Posted 27 August 2010 - 08:27 PM
windows XP home
toshiba laptop A-25 S307
Zonelabs security suite
When using Opera, google results frequently redirect
Firefox wicked slow/won't open
IE opens, and have not seen any redirects from Google results yet.
I think that I introduced malware to my computer today, when I downloaded/installed a program called Gmaptool.
Shortly after that, I received a series of warning popups from zonelabs about files trying to acces the internet. They were generated by 3 different .tmp files, which I Googled and found zero results. One tried calling itself "security solutions software", and then switched to the actual .tmp file name. I only recorded 2 of the file names.
Then I received warnings that the same files were trying to access priviledged resources.
While I was Googling to investigate these names, I discovered the redirects.
I used add/remove to remove the Gmaptool program. I deleted the .tmp files manually, and ran CCleaner on my browser caches.
Then I did system restore to a point created 8/28. The restore was successful, but the problem remained.
I also noticed some other issues. I could not shut down the computer through the start button. Zonelabs was bogging. Task manager would not open. I updated Zonelabs and scanned, no infections found. Same with Malwarebytes.
Hitman Pro found a problem in ipsec.sys, and warned me: "Possible variant of TDL3, (alias Alureon) rootkit detected"
Hitman also detected 3 .tmp files and called them "trojans". I did not record the names, but they were short names, 4 characters, not the same as the first .tmp files. They disappeared after another reboot, but another Hitman scan still shows the ipsec.sys "rootkit" problem.
ipsec.sys appears to be a necessary file, so I did not delete.
most recent warning from zonelabs was this:
Description setup.exe was prevented from modifying an existing driver or service: 6TO4
Date / Time 2010-08-27 20:38:42-4:00
Subtype Modify Driver
Action Taken Blocked (once)
Policy Personal Policy
Any help appreciated!