Google Warns Users About Active Malware Infection 80
dinscott writes "Google has begun notifying its users that a particular piece of malware is installed on their computers by showing a big yellow notification above their search results. The warning begun popping up yesterday, and does so only for users whose computers have been infected by a particular strain of malware that hijacks search results in order to drive users towards websites that use pay-per-click schemes."
Same as before. (Score:5, Informative)
Flashback, man.
This is almost 100% the same as the last piece of malware I was asked to remove from three peoples' machines over the course of a couple of months.
It was such a pain in the butt because I spent an hour manually cleaning the registry while using a live CD, looking for the newest modified-time files on the machine, looking for installed "Oh-I'm-so-cool" applications, browser extensions, system libs, etc etc etc.....
In the end, I find out that it was cleaned off after my first registry run key deletion session, but the damn proxy was set in both Mozilla and IE to a remote IP. Now, Proxy is one of the first things I check with there's ad-based or redirectional malware reported.
What's next?
Friday Night VIrus Fight (Score:3, Informative)
I picked up that strain on my desktop PC Friday night. Weirdest thing. It started out by popping up a window (that I thought was Windows Defender) indicating I had a trojan. Might have even have been from Defender, it would close right away... Anyway, I started with safe-mode boot, Ad-Aware and Spybot, no dice. I ended up installing Norton Network Security, and it couldn't find it. I had to run Norton Power Eraser. Crazy. A commercial virus scanner that can't find viruses.
It installs itself in the MBR as a root kit, the proxy may even be local on the pc, downloaded on start-up.