5 Replies Latest reply on Jul 6, 2012 9:18 AM by Hayton

    Unknown Malware need assistance identifying and gettting added to the McAfee Database

      Hello,

       

      thanks in advance for the help on tracking down what this piece of malware is.

       

      We have 3 PC's in our office out of about 150 that are exhibiting the following symptoms:

       

      Open google -> perform a search for, for example: this friday vs next friday

       

      click on a result, usually the first one goes through to the searched result page without issue

       

      click the back button, pick another result from the list of search results and get redirected to one of several websites.

       

      the first PC that was reported to us as having issues was re-ghosted and the malware infection was found to remain after the ghosting and it will be the one we will be running any tests on.

       

      The second PC was in our Accounting Department and contains sensitive data and I aggressively attempted to clean and identifiy the malware with a battery of Malware Bytes, TDSS Killer, COmbofix, and several others scan but found nothing noteworthy. However, the symptoms point to some kind of well hidden and new varient of TDSS or another root kit.

       

      All PC's are running the Sonicwall Enforced Client by McAffee and scans wtih the AV / Malware Bytes/ Etc, find nothing wrong.

       

      I have taken one if the PC's through the helpfull people at bleepingcomputer and they were able to walk me through removing the malware and making the symptoms go away but have been unable to identify the culprit.

       

      full details on what was done are avaialble

       

      http://www.bleepingcomputer.com/forums/topic457858.html/page__gopid__2745823#ent ry2745823

       

      I have an untouched PC that has this  infection that we can use to isolate the infection.