I'm here because my grandfather's work computer is infected with some sort of malware that redirects some Google search results, and I've been trying to fix it for most of the day. The machine is a Dell Inspiron B120 running 32-bit Windows XP.
Here's a list of what I've done so far. Since doing all of these things I've seen the redirecting happen once out of 20 to 30 tests. The site that was redirected was Youtube, so I find it unlikely that it was the site's fault. I think the malware might be gone, but I can't tell for sure.
Malwarebytes - Found nothing.
Avast! - Repeatedly identified the same rootkit in on-access scans (Unfortunately I did not write down the name of this rootkit, thinking its deletion would solve the problem) in on-access scans and prompts a system restart and a scan when I opt to delete it. First scan found "Alureon-C@mbr [rtk]" and found "Alureon.C" twice afterwards (I am not sure if it still does; I am unfamiliar with Avast and am not sure how to prompt this type of scan again). It seems so far to have stopped identifying the rootkit when the machine is running normally since running Hitman Pro 3.5.
Clearing Temporary Internet Files - Many jpg, gif, and php files infected with trojans came from this location.
Hosts - Checked the hosts file for other IP addresses. Nothing was on the list except for localhost.
Hitman Pro 3.5 - identified multiple problems, including Alureon and proxy usage by Internet Explorer, and claimed to have solved them.
My next step was going to be replacing atapi.sys, but I am reluctant to modify anything in system32 for fear of damaging the machine with my inexperience.
Edited by guest093, 22 June 2011 - 12:21 AM.