Hi all. To my horror, today I ran a Google search and clicked on a result, and was redirected to some money-generating “scareware” site. The search result’s URL looked good on the screen, looked good in the status bar when I hovered the mouse over it, and works fine if I right-click the URL, select “Copy Link Location”, then paste it in a new tab/window. But if I click it directly, I get redirected to scareware/ad-spam type pages. This only happens rarely though, the vast majority of search results work correctly.
I don’t see how this can be anything but malware on my PC, and I’m VERY careful and have been running CIS since April, and I installed it on a known-clean new PC. I use Firefox only, latest version always, NoScript and AdBlock Plus in use and updated promptly, Windows XP Media Center Edition XP3 with all security updates always applied, always login as a limited user except for installs/updates, etc. And I’m not dumb, I’m a professional software engineer, and I know what not to do.
I restored my boot partition from a mid-October image (over 20 days ago), and the malware is STILL there and functional, so it’s been there quite awhile now, without CIS ever noticing or alerting me. I scan daily and have CIS configured at nearly maximum security levels.
And CAV happily reports 0 malware found on all scans, and D+ never, that I can recall, gave me a single alert about the thing, and Comodo Firewall never caught anything either… and obviously this malware must be communicating with the outside world, to get its list of links, etc.
Now I’m likely going to have to ■■■■ away the machine’s boot partition and restore it back to the manufacturer’s factory default image, then spend days applying updates, patches, programs, configuring, etc.
Anyone have any idea how this might’ve happened, and why CIS can’t find the thing? I’m considering downloading and running a scan with that “malwarebytes” scanner, turning off CAV’s realtime mode while I do so. Anybody done that before? Does it work?
I’m not too happy with CIS right now. Has anyone encountered this, and can they help, or should I just ■■■■ the drive back to the factory image? If it’s a nasty, deep, hidden rootkit (I don’t see anything unusual in Task Manager or startup items, for instance!), I may have to.