Posted 18 July 2010 - 08:47 AM
When getting results from google searching, irrelevent pages were being displayed, like out of the users control.
I used Spybot and found some 15 trojans of some sorts: -
using Registry entries for \software\avsuite
c:\windows\syste32\locsec\local.ds and user.ds
using various entries in the registry pointing to Ghiwop and virtumondeprx.zip, ..prx1.zip, ..2.zip, ..3.zip and ..4.zip
using registry \software\m5t8ql3yw3
using various \software\v71ql7hi7\Kkot, KkoFC, KkoF, KkoJ, Kk09 and so many more.
I used Malwarebytes and found these: -
The upshot of it is None of these programs now report a problem, good news, but the PC according to malwarebytes is still trying to access the same pages before I did the cleanup so I know there are still reminents of the issue still within windows.
Websites are being reported as blocked, IP's are : -
220.127.116.11, 18.104.22.168, 22.214.171.124 & 135
On visiting one of these pages, all that appears in IE is the work TEST on the page, so I know this is not right.
I have little else I can try myself so if you could render some assistance I would apreciate it.
I have the log files from the DDS program, GMER is still running but will be completed shortly.