Jump to content

elsakurien85

Members
  • Content Count

    2
  • Joined

  • Last visited

Everything posted by elsakurien85

  1. Thanks for the suggestion. I tried TDSS rootkit removing tool from Kaspersky Lab but it did not report any infection. However it led me to gmer and mbr.exe. gmer reported "rootkit-like behavior" in multiple sectors eg Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior When I used the "copy" context menu on the reported item in gmer and saved it to a file on the hard disk Microsoft Security Essentials indentified it as Trojan:DOS/Sinowal.M I then ran "mbr.exe -f" but that did not resolve all of them. Then as instructed by mbr.exe I used Windows XP Recovery Console and fixmbr.exe to remove the remaining infections. Now firefox is running faster and I dont seem to have infected search results. I shall keep watching before I assure myself that the malware is gone for good.
  2. It seems that some malware/virus is dynamically modifying my Google search results in Firefox & IE but not in Chrome. For eg In Chrome the search results for "malware" contain Jotti's malware scan Jotti's malware scan is a free online scan service, utilising various anti-virus programs to diagnose single files. virusscan.jotti.org/ - Cached - Similar McAfee Threat Center Potentially unwanted programs (PUPs) are not considered malware. ... A high incidence of new malware that potentially can cause damage has been reported. ... www.mcafee.com/us/threat_center/default.asp - Cached - Similar while in IE & Firefox they appear as Jotti's malware scan Jotti's malware scan is a free online scan service, utilising various anti-virus programs to diagnose single files. spytds.com/ - Cached - Similar McAfee Threat Center Potentially unwanted programs (PUPs) are not considered malware. ... A high incidence of new malware that potentially can cause damage has been reported. ... trafgo.biz/ - Cached - Similar After some troubleshooting I see that the browser makes http requests to googleadscentral.com and receives malicious javascript which is used to replace search results. The http capture is attached. Would you have any suggestions on how to track down and remove this nuisance? Thanks httpcapture.txt
×
×
  • Create New...