A few weeks ago, I started getting ZoneAlarm alerts about a "0.exe" requesting Internet access. I denied it and went about my day. (First mistake, I think.)
A little while later, I got the same thing again, and a fake Windows Security thing installed itself and started bringing up its own pop-ups keeping me from accessing my Add/Remove Programs thing, and moving my ZoneAlarm windows off-screen so I couldn't get at them easily.
Task Manager showed a "ylp.exe" running, which it wouldn't let me stop. TCPView showed a bunch of long filenames beginning with "0." followed by long strings of numbers and letters.
I unplugged my wireless adapter, took out both hard drives, hooked them up to my laptop via a IDE-to-USB thing and ran TM HouseCall on them, which found several Trojans and removed them successfully. I also manually deleted all my temp files from that day and anything unusual that showed a Created date of that day.
I hooked the drives back up, added a regkey to fix the resulting "rundll32.exe not found" errors that were coming up whenever I tried to run stuff, and all appeared well.
But then last night, I was on a regular website (OkCupid) and Firefox locked up for a while when the sites ads refreshed themselves, and shortly after it un-froze, I got a ZoneAlarm alert for something like "Outlook Manager" (I forget the name and I didn't write it down), which I promptly denied.
I did another scan with HouseCall (on this computer, while it was running) and it found nothing. I downloaded SpyBot Search & Destroy and ran that, which found a bunch of stuff and apparently removed it. I downloaded AVG Free Edition and it said I had a generic dialer and a virus called Heri. It appeared to fix both.
In Firefox, I was still getting odd redirects. I found an extension called "XUL Cache" installed and disabled it, which appeared to fix that.
The browser kept crashing though (consistently on Facebook) until I disabled the Surf-Shield in AVG. (I figured maybe it just wasn't compatible with the latest version of Firefox.)
Before realizing it was the Surf-Shield (or that that would seem to fix it at least) I completely uninstalled Firefox and reinstalled it.
Today, I tried going to Wikipedia by typing the URL in manually (en.wikipedia.org) and it redirects me to a shady survey site telling me I'm the winning Wikipedia user or some such nonsense ("http://surveystartonline/d/w4i5k83" was the URL). AVG and Spybot showed nothing. I downloaded Malwarebytes Anti-Malware (which took some doing, because clicking on links to the official site redirected me to squatted domains and following the official download link that comes up under the results in Google redirected me to a fake support site called General Geeks or something like that, with links to what I assume were not really MBAM. But I was able to get it from CNET.) It said I had a BHO and some other stuff, which it appeared to have cleared off successfully.
WHAT'S HAPPENING NOW:
I'm still getting the same kind of redirects. When I typed the URL for Wikipedia, it started loading a quiz site. I didn't wait for it to load. Same with trying to get to Malwarebytes' page. I didn't try to go anywhere else but here since. I ran full scans in AVG, Spybot, and MBAM, but they all came up clean. I have ZoneAlarm, AVG, and TeaTimer running. Firefox doesn't show any unusual add-ons installed or anything, and the computer seems to otherwise be running fine, but I keep getting these redirects, so I know something is amiss.
What should I do???
edit: I'm running XP Home SP2.
Edited by mo536, 30 May 2011 - 01:02 AM.