Hi,
thanks to all for reporting this phenomenon to us.
To further clarify, we don't consider this to be a false positive. What we though is that "google.com" address should belong to the Google company and therefore we have updated the Home Network Security routines to check for that. (for google and many other domains)
Now, it seems it is not true with many ISPs. ISPs do sometimes redirect some domains onto their own servers.
We do NOT consider this to be a false alarm. These things seems to happen with some ISP and HNS has correctly detected it does happen. However, it was wrong to report this issue as a sign of hacker infection on your router.
This is most probably something you should not be concerned about - after all you should trust your ISP :-) and ISP is "most probably" doing this to speedup your network access or to provide caching for frequently accessed pages.
You don't have to run anything on your machine to fix that - we just stopped reporting this specific scenario. The commands David (jursa) mentioned bellow are just for the curious ones - do you want to know if the ISP caches google sites for you or not?
What we will do now is investigating the case in more detail and possibly find out what are the reasons for ISPs to do that. In the future we might re-introduce this check into HNS scan again, but with more appropriate wording - for some users it might be interresting to know that they are not talking with google (or other companies) directly.
Thanks a lot again,
Lukas.