Yesterday I noticed my google search links were being redirected (most often to a STOPzilla site). It didn't do it every time, but maybe once every 5 clicks. If I hit the back button to return to my google search results and then re-clicked the link, it would go to the correct site.
I ran Spybot, which found "Virtumonde.prx", and fixed it there. But after running the Spybot scan again, the malware entry reappeared. I googled around and found several Virtumonde fixes, including Malwarebytes. I ran that, found the problem again and fixed it. It appeared to have worked. To be safe, I also ran TDSSKiller, Symantec's Vundo remover, and VundoFix.
However, now when I reboot, I get an RUNDLL error saying:
"Error loading C:\windows\imawegumesawe.DLL
The specified module could not be found."
I went into MSConfig.exe and unchecked that startup command. On reboot it re-added itself. I went into the registry and deleted the entry (HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run - it was listed as "Ezofuluga" with the data 'rundll.exe C:\WINDOWS\imawegumesawe.dll",startup').
Of course, on reboot it returned.
I ran HijackThis and, without posting the entire log (I hope one line is okay) it showed this:
O4 - HKLM\..\Run: [Ezofuluga] rundll32.exe "C:\WINDOWS\imawegumesawe.dll",Startup
Now, to top it off, my google search results are still being redirected.
I didn't have HijackThis fix it because I wanted to see what you guys said.
FYI, running Windows XP
Can anyone help me get this file off my computer?
Edited by dm1499, 30 December 2010 - 10:24 AM.