I have spent the better part of the weekend working on a neighbor's laptop that is about 8 yrs old and is still hanging on. He called me and said every time he tried to go to a website, it would tell him his site has been blacklisted. I tried it myself and no matter the page, I get a black and red screen that says my website has been "blacklisted" and my request is being redirected to anther site. The url shows the page I typed at the end of another url that starts out with http://blacklistsms.com.
I tried the basic stuff like resetting IE 8's advanced settings, resetting the security level, making sure no unsigned ActiveX apps were allowed and nothing. So I started to scan and although I came up with a ton of trojans, tracking cookies of various threat levesl, the redirect stayed alinve. I did do a search in the registry and found a listing but it came back.
So far, I have thrown my biggest guns at it:
Spybot Search and Destroy
I checked the hosts file and nothing there. Then I checked the msconfig and found numerous false apps starting that were unrelated. And in the middle of all this, I have had two BSODs - one for the kernal and one for a physical dump of memory. At one time, I lost the entire program menu only to find out that one of my apps had "deleted" it. So I removed Emisoft and SuperAntiSpyware and the programs menu has come back. I ran an extensive memory diag app via a dos shell booted from a disc and still nothing.
So now I am doing another thorough scan in Safe Mode in case the virus is only resident with Windows in full mode. RIght now, AdAware is coming up emtpty and next up is Emisoft and then Malwarebytes and then I am calling a night.
The laptops is a Dell Latitude D610 and is running XP SP3 with IE8. Yes, I did boot into the DELL diagnostic option and all was good.
Any ideas would be wonderful.