Platform: Windows XP, Windows Vista and Windows 7.
Symptoms, but not limited to:
- Search results using browser search box including Chrome and Internet Explorer 9 Omnibox are redirected to other sites.
- Internet Explorer is running in the background on login, using large amount of memory.
After long troubleshooting sessions I figured out that a bootkit was present on this computer.
A bootkit hides itself by modifying the master boot record.
The particular bootkit I was dealing with was not detected by Combofix, Malwarebytes’ Anti-Malware and many others. The only anti-malware program detected the bootkit was Hitman Pro 3.5.
If you are dealing with a persistent malware infection that redirects search results, try using numbers of anti-malware softwares. In addition to that, search for “Google redirect virus” using an uninfected computer. The malware redirects search result system-wide. On the infected system, search results were redirected on Internet Explorer, Safari, Chrome and Firefox. The malware will redirect search results on any browsers installed on the system.
It is almost 5 o’clock in the morning. I have not had a minute of sleep. I’ll clean up this post later.