Virus shutting down MBAM and then disabling me from opening it. Can't google search on Chrome or Firefox without redirects

James A · November 17, 2010

Hi there, am hoping someone can help me resolve this ongoing issue.

Running Windows Vista. For a while now when I google or bing search in Chrome and Firefox, clicking a searched link will often redirect to a random ad or search site. Often when this happens, the next time i reboot my computer I'll notice fake Antivirus and Security programs popping up doing fake scans. Have used MBAM countless times to remove, but it seems that whenever I get redirected from search that it's downloading more malware.

Latest issue is that I can't access MBAM. When I reinstall it will start scanning, suddenly close, and then I will get an error message when I try to access it.

I'm running ESET right now, but I don't think that will clear up the browser search issue.

Any help would be greatly appreciated!

-James

James A · November 17, 2010

Update. ESET just finished, 21 infected files but 2 could not be removed.

C:\Program Files\Mozilla Firefox\firefox.exe Win32/Bamital.DX trojan deleted - quarantined

C:\ProgramData\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

C:\Users\James\AppData\Local\Temp\dwm.exe a variant of Win32/Kryptik.ICX trojan cleaned by deleting - quarantined

C:\Users\James\AppData\Local\{63009B98-1E17-4269-A02B-DC50174CEC25}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan cleaned by deleting - quarantined

C:\Users\James\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\1f118057-11893ce7 a variant of Win32/Kryptik.HJW trojan cleaned by deleting - quarantined

C:\Users\James\AppData\Roaming\Microsoft\svchost.exe a variant of Win32/Kryptik.ICX trojan cleaned by deleting - quarantined

C:\Users\James\AppData\Roaming\Microsoft\Windows\shell.exe a variant of Win32/Kryptik.ICX trojan cleaned by deleting - quarantined

C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\k29dfiea.default\prefs.js Win32/Agent.RQD.Gen trojan cleaned by deleting - quarantined

C:\Users\James\AppData\Roaming\Ydeh\ytte.exe a variant of Win32/Kryptik.HML trojan cleaned by deleting - quarantined

C:\Users\James\Documents\Downloads\Avast_Antiv 2009.Pro.v4.8\setupengpro.exe MSIL/TrojanDropper.Agent.AF trojan deleted - quarantined

C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EQ trojan cleaned by deleting (after the next restart) - quarantined

C:\Windows\explorer.exe Win32/Bamital.EQ trojan unable to clean

C:\Windows\System32\ckph.ffo a variant of Win32/Oficla.IF trojan cleaned by deleting - quarantined

C:\Windows\System32\hlp.dat Win32/Bamital.DP trojan cleaned by deleting - quarantined

C:\Windows\System32\us?rinit.exe Win32/Sirefef.BI trojan cleaned by deleting - quarantined

C:\Windows\System32\wininit.exe Win32/Bamital.EQ trojan unable to clean

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\93GNZ2UB\script_card[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WFKODRE1\xmdev[1].pdf JS/Exploit.Pdfka.OBO trojan cleaned by deleting - quarantined

C:\Windows\System32\drivers\circlass.sys a variant of Win32/Rootkit.Agent.NSF trojan cleaned by deleting - quarantined

D:\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application deleted - quarantined

Operating memory multiple threats

James A · November 17, 2010