The Firefox redirects looks like JS/Redirector VIL - http://vil.nai.com/vil/content/v_249453.htm and would request you to update dats and re-run a scan on the machine.
New malware.J is a heuristic detection, meaning that the scanner has seen suspicious activity on a process like creating new files and attempting to use elevate privileges etc... If a sample is detected as New Malware.j then it is likelythat the system is currently infected and has virus or Trojan processes running.
The New Malware.j detection intentionally does not contain repair, as files detected under this name could be performing any malicious activity. Samples detected as "New Malware.j" should be submitted to AVERT so that they can be properly classified and have proper repair added to the DAT files.
Please submit the detected samples to Avert using steps outlined here. This will help us identify the infection and add detection accordingly.
I'm trying to add the folder to a zip file but that is not working. Is it due to the quarantine McAfee has placed on it?
I'm already signed up to the AVert Labs and am currently trying to send it in. Now I'm also getting Hiloti.gen and Artemis popups from McAfee.
Something else to try....
Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.
First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.
Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.
Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
Malwarebytes Manual Updater link
Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:
SuperAntispyware Manual Updater
In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
Hope this helps.
Even if I am able to install what you've asked on the infected computer, should I still do this on a clean computer? I actually was attempting to get help from bleeping computer as well.
That's what I've been doing.
Aside from that, I have added symptoms and added viral issues beyond New Malware.j, which I no longer get a warning for.
At the moment, i am now getting warnings for Bredolab.gen.l, Hiloti.gen, and Artemis!A6A4EF77DC23 from McAfee.
I have a similar problem with this trojan. McAfee reports:
About this Trojan
Detected: New Malware.j (Trojan)
Quarantined From: C:\WINDOWS\TEMP\pgex.tmp\svchost.exe
A new folder under C:\WINDOWS\TEMP\ (pgex in the example above) is created about every 5 minutes. The folders are empty.
I have deleted a couple of hundred or more of these folders.
No other effects have been detected to date.
I have run rkill, and installed, updated and run both Malwarebytes and SuperAntispyware as suggested.
The virus persists.
Are there any other solutions?
I also have a similar problem. I now get pop up messages from McAfee every 5-10 minutes saying:
"File deleted - svchost.exe
The file name changes (but it always begins with C:\WINDOWS\TEMP and always ends with \svchost.exe). For the first day or two the second line said:
but then that changed to:
and now it is as shown in the first quote.
I have run a lot of programs, malwarebytes AM, SUPERAntispyware, and spybot and none detect any problems.
Hopefully a solution can be found. Thanks.
I have now the same error on my win7 machine.
Do you have a solution right now ?