Auto-re-routing

[Sevis]

Okay, first of all, this looks absolutely nothing like an already activated virus, trojan or rootkit. Why in the world would such a thing blatantly show itself, almost yelling "Hey, you're infected!" at the user? What would it possibly have to gain? Neither does DNS-poisoning seem to be all that likely - but, none the less, you could try setting your DNS to be something unlikely to be poisoned, such as your work DNS-server or (if possible) the RNS.

Now, as to what I'd guess this is:
The image it displays looks silly, at best. It is either trying to keep the user focused on it (at the risk of alerting the user to it being malicious) or wants to give the user some sort of choice. The second, although unlikely, is possible - something like "If you're stupid enough to agree to what we're suggesting, we'll rootkit you, but we'll spare the smart ones." Ethics? Meh.

Either way, you are not of any true influence on the process. If it can run arbitrary code on your machine, it will do so as it pleases, and does not need your permission. If it cannot, I see little point in it existing... A prank? Unlikely.

Thus, what we know about the program:
1. It shows up while, and only while, you are browsing the Guild from a Windows machine.
1.1. Thus, it likely has a check about whether your browser claims you're using Windows - try changing this variable, and see if it vanishes. If you post your current one, I can try it under Linux.
2. It shows up on both Firefox and IE.
2.1. Kudos for making it browser independant >.>
3. Neither antivirus is alarmed by it.
3.1. Now this is the interesting bit. The high-security one should be tipped off by just about anything. Could you specify which one it is that you use at home and at work, please? No need to include firewalls - I'm guessing this is purely http.

I would advise scanning at least your home system fully, to make sure it didn't cause you to get infected. Further, NoScript was already mentioned - it's a great thing, although not all that necessary now that AdBlock can block .js files. When browsing the Guild, Firefox wishes to execute scripts from totalwar.org, google.com, adbureau.net, quantserve.com and atomicgamer.com. I allowed the first two, blocked the rest (don't know the last one, but the other two are ad sites). Back on Windows machines, I've had Avast light up while browsing quantserve - that could very well be the problem.

[Braden]

Sure.

I have browsed many...many forums etc and this occurs only here. So, we can confirm some association.

Antivirus kits

Home - Avira (using IE8)

Work - Mcafee (using Firefox)

Both machines are using Windows XP with the latest service packs etc making them fully upto date.

I don't get much facetime with my home PC so a full scan is planned just not executed yet. I can't self-scan my work based PC but this is done every night by automatic IT executable and I have not been notified of anything amiss.

I now use the Tabs functions more to help prevent this annoyance. Always having two tabs active means that when this occurs it occurs on only one tab so I just manually close that tab (it displays another fake warning which I "X" close down rather than using its "OK" to close).

[Braden]

When browsing the Guild, Firefox wishes to execute scripts from totalwar.org, google.com, adbureau.net, quantserve.com and atomicgamer.com. I allowed the first two, blocked the rest (don't know the last one, but the other two are ad sites). Back on Windows machines, I've had Avast light up while browsing quantserve - that could very well be the problem.

Done a little research and I think you may have found the issues here...but I'll still scan my PC, always good practice.

[Viking]

So much for the 'checks OS' theory.

Spoiler Alert, click show to read: 

[Sevis]

So much for the 'checks OS' theory.

Spoiler Alert, click show to read: 

Well, that is Windows, judging by the look of it. Might not check OS version number, simply the name.

EDIT: Aha! Instead of giving a pop-up with the choice of continuing the 'repair' or aborting, it suggests you download something... Interesting, let me give that site a go.

EDIT2: Went to the page manually. No matter what you click, it gets to the point where it offers you to repair. If you press the screen anywhere at that time, it'll try to download an "install.exe" - against which Firefox is safe, but I'm not sure if IE is. Until that comes up, there was no sign of any intrusion.