Posted 29 March 2009 - 04:55 PM
I noticed more ppl are seeing more or less the same effects as I did. Since this forum has been a great help, I'd thought to share my experiences.
The effects I saw were;
- google (and others) search results redirects
- AVG would not update anymore
- windows update website gives an error
- windows update from configuration screen does not start
- programs like cmd, regedit, combifix, etc would no longer run / stay running
It turned out that in registry key
the "aux" value refered to a malware program. In my case it was called "C:\\WINDOWS\\system32\\..\\efumr.swr"
The solution was to use HijackThis to remove this file at boot time.
It was new malware, not recognized by any virusscanner. I submitted it to a number of anti-virus vendors. Kasperky already responded and called the new malware "Trojan.Win32.Agent.byab".