Posted 01 September 2011 - 11:52 AM
Hello, as a couple of people today, I've been infected with the fake security tool giving google redirections to 3/4/5/6dayoftheweek. I managed to delete the fake security tool and any kind of popup thanks to some infos gathered on the forum, and as everyone now I still get these google redirections which appears after 3/5 minutes of computer usage after startup. Thing is, after 5 hours spent to understand how this works, what happens and all I noticed a couple of heavy and nontrivial malfunctions about my uploads. I run on Windows 7 64bits and I have the issue on whichever navigator I'm using, wether it has been installed before the problem or after (Moz 6.0.1/IE 9/Opera 11/Chrome).
-Anything going thru FTP protocol is kind of jammed, I get crazy 95mb/s uploads (impossible on my ADSL internet connection) which fails afterwards on a timeout.
This happens with Filezilla on different FTP severs aswell as with Mediafire (which uses FTP transferts)
-Any upload not using FTP (such as Skype file transfert, uTorrent with a test file shared to a friend, Windows Live Messenger and Hotfile) is really slow (around 3-5kb/s)
-Checking my upload usage in the network interface properties showed me that the upload is constantly used at max speed, without any software using that bandwidth on of course
So I installed Wireshark to see bleeploads of stuff in it, basically it was war, UDP requests all the way. I decided to put Zone Alarm as a firewall to block this, which worked and stopped 850 requests to my 27217 port within 15mn.
Now I get basically 80 of these requests an hour, all from totally different IPs and ports and my upload speed is back to normal (even if FTP uploads are still jammed). I'm afraid my computer is becoming part of a zombie network (and that everyone infected with that malware may be) and I'm looking for your help to get us out of there.