Nasty browser hijacker infestation: IE7 flavicon redirect!

Hi malware fighters,

At work I work with IE7 installed. My start page which was set as: www.fravia.org has been changed into “expired.revenuedirect.c*m/flavicon.ico/park.php?domain_name=FRAVIA.COM&site_id=42006”
Furthermore a persistent cookie namesomething@expiredrevenuedirect.com cannot be deleted.
Resetting the browser to go.microsoft.com changed that into name@http://go.micosoft.c#m/fwlink/?linkId=69157 the cookie hence reappeared…
Killed the bastard with a HJT, but how did it get there in the first place. From where and how this malware is installed. Is this a new creation of the directrevenue adware pushers? They hijack the flavicon in IE7. Somebody knows the ins and outs of this montrosity. It is very annoying, and anti-spyware programs only detect the “tracking cookie”. Is this adware somehow seen as legit and above the law? It is a big pain in the proverbial behind…

polonus