TomnTex Posted March 31, 2012 Report Share Posted March 31, 2012 I don't want to start a scare or anything, but, for several days I have been having a problem on here as others. I am on this board maybe a hundred times a day. I've noticed that when I get off the board and try to do a google search on something, I get hijacked to other search engines etc. and not to what I want.When I run my virus scanner malwarebytes, using the memory scanner I end up with three to six Trojans. After I clean the memory and reboot everything works OK until I revisit this board. If anyone else is having this problem please speak up. I was unable to post anywhere else but here....sorry admins. Link to comment Share on other sites More sharing options...
1stStep Posted March 31, 2012 Report Share Posted March 31, 2012 Are you sure it wasn't something you installed?Sometimes toolbars, or some apps will package up with software that will change your settings. Link to comment Share on other sites More sharing options...
TomnTex Posted March 31, 2012 Author Report Share Posted March 31, 2012 Nope! Havent installed anything lately and I don't use any toolbar except windows. For what it's worth I build computers and work on them. Link to comment Share on other sites More sharing options...
Credithis Posted March 31, 2012 Report Share Posted March 31, 2012 For my company I'm the virus expert. Please update your adobe flash and delete all java programs via add/remove then install the latest java version. Java and older versions of flash are the key components that are exploitable.W hat your are describing is a TDL4 infection. This forum is not the place for me to attempt to fix your machine however, go to Malwarebyte's malware removal forum and follow the directions to post your logs.Malware Removal - HijackThis Logs - Malwarebytes Forum You could also IM me and I'll instruct you on what is needed. I think the forums are best though. There are no problems with this forum that I can see. Link to comment Share on other sites More sharing options...
TomnTex Posted March 31, 2012 Author Report Share Posted March 31, 2012 Thanks for the help, I had already tried deleting them the other day. I just found it strange that it only happened after I was on this board. Will keep looking into it. If you have any other suggestions, pm me. Thanks again. Link to comment Share on other sites More sharing options...
bohey Posted April 1, 2012 Report Share Posted April 1, 2012 I just had the same thing happen today. Could it be an dissatisfied customer ?? For some reason, I was looking at the "forum" i.e., abbreviations, acronyms, stuff and I read an unhappy user post (somebody "tyler") that stated "don't use this board"....blah blah blah... and next thing I know the virus pops up. Link to comment Share on other sites More sharing options...
Credithis Posted April 1, 2012 Report Share Posted April 1, 2012 O.K., I still think either the MBAM malware removal forum or another security forum like Spywarewarrior.com is the place to start this but, here is a tool I'd like you to run.How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)? Run the tool, select Change parameters and check both boxes. Then run the scan. if cure is not available then Skip the file. It is probably a false positive. Use only cure!!! Post the logfile back here for me to look at. Link to comment Share on other sites More sharing options...
DonqIII Posted April 1, 2012 Report Share Posted April 1, 2012 (edited) O.K., I still think either the MBAM malware removal forum or another security forum like Spywarewarrior.com is the place to start this but, here is a tool I'd like you to run.How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)? Run the tool, select Change parameters and check both boxes. Then run the scan. if cure is not available then Skip the file. It is probably a false positive. Use only cure!!! Post the logfile back here for me to look at.I keep multiple screens open on here at all times.After viewing this thread I clicked over to my home page and went to access another page that requires a password.I am always logged in to that page , except when I use spybot and c-cleaner and need to log in again.It opened showing I was logged in but as I was searching I got a page that said I needed to register to access....That never happened before.I am going to close out of all and run Spybot and C-Cleaner andsee if that takes care of things.I will let you knowEdited to add...Something strange.When I went to my start menu to get to Spybot and C-CleanerGoogle Chrome is now there.I never downloaded Google Chrome onto this computer. Odd. Edited April 1, 2012 by DonqIII Link to comment Share on other sites More sharing options...
Credithis Posted April 1, 2012 Report Share Posted April 1, 2012 While I've always admired Patrick Kolla's Spybot back in the day, it is seriously outclassed by MBAM. Install MBAM update it and do a quick scan. Also, you can do an online virus check from Eset: ESET :: Get a FREE Online Virus Scan Link to comment Share on other sites More sharing options...
1stStep Posted April 1, 2012 Report Share Posted April 1, 2012 I got a nasty backdoor trojan one time when I was looking on an autoparts site...it took me about 3 days trying to remove before I decided to nuke the system and reinstall. Link to comment Share on other sites More sharing options...
Recommended Posts