I have have/had a problem with Google. After visiting a site that ending in .RU Google stopped working. When I entered a Google question, I got the usual Google listing. When I clicked on the listing, I got a new popup window that sent me to things like apartments in New York City. I ran McAfee and that didn't fix the problem. Eventually I looked in my internet addins (I use Explorer) and found a program named 19938 class with no publisher. When I disabled it, Google started to work normally. I found the program as a file in the Windows/System32 as a .dll. I couldn't delete it. What Gives Here? Thanks Lance More Information The properties of the file are as follows: File Description 4234234 Version 188.8.131.52 Product Name f4sx Product version 184.108.40.206 copyright 2008 size 15.0kb Date modified 5/11/2009 9:43 pm English US
I have personally seen similar browser/search hijacks that come installed with other malicious software. The most recent one I remember is a variant of the koobface worm. While the random number dll was not actually a part of the worm, it did get installed.
If you can not delete the file, it is protected by another program or driver. The general method to get around this is to remove the file in Safe Mode. The security problem for this is that if you can't remove the file, it's still loaded somewhere else or some OTHER malicious software is installed and active too. If this is the case, you may end up with a re-infection.
I suggest you try removing the file in Safe Mode and running the ESET Online Scanner and MalwareBytes Anti-Malware tools to check to see if these programs can find what McAfee MIGHT have missed.
I finaly figured out how to delete the 199638 class file, but Scotty keeps popping up saying it wants to reinstall, and it is still listed as a (disabled) addon in explorer. I scanned it with today's McAfee download and it didn't find the problem before I deleted it. Not sure my computer is safe even though a search of the files didn't locate it (after I deleted it). Scotty popped up 3 times and tried to reinstall it as I was typing this reply Lance