Devlin Carnet

A strange one,
I'm really having fun with this PC lately.
Homepage is Google,
..fine
I do a search..
..Fine
I click on one of the return matches to the search..
I get a "ringtones4u" or other such marketing website in my browser.
I have run a superantispyware, and Nod32 antivirus/malware scan which return nothing.
Anyone had this, I expect not, seems I'm having a bad weekend.

Saab Dastard

Search is your friend! There was a thread on this not long ago - perhaps this may be of use.

SD

Devlin Carnet

Thanks Saab, that does look like the same problem.

frostbite

Be very careful when searching at the moment, especially searching for AV stuff.

An item on R4 You & Yours suggests that such a search can currently land you with exactly what you're NOT looking for!

Devlin Carnet

Thanks for the heads up Frostbite, A little late for me though.
I cant believe any of the better AV/anti spyware programs cant find it though.

Raven30

I have just spent a day trying to recover from a similar attack to the one mentioned above. Tried 4 different anti spyware applications but the problem remained. In desperation I rang a friend in the computer business to see if he had any ideas how to proceed and he emailed me a small application called combofix. Unzipped it to the desktop, ran it and 20 minutes later my machine is back to normal. Cracking little program. It might just solve your problem. Its freeware and readily available on the net.

Good luck

Raven

Devlin Carnet

Raven,
Yep, you are spot on, I'd already found combofix and it cleaned the infestation out, it was tdssdata - a trojan agent. that was the problem.
It mentioned in the log about it being a rootkit.
Thanks for the info though.

Raven30

Obviously the same trojan that zapped me as those were the files reported on my machine!