Jump to content

elsakurien85

Members
  • Content Count

    2
  • Joined

  • Last visited

Posts posted by elsakurien85


  1. Thanks for the suggestion.

    I tried TDSS rootkit removing tool from Kaspersky Lab but it did not report any infection. However it led me to gmer and mbr.exe.

    gmer reported "rootkit-like behavior" in multiple sectors eg

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    When I used the "copy" context menu on the reported item in gmer and saved it to a file on the hard disk Microsoft Security Essentials indentified it as Trojan:DOS/Sinowal.M

    I then ran "mbr.exe -f" but that did not resolve all of them. Then as instructed by mbr.exe I used Windows XP Recovery Console and fixmbr.exe to remove the remaining infections.

    Now firefox is running faster and I dont seem to have infected search results. I shall keep watching before I assure myself that the malware is gone for good.


  2. It seems that some malware/virus is dynamically modifying my Google search results in Firefox & IE but not in Chrome.

    For eg In Chrome the search results for "malware" contain

    Jotti's malware scan

    Jotti's malware scan is a free online scan service, utilising various anti-virus programs to diagnose single files.

    virusscan.jotti.org/ - Cached - Similar

    McAfee Threat Center

    Potentially unwanted programs (PUPs) are not considered malware. ... A high incidence of new malware that potentially can cause damage has been reported. ...

    www.mcafee.com/us/threat_center/default.asp - Cached - Similar

    while in IE & Firefox they appear as

    Jotti's malware scan

    Jotti's malware scan is a free online scan service, utilising various anti-virus programs to diagnose single files.

    spytds.com/ - Cached - Similar

    McAfee Threat Center

    Potentially unwanted programs (PUPs) are not considered malware. ... A high incidence of new malware that potentially can cause damage has been reported. ...

    trafgo.biz/ - Cached - Similar

    After some troubleshooting I see that the browser makes http requests to googleadscentral.com and receives malicious javascript which is used to replace search results. The http capture is attached.

    Would you have any suggestions on how to track down and remove this nuisance?

    Thanks

    httpcapture.txt

×
×
  • Create New...