REdirect Virus, also open browser... swt
|
|
 Aug 23 2011, 04:57 PM
Return to original view | Post
#1
|
 
Senior Member
2,901 posts Joined: Jan 2007   
|
Reinstalling browsers won't work because his MBR code has been infected. This is a TDSS variant rootkit infection and a complete rewrite of the existing MBR code is necessary.
Plus I doubt TS needs any help. lol |
|
|
Aug 23 2011, 10:41 PM
Return to original view | Post
#2
|
|
Senior Member
2,901 posts Joined: Jan 2007
|
I can bet it is indeed MBR infected. Host file? You won't find anything there.
http://community.trendmicro.com/t5/Malware...tion/td-p/25978 QUOTE If your machine is infected with a TDSS Rootkit, normally everytime you search something on Google, Yahoo, Bing, etc. you will be redirected to a malicious site or to a site that's totally irrelevant to your search topic/string. http://www.prevx.com/blog/139/Tdss-rootkit...ns-the-net.html QUOTE When run, the infection is using a similar technique applied by MBR rootkit: all kernel mode and user mode components are stored to the last sectors of the hard drive, outside the file system. By doing so, they appear to be only raw bytes, bypassing every security check. Tdss rootkit bring this trick to a more advanced level, by encoding its components before they are written to the disk. Files are encoded and decoded on the fly.  |
| Change to: |  0.0172sec
 0.81
 6 queries
 GZIP Disabled
Time is now: 22nd December 2025 - 12:06 AM |
Quote