Posted 19 May 2010 - 04:05 PM
This past weekend I noticed that my browser started redirecting to anonymous sites from google search links. I also noticed a fictitious antispyware called antispyware soft pop up on my screen. I also happened to purchase a new graphics card at about that same time. Rather than use the CD included in the box I decided to download the latest and greatest drivers directly from msi's home site. That is when I noticed the next symptom; I could no longer download a file. It would get to 99% and then get a host rest error.
At that point I rebooted in safe mode with networking and began to research the problem online and look for the best antispyware download. I decided on ESET. I downloaded and then ran the trial after a reboot to normal mode. ESET found numerous suspicious files and cleaned or quarantined them. I rebooted, opened up mozilla, ran a google search, clicked on it and all seemed okay until I clicked on another search link.
At that point all problems returned. I found that I could use google search links by copying the link and manually pasting into a new broswer window.
I decided to search for manual resolutions and found a fix to search for and delete some file and then go into the registry and delete some entries. After doing so all seemed fine for a while, but then later reincarnated itself will all previous problem and more. Now my email wouldn't work (outlook) and I started getting a persistent error box stating that the username and password for my proxyserver were invalid 0.0.0.0.
At this point I rebooted back in safe with networking mode and then found a download called malwarebytes and ran it with the same outcome as all the other remedies, although it found things that ESET did not.
Back to Safe mode again! The next thing I did I now realize I should not have done after reading through your forum. I downloaded and ran "ComboFix", so my apologies for jumping the gun on that but I was in panic mode at that point and didn't fully read before acting. However, I probably lucked out. It crashed on the first several attempts until I finally figured out to disable ESET in the Start menu and then reboot. I also disabled a lot of other items on startup that I thought looked suspicious or were otherwise not essential. For example, I disabled all JAVA related items because I suspected an intrusion via JAVA for a while now. After reboot ComboFix ran through all phases and created a log file. As per your site instructions I am not posting it unless directed to do so.
The good news is that it fixed some things. With a cringe, I reluctantly restarted ESET and dared to try outlook again. ESET prompted me to allow or disallow each remote connection. Prior to allowing each, I independently verified the IP address of each from another PC. My email works fine now and the malware programs show no signs of still being on my computer.
However, I have not had the courage to open any browser since running "ComboFix". After reading your forums more (from another pc) I decided that it is best to have the experts advise from this point before I open another can of worms.
Thanks in advance and sorry for the book, but I wanted to provide as much relevant information as possible from point of first symptom to now.