Posted 04 November 2011 - 12:34 PM
Hello. First post for me and I hope someone can help - I've been plugging away at work at this one for so long it's embarrassing but looking at some of the expertise shown on here - my fingers are crossed one of you gifted good Samaritans can assist.
Thanks in advance to anyone who reads this.
I have a pc where the user (despite many warnings) opened the attachment on the fake UPS mail. This wiped the desktop and start menu for that user. Things looked ok for admin so removed the user file and logged in afresh. Then noticed Google results were being redirected when clicking on them. Scanned with malware bytes, avg sbs, hitman pro,lavasofts adaware with no joy - I checked all were up to date prior to scanning.
Getting desperate, eventually a PC Tools | Spyware doctor's free scan found it and said it could remove it -the culprit - Rootkit.TDSS.v3 - Joy I thought - paid for the licence and all seemed well. However despite multiple attempts at fixing it - the thing keeps coming back. Tried safe mode with networking scan and fix - no joy. Tried scanning as the user, as admin, when logged in to our domain and also when logged into just the pc. The little weasel is still there and still redirecting (to budgetsafe.net most of the time). Tried Kaperskys TDSS killer (renamed it as directed but still wont run). Tried customer support at PC Tools but getting nowhere fast.
I do have a hijackthis log but understand it's polite to be asked before posting it.