After some research, I understood that I had a browser hijacker on my computer.
Last week, after an automatic update, Microsoft Security Essentials detected trojan medfos.b on my system and quarantined it. This was not detected by McAfee Security Center.
I still had the Google hijacker on my system, so I ran the following in safe mode:
Did some research and found an article on Microsoft's website re: medfos.b. Determined that Mozilla Safe Browsing 2.0.14 extension was responsible for the Google redirect. Disabled the extension. Located the file(s)
"chromeupdate.crx" in the %LOCALAPPDATA% folder and deleted it. Also deleted %LOCALAPPDATA%\(random CLSID)\chrome\content\browser.xul.
Deleted information from personal history in Firefox and unistalled the program. Manually removed files that are left behind in unistall. Installed clean version of Firefox.
My web searches are no longer being redirected. Desktop icons still rearrange themselves upon reboot. Also note that web pages often take considerable time to load, so I am suspicious that the computer is infected.
I saw the blog about this in Microsoft's Malware Protection Center ('Medfos, hijacking your daily search') but understood that Mozilla had already taken measures to block the extension being added to Firefox. I was wrong, I think : they're still grappling with some of the details.
It doesn't only affect Firefox, there will be hooks into whatever other browsers you've got.
The best way to deal with it is probably to take the advice offered in the blog and run the Malicious Software Removal Tool
This has been known by McAfee since 25 August (if the identification is the same : Medfos.t but corresponds to Microsoft's Medfos.b) so I'm surprised that a normal scan doesn't remove it. Perhaps the malware has been modified in some way. See the 'Characteristics' section of http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=1435835Message was edited by: Hayton on 16/10/12 03:08:42 IST