OS: Windows 7 Business, 32 bit. Symptoms: Google redirects, pop-up audio commercials (new to me!), IE Script error pop-ups (even when out of IE), general weirdness. Tried: Rkill (ran OK, no results), Malwarebytes (ran, found nothing), Symantec (ran, found a few Java junk files, no payload. I was pretty sure that I had TDSS on board, but TDSSKiller would not execute - quick clock then nothing. Safe Mode, no change. Combofix found a few things, no rootkit. I tried GMER - found nothing.
Finally yanked the hard drive out and mounted it in a clean system, scanned with Microsoft Security Essentials. Found Win32/Alureon.K in \Windows\System32\Drivers\Volsnap.sys. Replaced Volsnap.sys with a clean copy - Bam! All fixed!
Did a search on TDSS and Volsnap.sys and found a couple of references to it. One guy posted a video of his experience with it. He used something called Dr. Web Cure-it. Anybody tried it? Anyway, wasted many hours chasing this PITA, and a couple of minutes fixing it once I knew where it was. Hope someone finds this info useful. This site has been extremely useful to me over the years and I just wanted to give a little bit back. Thanks!
Edited by Teconic, 20 April 2011 - 04:32 PM.