Nasty nasty bug kicking MBAM's butt :(

[rasiel]

Earlier today the free edition found rootkit.tdss, malware.gen and

trojan.fakealert on my win7 box running in safe mode w/ networking. It

deleted them fine and following scans after reboot came clean but I'm

still experiencing the same symptoms that led me to believe I had a

virus in the first place: surfing is painfully slow, google searches

often redirect to a bogus site q0iq7ga5301.com or I get a 400 bad

request nginx/0.8.35 and, most suspiciously, trying to go to

windowsupdate leaves me with a web page not available (running the

windows update app also gets blocked).

I bought and downloaded the full version and scan still came clean but

every few seconds I'm getting popups saying links to such-and-such ip

was successfully blocked. Evidently rootkit behavior persists. Hosts

file is clean. I've run combofix and have a report but not posting

right away per forum rules.

Would love any help... at least I think the app has stabilized the PC

from going downhill.

Ras

[Wide_Glide]

Hello rasiel and

I suggest letting one of the Experts have a look at it to start the cleaning process. It is a FREE service

As we don't work on Malware removal in the General Malwarebytes' Anti-Malware Forum as it is for issues with the program itself,

only in the Malware Removal - HijackThis Logs section

Please read and follow the Directions Here, skipping any steps you are unable to complete. Then post a NEW Topic Here

One of the Expert helpers there will give you one-on-one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help. If no one has replied within 48 hours then please go ahead and either reply to your post or send a private message to a Moderator and let them know that you're still needing assistance.

Logs to reply with:(If possible)

MBAM

DDS/GMER

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Email Notification of new messages

Also, when replying, please use the ADDREPLY button located at the bottom of the page, as this makes the forum easier to read.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or HERE

Thanks

[Jason Mack]

Seeing the same behavior here. Two systems on my network. Started 7/13/2010

Tried cleaning with Malwarebytes, Spy-bot, Combo Fix

Bug still resident.

Rootkit style / Redirects from Google / Blocks Windows update

Also changed Outlook email incoming mail server setting.

Affected internet activity gravely

Took machines off network.

Continued scans. Still nothing found. Manual investigation found c:\windows\temp directory with malicious files / replicating.

Can't locate source files yet.

Any thoughts?

[Wide_Glide]

Hello Jason Mack and

Please follow my suggestion and directions in post #2 to start the cleaning process

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or HERE

If you're a Corporate or Technician Licensed customer seeking assistance please send an email to: corporate-support@malwarebytes.org

Thanks

NOTE;

As we don't work on Malware removal in the General Malwarebytes' Anti-Malware Forum as it is for issues with the program itself,

only in the Malware Removal - HijackThis Logs section

See HERE

[malware destroyer]

you could try using kasperskys tdss killer just go to HERE and download it and see if that helps