Yesterday, I had been browsing the internet, specifically tech sites (www.tomshardware, www.hardforums.com, etc); using Mozilla Firefox 3.6.3 on my Windows 7 system, when I had gone to click on a bookmarked site (www.tweakguides.com), when I was strangely redirected to a peculiar IP address starting with 77. I can't remember the exact address I was redirected to, however Firefox had stopped loading of the page, apparently due to the website 'requesting to redirect' in a manner that will never complete, or so. I suspected I may have encountered some sort of malicious site, so I immediately closed the browser and ran both a Quick Scan and a Full Scan with Avast, after updating definitions of course, finding nothing infected. I then updated Malwarebyte's Antimalware and proceeded to try to scan in both 'Quick Scan' and 'Full Scan' modes, still finding nothing infected.
I also have checked for any strange running processes with Process Explorer, finding multiple svchost.exe's, where one had started up WmiPrvSe.exe (or similar) at system boot-up, and that process would stay running until about 15/30 min of use where it would strangely disappear.
One svchost.exe process was using about 141MB of memory for no particular reason; which raised my idle memory usage to 30%, where my usual memory usage would be listed at around 26%-28% with only minimal programs running (Rivatuner, Avast). (I have 4GB of RAM installed in my system)
I am yet to re run these scans from Avast and Malwarebyte's Antimalware in Safe Mode; however I am wondering whether this is actually a case of virus/malware/spyware infection at all.
I am considering if this may also be some sort of Trojan/Rootkit....
The system does not seem to be exhibiting any unusual sorts of symptoms of an infection, other than a videogame running on my system taking up 1,067MB of memory, totaling my combined memory usage to about 2,458MB or so.
Any investigation into this matter would be greatly appreciated.
More detailed System information:
- Windows 7 Ultimate x64
- 4GB RAM
- Internet browser: Mozilla Firefox 3.6.3 w/NoScript, AdBlockPlus, Web of Trust addons.
- Java Version: Platform SE 6 U18
Edit Update: I reran Malwarebytes Antimalware with Quick and Full Scans while in Safe Mode, finding nothing infected yet again...
I am thinking of attempting to use an online virus scanner, such as TrendMicro's Housecall.
Edited by Atamarashi, 03 June 2010 - 07:58 AM.