I read that TDSSkiller should fix it so I tried that. It found a locked service vdrv1000, which I removed, but I think that was for a virtual drive as it is now no longer appearing, and the virus still seems to be present with firefox only.
I was following the instructions on another bleeping computer post for a guy with same problems as me(which I know is not recommended) but as I "turned off" my norton 360 as indicated in the linked post by choosing "disable antivirus auto-protect" for five hours. I clicked combofix, and it tells me that "antispyware: norton 360 premier edition" is still running and that it will cause damage if I don't disable it. So I looked for a way, but couldn't other than the aformentioned. So I clicked the "X" instead of continue, and now it tells me that "the above real time scanners are still present," but it will continue anyway, and it has another continue button.
There are also options on my norton that say Turn On Silent Mode and Disable Smart Firewall, but I don't think those will disable the antispyware.
I have not clicked OK yet, and was wondering what to do next. Is there a way to terminate process, or what else should I do? I was thinking of shutting off the computer to cancel the operation. Is this recommended? Thank you in advance, and please excuse my foolishness.
-Restarted, I have not performed the actual scan from ComboFix yet. It did however, extract or somethin back then and then gave me that warning about Norton, but yeah- I restarted.
After running full scans with both 360 and MBAM I seemed to remove maybe another trojan or two, but the Redirect is still happening after about 30 google clicks in, but only in Firefox. Any help?
*****SUPER MEGA UPDATE*****
I disabled an add-on called "Printing Helper 2.5" on firefox as I read that this may be the culprit and it seems to have done the trick. Am I still infected though? I would still appreciate some help with doing a complete scan. Thanks again.
Yep, about a hundred google clicks and no more redirect. The thing is I never downloaded this add-on, and when digging deeper into Firefox the website is a jumble of letters that does not work, and Firefox says the add-on was last updated November, 28, 1832! O__O! I just wonder how this was installed. I think it might have auto installed when Firefox was on the rocks a year or so back(remember when firefox was awesome, then outta nowhere everyone was having RAM issues?).
But Yes, more assistance is needed to verify PC is clean.
Edited by Bash999, 03 December 2012 - 05:31 PM.
Bad links obfuscated.