I didn't run half the cleanup and diagnostic programs I could have last time, but now with the google-redirect symptom I'm confident it was related to the dreaded rootkit virus.
Q1 - I have very few files. bookmarks, a few documents, and some pictures. Like most newer computers, mine has an option to recover back to factory settings without a disk - it seems to partially do it through a program called ImageX.exe
Is wiping my computer back to "factory settings" this way, a fairly sure-fire method to get rid of something as nasty as rootkit? Can rootkit hide throughout the wipe and still be in my computer somewhere? I try my best but have some pretty bad browsing habits (at least I understand why/how they are bad though), my work and research leads me to often access >1000 web pages daily. Since I have so little data and its stored in many other physical places, If I encounter something truly nasty like TDSS rootkit, I like clean wiping my system in the way I stated above. After something so nasty it makes me feel reborn in a way. I am trying to prevent this from ever happening again (last time was the second time), but If I fail, is wiping my computer this way effective? It seems to be. Plus it's actually quite fast.
Q2 - After recovering from my first infection of the fake anti-virus, probably with rootkit, I set up my computer with MalwareBytes and Microsoft Security Essentials. After some hardcore browsing sessions on Mozilla I deleted maybe 10 files via MWB. I think they were mostly designated as trojans; other than that everything was smooth. Then like I was saying, after a month of feeling up to date and secure a fake antivirus is on my computer and desktop and I was experiencing google-redirect.
Is there some program any of you recommend which is really "hardcore" about filtering executable programs? I use so little on my computer, It seems like it would be easy to just have my few choice programs allowed. I don't download anything either really, just my base programs. I must be picking up this stuff through other more sly methods. I think there are Mozilla add-ons for something like this but I am afraid they wouldn't be powerful enough. I found a program, amongst a few others called "Trust-No-Exe". Can you guys comment on it, or maybe point me towards a better program/method? In my head, this seems like it could prevent some virus problems, kind of.
Final Q - These fake antivirus viruses, they are also giving you fake alerts on your main programs and such. Sometimes they give you quite colorful alerts though, like "IP adress ________ is _____ing your computer". Or "_____ on your computer is being sent/accessed by (some e-mail)". It always sounds super nasty and invasive, but I have learned to ignore it as it's part of the fake anti-virus game. One time I wrote down the supposed invading IP adress, and it was from somewhere in Norway.
However I experience a new warning which I haven't heard mentioned once, and it was similar, but a little to much for my taste. It popped up, "alerting" me, that something was being stolen or sent or whatever on my PC. OK, I know the game so no worries. But I noted in the various text, that it said-
"blahblahblah, (my friends email account for facebook)
blahblah (his password for that account)
blahblah (my aol email account screename)
blahblah (a password that I use to access a forum I belong to, but not the one I use for AOL)
Uhhhh? Needless to say I felt a little uncomfortable. I know TDSS rootkit is nasty and can do all sorts of things, so was that some for sure evidence that I was being key-logged at some point? I really don't like the thought of that. For all I know they were taking screen shot's of my research, logging more keystrokes, or remote accessing my computer in my sleep! Have you guys heard of these fake antivirus rootkit combos actually showing real information like this??
Hope this was the right section of the forum. Thanks for anyone who can help.
Edited by Alta Loreno, 14 November 2011 - 12:42 PM.