Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Hello recently my Google searches have been redirecting at least 5 times per link. I have ran Malwarebytes and it DOES find stuff and deletes but they keep coming back. The name of the infection is "api-ms-win-core-localregistry-l1-1-032.dll" which is in the ProgramData folder. It is also accompanied with "dot3gpui32.exe" Malwarebytes tries to delete the api but it is unsuccessful. I tried scanning in safe mode with Malwarebytes and Nod32 but still no progress. I even tried manually deleting the files but they just come back. The "dot3gpui32" cannot be killed in the process and Rkill does not detect it. I have also ran GooredFix but that doesn't find anything either.
I am using Windows 7 Ultimate 64 bit. I do not know when I got this since the redirects come and go. Nod32 does block a malicious IP once in a while, specifically when I boot to desktop and about every 20 mins a message pops up saying Nod32 has blocked an IP. Please let me know if you need anymore information.
Alright its actually gone now. It was a very nasty rootkit that latched onto everything disguising itself as uexfat32.exe in the SysWOW64 folder. Rebooted multiple times and scans. No more redirects or Nod32 blocking an IP and those other files aren't coming back. Hitman Pro identified the pesky bugger.