Posted 16 April 2011 - 04:46 PM
Well it happened. I got nailed last night. I knew I was in trouble when I was hitting a site I go to all time that is forums for VBA programming and I got a weird pop-up saying something about a program that can't be run. Sorry I donít have a screen shot; I was working and sort of ignored it. Well, sure enough my memory resident Trend Micro is intercepting calls to other sites (I have screen shots, but can't figure out how to get them in here). Also, Malware Bytes detected it - here is the language from the scan logs:
c:\documents and settings\xxxxxx\local settings\temp\temporary internet files\Content.IE5\DVD9PEF1\162zzjs (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
Unfortunately, it seemed to not really remove it as I am ill experiencing the same issue. I am not sure, but it might be some sort of redirector, but I'm not enough in the know to determine that.
I've run GMER - it doesnít see anything. SpyBot Search and Destroy, Super Antispyware, MalwareBytes all with updated signatures - also nothing now (after the scan that MalwareBytes thought it got it.
I'm open for anything - can anyone help me work through this? I need this computer back up and running by tomorrow, so anything will help.
I have to pick up a family member, but will be back within an hour - Please, please, I am groveling! :-)