Posted 05 September 2010 - 08:44 PM
Firstly, I'm a computer repair professional and troll this site to see what is new in the way of trojans.
Recently My NIS2010 began warning me about several files that were "infected" and removed them.
Shortly there after, My links in google and yahoo searches would get redirected. This is what I tried.
XP-pro IE8 hijacked links, most any search engine.
Tested google chrome - No redirected links
Reset IE8, cleaned all temp files (ccleaner & ATF cleaner) & Disabled all addons.
Scanned with, NIS 2010, hijack this, SAS, MBM, NTT, rookit revealer, and about 10 other little utilities and such. They all found nothing.
I've had this before and had an idea of what it was, but wanted to find a program that could detect this. I considered combofix, but that's my last ditch program.
In Hijack-this, I removed all BHOs and really stripped the system bare.
I use Anvir to check the services and processes.
I Have a few programs that turn off all un-nesessary services
Then turned off optional serivces. No good.
I begin turning off non-critical services.
The first, my fist suspect - Windows update service.
I've had this before, and used this same process to find it. I had already determined to re-install windows, so I ran combo-fix and it confirmed and replace it, but there were enough other problems, plus a few audio drivers were infected to all I got after that was BSOD.
Yes, sure enough, it was windows update service, it showed as a Microsoft product and showed no signs of being infected.
The one thing I would like to know from this community is. What is the best way to repair this, especially since none of the programs see it as a trojan?