Forum Moderators: Robert Charlton & goodroi
This is what is does:
- all Google(and Yahoo) searches yields results with the proper page title, the proper ransom note, the proper kb's,
- yet the domain that appears is for some stupid MFA shopping sites
- if you click anywhere on the results, you get redirected to the MFA shopping site
So basically they are inserting there domain into the SERPS.
I tried Avast, Hijack This (killed off unknown processes), Adaware, Spybot and last night I used M$ Onecare scan.
Spybot was the only one that yeilded a problem and it deleted whatever it was.
However, now Google SERPS take for ever to load. Yahoo will search properly now. So I am sure its not completely gone.
I spent an hour searching with Yahoo last night for anyone talking about this particular Malware and a possible cure, found some similar Malwares but after following the instructions about registry changes, I can seem to find it.
Anyone have any ideas?
Thanks for the suggestions,
..added
yes, Spybot did say what they found, just cant remember what it was, but it was nto what you are suggesting
and i do know where i picked it up, on a message board on a compromised server, there are several of us with the exact same malware, we are all stumped
[edited by: tedster at 5:31 pm (utc) on Nov. 20, 2008]
so you had the exact same thing?
that worked!
