Posted 19 September 2010 - 07:23 PM
I am having a problem on my Windows 7 64 bit machine. A few weeks ago I noticed a couple programs attempting to launch itself...not sure how I got infected but as soon as I noticed that, I installed a number of programs to try and fix it. I initially installed Windows Security Essentials, Peer Block and MalwareBytes Anti Malware (I also have McAfee on this computer, but it's pretty useless as far as I can tell). These programs found a couple instances of Win32/Hiloti.gen!D, one of Win32/Bamital, some other various exploits and questionable things. I thought everything was good, but then I noticed that in Firefox, google links would sometimes redirct to 126.96.36.199 (MalwareBytes blocks the redirect, and it always to the same address). I did a bit of researching and noticed that this is likely caused by the the TDL3 rootkit. I then downloaded Sophos Anti-rootkit, Kaspersky's TDSSKiller, Prevx, Hitman Pro 3.5...and for good measure, Gooredfix. HitmanPro found an exploit in a text editor program I downloaded, but aside from that none of these programs found anything related to TDL3 or, but I was still having issues with Firefox and google redirecting a link every once in a while. I have not seen this behavior in IE, and having installed Chrome recently, can't say Ive seen it in there either...although to be honest I don't use either browser enough to really know for sure.
I even went so far as to boot into recovery mode and rebuild my MBR (given the nature of TDL3 for Windows 7 64bit), although I suppose the damage has been done at this point. The latest attempt to fix this was to delete and rebuild my Firefox profile, which means reinstalling all of my extensions. That worked for a day but I just had a redirect...at this point I figure it would be best to seek professional help.
Thanks in advance for any help you can give me.