Posted 14 April 2011 - 11:55 PM
I have become infected with a Google redirect virus. I have succeeded in removing these infections before, but this one has me stumped. I am running Windows Vista SP1
As I was being infected, I denied the registry changes that Spybot S&D asked my to confirm. User Account Control also asked me to give access. After denying it twice, I accidentally hit accept. I immediately shut down the computer, but it was too late. I appear to have a rootkit infection.
I ran Spybot S&D and it found nothing. I ran Malwarebytes and found nothing in the quick scan. A full scan gave me a blue screen.
Figuring I had a rootkit, I downloaded Combofix. When I attempted to run ComboFix in Safe Mmode, the computer went to a blue screen. Eventually, I succeeded in running a renamed Combofix in normal mode. However, it came up with nothing found. Attempting to run Panda failed, as it will not run in Safe Mode and bluescreens when I attempt to run it in normal mode, even after renaming it. F Blacklight worked, but found nothing. TDSSKiller won't run at all even when renamed (even in Safe mode command prompt!), I can only conclude the virus is killing the process as soon as it starts.
Part of the problem is that if this virus had a fake antivirus or computer repair component, I never saw it, so I'm having difficulty identifying what it even is. My conclusions are that this is a rootkit, and that it intentionally bluescreens when I attempt to remove it. I am out of ideas, so any help would be appreicated. I have F-Blacklight and Combofix logs if needed.