let's not get into browser wars lol.
Incidentally, i don't have any problems with Google (or Firefox or Chrome) being redirected. In my research before i've headed here i saw mention of a virus with the name Mookie in it and it redirects Google. However, this Mookie seems to be some sort of cookie to do with 247RealMedia. Well, unless of course it is a virus/worm/whatever!
An update to when i originally penned this, it has occurred on 3 or 4 other famous major 'safe' websites since and also today for the first time while using Windows Live Messenger. The latter does carry banner ads on the user interface.
Sincerest thanks in advance for any helpful advice or thoughts on the problem.