samba - Jun 2012 - when nmb is on some web-sites are redirected to malicious pages

Hi!

I use OpenSuse 12.1 and I have written to OpenSuse security maillist but 
noone can help me.

Here is an OpenSuse forum topic where have describe the problem in details:
http://forums.opensuse.org/english/get-technical-help-here/network-internet/476052-i-think-its-virus-while-nmbd-running-some-web-sites-redirected-broken.html


Here is a Ukrainian key media recourse http://www.pravda.com.ua/

This is how it has to look:
http://view.xscreenshot.com/e1e9e64a30772d2a183d513efd47fbd4

Here is what I see in any browser:
http://view.xscreenshot.com/4706f11e9d29a40ff1a7dd12c640e321



And there is also a popup window.

When I turn nmb daemon off, I see the proper page.

If using TOR or OperaTurbo I always see the proper page. So I'm 
redirected only when using my normal browser and nmb on.

I did many tests and tries and provided tons of my configuration info at 
the opensuse security maillist, but with not result. The only result was 
that I ran tcpdump and the problem gone! And never came back. Is if it 
was a virus and saw it was monitored and stopped itself.

But I reinstalled opensuse from scratch, started samba server and got 
the problem again.


I don't know what to think. This may be a virus or a government  block 
of the web-site in some whay... I don't know if it's my computer problem
or a DNS traffic replace or anything else. I need some specialist help. 
This may be a security issue.


Please check the forum link I provided above not to suggest things that 
have been suggested and tester before.

Thanks.