All of my internet search results for google are redirected through 184.108.40.206 and my yahoo are redirected through 220.127.116.11. Other oddities are that from Run I can't launch cmd or REGEDIT. Instead, I had to copy and rename the executable files in order to access the c prompt and system registry. It has also not allowed certain scanning programs to receive updated definitions after installation.
I have Symantec End Point but it didn't catch whatever has caused the problem. I've scanned in Normal and Safe mode with SEP but have found nothing. My definition files have been updated as well. It did return the following in the risk log and reported it as being deleted:
Date and Time: 3/31/2009 7:39
Risk Type: File
Original Location: c:\Documents and Settings\username\Local Settings\Temporary Internet Files\Content.IE5\99S341XG\
Current Location: Deleted
Primary Action: Delete
Secondary Action: Leave alone (log only)
Logged By: Scheduled scan
Action Description: The file was deleted successfully.
I ran Microsoft Window's Malicious Software Removal Tool March 2009 and it found nothing. I attempted Trend Micro's housecall but the infection prevented it from running.
I ran pandasoftware's activescan and it identified what I believe to be SEP files (hkey_classes_root\sep.av.scandlgs and hkey_local_machine\software\classes\sep.av.scandlgs) so I've done nothing with them.
I installed AdwareAlert and it found the following:
Adware identified a bunch of hkey_classes_root\interface\...... locations that I removed from the System Registry, but the problems remained.
I installed Malwarebyteâ€™s Anti-Malware and when I tried to update the definition file it failed; however, I did the manual install and the definition file was updated. I performed a scanned in Normal Mode and it identified two items in C:\WINDOWS\system32:
Trojan.TDSS - TDSSpkxukdqf.log
Rootkit.Agent - TDSSufevllmj.dll
I had it remove them and then went to C:\WINDOWS\system32 and found a similar named file:
I deleted it.
I rebooted but the same problems remain. I have since run Malwarebyteâ€™s Anti-Malware in Safe mode but it hasn't found anything since.
I am currently running SUPERAntiSpyware. I installed it on my computer but the defintion file update failed. I tried the manual install option but it never showed as being updated. I installed SAS on this computer and the definitions updated fine. I then copied PROCESSLIST.DB and PROCESSLISTRELATED.DB from the folder of the succesfull install/udpate onto my computer; however, when I launched SAS it still didn't show the definition files as being updated. I ran ATFCleaner in Safe mode and then launched SAS. I conducted a full SAS scan in safe mode with only the following checked:
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
It found a bunch of tracking cookies and 1 trojan:
So it looks like whatever is on my computer reinstalled the file that I manually deleted yesterday.
I've run Process Explorer and have looked for TDSS* but it didn't find anything. I also haven't observed any abnormal processes being listed either.
I will now rerun Maleware in Safe Mode and would appreciate any other suggestions/recommendations.
Edited by Orange Blossom, 11 February 2013 - 04:20 AM.
Deactivate link. ~ OB