I had been experiencing redirects on Tumblr (and only on Tumblr) on The 14th. I did my usual weekly scan with SAS, and the program picked up Trojan.Agent Gen-IE Explorer and Trojan.Gen-PEC. It removed both, but since then I have had some mild problems; my jusched.exe file from the Java profile accessed the internet for the first time. (it's in the program files and not in the C:\\ drive, so that caused me no initial worry.), my Word and browser crashed a couple of times when I tried to navigate to a new URL). GMER picked up the following since then:
GMER 220.127.116.1130 - http://www.gmer.net
Rootkit scan 2011-04-17 16:25:43
Windows 6.1.7601 Service Pack 1
---- Files - GMER 1.0.15 ----
File C:\Users\melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LY92HT2Y\309D0B4FD7D31F03B2D568B7628D2EBA 0 bytes
And two files in my word program's temp file, which I deleted. When I try to delete the above file, it tells me the handle is invalid.
Sophos picks up nothing, and SAS has since picked up cookies. My CPU usage is spiking at 100 percent on occasion, and there are moments of slowness, but otherwise it seems to be running as normal. Should I worry? Is it a Rootkit? Sophos is pulling up nothing, and GMER just the temp files.
Edited by MML, 17 April 2011 - 03:38 PM.