About two weeks ago I opened a suspicious .exe file that hadn't beeped with McAffee nor Malwarebytes. I instantly saw how it installed a few things and new processes started running. Malwarebytes detected and cleaned serauth1.dll, serauth2.dll, csrss.exe, rootkits (Orr.exe, Orq.exe, Ors.exe), among others... quite a messy thing, so I guess this shared computer hand't been checked in awhile.
After removing all those items it seems to be clean, but for one thing: when in Firefox I perform a google search and click on one of the hits, sometimes it redirects me to a google search blank page (http://google.com, then to http://www.google.co.uk). I have observed that there is an intermediate redirection address "http://www.eghgoritanno.com". For example I've just performed a search for bleeping computer, clicked on it and I have been redirected to the blank page through "http://www.goingonearth.com/search.php?q=bleeping%2Bcomputer&n=1288880437".
A few times I was redirected to pages other than the one I was searching for, but that occurred very, very rarely. Also, this redirection does not happen all the time: eg. if I click on a hit and open it in a new tab, it redirects me. I try again, it happens again. An so on. But then I try a different hit and it goes to the right website. Or I open let's say 5 webs on new tabs and they are all redirected, but then the 6th is not, and if I try again with the first one it opens the right website.
Unfortunately I don't have the suspected .exe file, I deleted it straight away.
Any hints on this?
Thanks a lot in advance,
Edited by rubenaf, 04 November 2010 - 10:49 AM.