Recently, I was involuntarily infected by a scam antivirus removal program, AntiVirus System 2011 (This was last Tuesday, the 18th). You know, one of those that actually fills your computer with spyware and malware and tries to get you to purchase their product. Anyway, I removed most traces of it using combofix and malwarebytes (I did a full scan). However, despite these actions, I noticed my web browser occasionally redirects whatever web page I am looking at to advertisements like "BudgetMatch." This leads me to believe my computer is still infected with remnants of that scam antiviral removal program. I ran hijackthis on my computer, and while the log looked normal I found this on it:
O4 - HKCU\..\Run: [WdCommonSupport] "rundll32.exe" "C:\Users\[my user name]\AppData\Local\DfrgmapNetM\WdCommonSupport.dll",AsyncNetCtrl CRLNetserv
I don't know what the hell this is. Utilizing Google searches, I can't find any info on what "DfrgmapNetM" or "WdCommonSupport.dll" is. I believe this may be the source of my browser redirect problems given that this file was CREATED on the SAME day (and at about the same time) my computer was infected with the scam antiviral software. What are you're guy's take on this? Have you ever seen this before or have an idea as to what it is?
Edited by kev123, 20 January 2011 - 11:29 PM.