The first symptom I noticed was explorer wasn't loading on startup. A dodgy entry had got into the Shell key in the registry, so I cleaned that up and started running Malware scans. Subsequently, I've noticed that maybe 50-70% of the time I click on a Google search result, I'm being redirected to sites other than the link suggests. If I copy the link location and navigate to it directly, the link works. If I keep going back and clicking again, I get through as well.
I've also noticed some port scan activity in my router firewall logs that has been blocked. The activity is UDP outgoing from my box on ports 1031 and 3343 to a remote IP of varying ports around 55000+
So far, I have run SUPERAntispyware, Spybot, Adaware (free), MBAB, ComboFix, HouseCall, Panda ActiveScan and ESET Online Scan.
SUPERAntispyware has yet to find anything apart from tracking cookies, same with Spybot and Adaware.
MBAB found "Trojan.Sasfix" and what looked like a false positive hit on a couple of files for "Spyware.OnlineGames", I let it quarantine the files.
As far as I can tell, ComboFix did nothing, but I have the log to hand.
Panda ActiveScan just came up with false positives as far as I'm concerned (it targeted two files I've had for years), but I have these files backed up, so I just let it delete them.
ESET Online Scan came up with "Win32.Spybot.Worm" and said that it fixed it, and I can't see any other traces of the virus to confirm or deny this.
After all this, the problem is still occurring, and I'm absolutely stumped. Can anyone tell me what to do now? Logs can be supplied on request.
Thanks in advance.
Oh yeah... I'm running Windows XP Pro.
Edited by BenBasson, 01 January 2010 - 11:35 AM.