Google link redirector/hijacker - Windows update service

Firstly, I'm a computer repair professional and troll this site to see what is new in the way of trojans.
Recently My NIS2010 began warning me about several files that were "infected" and removed them.
Shortly there after, My links in google and yahoo searches would get redirected. This is what I tried.
XP-pro IE8 hijacked links, most any search engine.
Tested google chrome - No redirected links
Reset IE8, cleaned all temp files (ccleaner & ATF cleaner) & Disabled all addons.

Scanned with, NIS 2010, hijack this, SAS, MBM, NTT, rookit revealer, and about 10 other little utilities and such. They all found nothing.
I've had this before and had an idea of what it was, but wanted to find a program that could detect this. I considered combofix, but that's my last ditch program.

In Hijack-this, I removed all BHOs and really stripped the system bare.
I use Anvir to check the services and processes.
I Have a few programs that turn off all un-nesessary services
Then turned off optional serivces. No good.
I begin turning off non-critical services.
The first, my fist suspect - Windows update service.

I've had this before, and used this same process to find it. I had already determined to re-install windows, so I ran combo-fix and it confirmed and replace it, but there were enough other problems, plus a few audio drivers were infected to all I got after that was BSOD.

Yes, sure enough, it was windows update service, it showed as a Microsoft product and showed no signs of being infected.

The one thing I would like to know from this community is. What is the best way to repair this, especially since none of the programs see it as a trojan?

Hello,

Since you are not actually experiencing an infection, I am moving this topic to the AntiVirus, Firewall and Privacy Products and Protection Methods forum.

As for your question, there is no best way to repair what you describe; there are far too many variables involved. Further, many different kinds of infections can cause the same symptoms. Therefore, each infection requires a unique removal process.

Orange Blossom

Edited to add: You may wish to read this post: http://www.bleepingcomputer.com/forums/ind...t&p=1918015

~ OB

Edited by Orange Blossom, 05 September 2010 - 09:28 PM.

Hi,

I've seen this before and quite familiar with it.

The infected system files acts as loaders to the actual set of codes/instructions stored in an encrypted section of the HDD.

How does that information help? not much.

How can it be fixed? Replace the infected files. How? Windows Repair Install... is the easiest option.
there is a manual way of doing it but it involves the windows recovery console/linux. repair it from outside Windows.

Attempting to reinstall Windows (repair install) without first wiping the entire hard drive with a repartition/reformat will not always remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system causing problems will still be there afterwards and a Repair will NOT help!.