It all started when I got Security Guard malware. It did alot of damage but seemed like the standard malware. Preventing explorer and taskmanager from launching, deleting MBAM.exe, redirections, etc etc etc. Another issue- ProcessExplorer was showing multiple instances of iexplorer.exe, and TCPView showed them all having connections to random IP addresses.
I thought I had removed the virus, first manually through command prompt (because it was all that I could get to work from Safe Mode) and then through Malwarebytes/ Bleepingcomputer's guide. The only thing that seemed to be left was the redirection (replacing HOSTS did not fix this). At some point in this ordeal I also got the "Windows Defender" malware; removed it as well.
Though the only visible problem was the redirection, Microsoft Security Essentials (which I know isn't the greatest but it's my only live protection) soon began constantly finding new instances of "Win32/Alueron.H" . They begin stacking up at random times during the day. The details of the infection point to TMP files and files with other random TMP extensions with the "OLD" in the file name; for example, OLDF98.tmp and OLDFBF.tmp848D858B , located in Windows/system32/drivers . Also suspicious are many randomly named 8-letter system files in the same location. Many (or maybe all) of these files showed up in RootKitRevealer's scan. Malwarebytes and BitDefender scans did not find any problems however. MSE claims to suspend and disinfect the instances of Alueron.H them and asks for a restart. After restart, redirection still exists, but all else seems well- until a few hours later, when the Aluerons return again. Literally hundreds stack up.
We attempted to find the locate the source of this thing without much luck. We've run ComboFix, done much work in AutoRuns, cleanings with Malwarebytes, removed the problems RootKitReavealer found, deleted tons of files that could have been the issue. However, everything just keeps coming back.
The only noticeable detriment to my computer is the redirection, on links in Google searches. Otherwise, the virus has little to no noticeable effects. Redirects are to random advertisment sites, findgala.com, and occasionally a fake virus scanning page. Been trying to avoid clicking any links as much as possible, just copying their target location instead.
Let me know what I need to provide you with more information! We are simply stumped.
Edited by RandomStudent, 17 April 2010 - 08:54 PM.