I've got a peculiar piece of Malware running on my box now. It hijacks the links on a Google search and sends you to a random place, usual a commercial seach engine but never the same place twice.
It affects IE 8, FF 3.5 and Opera 10. It does not affect Chrome. Running an Avast boot scan shows no malware. Spybot and Ad aware with the latest editions find nothing. For grins i downloaded and ran MS malware detection and removal tool and it found nothing as well.
So far this only affects search results, it doesn't hijack manual entries or bookmarks.
Any ideas of where to take this next?
Did you try Malware Bytes Anti-Malware?
Run spybot S&D as well as HiJackThis - remove any concerning/unknown entries.
Alternatively, post the results of HiJackThis here and I will inspect and advise what you should/can remove.
Spybot S&D says I'm clean, Ad Aware says I'm clean, Malwarebytes found Rougue.error removed it, came up clean 2nd time (7 hours of scanning) Avast says I'm clean. The process is still there.
Currently I'm sorting through the 52 processes that are running when I've got my browser open to a Google search results page.
Will try to Hijack this on it but I've got a lot of other projects this week. I appreciate the suggestions. Gut feeling is that I've got a new "bug" that hasn't been profiled yet, when it does it will be found, at this point it's just a nuisance.
In the mean time, I've trained the family to use Chrome instead of FF, IE and Opera.
Taken from > windowsclick.com redirect (UACd.sys.trojan) removal
Originally Posted by t34b4g5
You will need to use gmer as this infeciton uses rootkit. Find the driver, unload it, then the rest of the components should show.
gmer tool is good, perhaps using EndItAll to kill the process prior to scanning would also help?
Got home from work this morning, downloaded gmer, installed it an ran it.
Popped off for a nap. woke up 4 hours or so later Windows was cycling in a boot mode. Wouldn't safe boot.
Used a Ubuntu live cd to copy my documents to a portable drive and I'm in the process of formatting my hard drive for a full Windows install. So I won't know what the malware was and I'll spend my day off tomorrow building my system back up. I got hit with CoolWebSearch two years ago and had to do the same thing.
I've run Linux and Windows on my home network (7 computers with a wireless as well as a wired lan) and I have never had a problem with Linux, Friggin Windows Sucks!
Thanks for your help everyone, I was hoping to find out what the little buggie was.
Probably for the best. It is hard to tell how deep that stuff digs sometimes...
Originally Posted by fourdc
I know, I'll be clean (for a while), but like I said I wanted the post mortem, i wanted to know what killed it. It bothered me that none of the stuff I ran even noticed it.
When I got CoolWebSearch all of the virus/spyware programs caught it but nothing could take it off. This bug was only detectable by the user, and only if you were using a search.