Posted 19 September 2010 - 06:23 PM
Hi, I'm new and have searched your "infected" forum but haven't found a problem quite like mine. I'm using Windows XP, Firefox (upgraded to 3.6.10 today).
When I run a Yahoo or Goggle search and click on one of the links, about half the time I can't connect, get the Firefox message "problem loading page/server not found", or get re-directed to other pages. The key here is that I noticed that "google.ad.sgdoubleclick.net" is added to every one of my intended web pages.
I've run Hitman pro 3.5, and it told me that I might have been infected with TDL3/Alureon (rootkit detected), and about 8 problems were detected (sorry for being vague here). It "deleted" the problems (no more warning about the TDL3/Alureon), except for 2 tracking cookies. I manually deleted those 2 files in my cookies folder and I re-booted the computer (just in case), ran Hitman pro again, and this time the only thing that comes up is the same 2 tracking cookies (listed below)
C:\Documents and settings\Compaq_Owner\cookies\System@doubleclick.txt
C:\Documents and settings\Compaq_Owner\cookies\System@ads.undertone.txt
Hitman pro is still unable to delete them.
I ran Malwarebytes anti-malware 1.46 full scan, and 3 hours later nothing was found. Everything was "0".
After some reading on your forum, I also deleted older versions of Java, and installed the most current one.
I also run Symantec endpoint protection, and last night, before all of this began, I got a warning that "Trojan.FakeAV!gen39" was detected and successfully cleaned.
I'm not sure if this is relevant or not, but this morning, before all of this started, when I first turned on the computer, Firefox warned me that a new add-on had been added (turned out to be an older Java 6.0.12), and I disabled it.
Any help would be very appreciated.