Firstly, the symptoms, aside from the obvious redirections. I was using my PC this morning and suddenly it rebooted without warning. Immediately after the Windows splash, the machine flashed the dreaded blue screen and tried to boot again. Initially I could go no further. Logging the boot, showed it got as far as something called mup.sys before stopping. My first thought was hardware problem. My machine has two hard drives. One for the usual stuff and the second for backups. I disconnected the second drive and the machine booted. Hardware problem I thought again. I even wasted time with a replacement PSU. Reconnecting the second HD took me back to the boot failure.
At this point I looked in the disk management console (Control Panel/Administrative Tools/Computer Management/Disk Management) and my C drive was missing. Very odd. Looking in Device Manager under Disk drives, it was not there either. Of course the C drive existed - Windows booted from it and it was in My Computer. This is the symptom I have not seen mentioned elsewhere.
It was only after the above missing drive that the Google redirection started happening and I knew there was a malware problem, although I did not know it was connected to the disappearing drive issue at that point. So I then started the fruitless task of trying different AV software, without success. I have McAfee as my regular scanner. One important thing, Kaspersky tdsskiller would crash when it initialised at 80%. Malware Bytes found a few things, but I think they were not related to the real infection.
The breakthrough for me came with running the Recovery Console from the Win XP install disk. After logging onto the Windows installation, I first ran the fixmbr command. Then the fixboot command. Fixboot said the disk had a non standard partition table and there was a risk of losing all data if I proceeded. After a few prayers I typed y and enter and it did its job. Next, exit the recovery console and reboot. The first thing that happened when Windows restarted was the Found New hardware wizard started and my hard drive magically reappeared. I next ran Malwarebytes again and it found nothing. Now tdsskiller runs and also finds nothing.
It has not been too long since I completed this, so I am hoping my machine stays clean. I guess the disappearing drive in the management console maybe something the malware does to hide from the world. I did see the reports about malware incompatibility with one of MS's patches, but that was a long time ago and my machine only had problems with 2 hard drives connected.
I hope this information is of help to others and would welcome comments from the people here that know far more about this stuff than me. Even if it is to say my solution sucks and is doomed to failure!
Edited by Budapest, 21 April 2011 - 05:32 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest