NotEnoughSand
Posts: 12 +0
Just completed the 8 step process and I'm still infected.
A brief history on how this came up and what I've tried so far:
At the conclusion of a download, I got the BSoD (0x24 NTFS stop). After some troubleshooting I found that the problem was a corrupt driver, and I renamed it to stop the problem. During this process, the infection (which I suspect was present, but dormant) became apparent, redirecting google searches that I was running to troubleshoot the BSoD problem. The google search returns results normally, but about 50% of the time clicking a resulting link opens a page different from the linked one. Once one result is redirected, it's closer to a 100% redirection rate.
I don't know the origin of the infection, but I suspect that the most likely source was a fake plug-in. I vaguely recall that some browser plug-ins I downloaded some months ago did not add any functionality; at the time I didn't think anything of it. I use Norton AV with firewall+autoprotect, and it performs scans at scheduled times and during idle time.
After the infection became active, I ran a full Norton AV scan, and 4 viruses were detected and cleaned (IDed by Norton as "CoreGuardAntivirus2009" "Trojan Horse" "Trojan.FakeAV", and "Packed.Generic.277"). The redirect problem persisted.
Once those viruses were detected and cleaned, a series of intrusion attempts began; Norton blocked and reported these. The attacks originated in the Netherlands and are targeting SVCHost and Acrobat. These attacks are mostly random, sometimes separated by 10 minutes, sometimes by a few hours. The attacks frequently occur after a reboot, suggesting that infection is signaling the presence of this computer online to a remote source. SVCHost has generated error messages several times also.
Another problem has been popups from "Just in time Debugging." I looked into this and found that this program is related to Visual Studio, which is interesting because I never installed Visual Studio nor do any programming. I was able to disable this annoyance by logging onto the system in administrator mode and adjusting a setting somewhere (I forgot which). I also removed some OEM Visual Basic programs from the Add/Remove programs menu.
Since then, I've been running multiple scans, including the scanners recommended here, but they have detected nothing except tracking cookies. I have just finished the 8 step process and have verified that google results are still redirecting.
Thanks in advance for any advice. Logs attached.
A brief history on how this came up and what I've tried so far:
At the conclusion of a download, I got the BSoD (0x24 NTFS stop). After some troubleshooting I found that the problem was a corrupt driver, and I renamed it to stop the problem. During this process, the infection (which I suspect was present, but dormant) became apparent, redirecting google searches that I was running to troubleshoot the BSoD problem. The google search returns results normally, but about 50% of the time clicking a resulting link opens a page different from the linked one. Once one result is redirected, it's closer to a 100% redirection rate.
I don't know the origin of the infection, but I suspect that the most likely source was a fake plug-in. I vaguely recall that some browser plug-ins I downloaded some months ago did not add any functionality; at the time I didn't think anything of it. I use Norton AV with firewall+autoprotect, and it performs scans at scheduled times and during idle time.
After the infection became active, I ran a full Norton AV scan, and 4 viruses were detected and cleaned (IDed by Norton as "CoreGuardAntivirus2009" "Trojan Horse" "Trojan.FakeAV", and "Packed.Generic.277"). The redirect problem persisted.
Once those viruses were detected and cleaned, a series of intrusion attempts began; Norton blocked and reported these. The attacks originated in the Netherlands and are targeting SVCHost and Acrobat. These attacks are mostly random, sometimes separated by 10 minutes, sometimes by a few hours. The attacks frequently occur after a reboot, suggesting that infection is signaling the presence of this computer online to a remote source. SVCHost has generated error messages several times also.
Another problem has been popups from "Just in time Debugging." I looked into this and found that this program is related to Visual Studio, which is interesting because I never installed Visual Studio nor do any programming. I was able to disable this annoyance by logging onto the system in administrator mode and adjusting a setting somewhere (I forgot which). I also removed some OEM Visual Basic programs from the Add/Remove programs menu.
Since then, I've been running multiple scans, including the scanners recommended here, but they have detected nothing except tracking cookies. I have just finished the 8 step process and have verified that google results are still redirecting.
Thanks in advance for any advice. Logs attached.