Hello, I have somehow picked up a bug that keeps redirecting to random web pages. MBAM finds two files (nsrbgxod.bak and protect.dll) but when it quarantines and deletes they show back up after reboot. I have noticed that I am not the only one to have had this problem but can't seem to find anything that can take care of it. Anyone able to help me out?

Have you tried scanning AFTER you turn off system restore? You should turn it ON after the infections are removed. If the infection keeps returning that could be the solution. If that doesn't help I would suggest running unhackme: http://www.greatis.com/unhackme/dow... Follow the beginner suggestions on the left side of the page and be sure to run through all the options untill the PC is clean. Google any questionable items found. DON'T remove anything you are unsure of, this is a powerful tool. Some HELP in posting on Computing.net plus free progs and instructions Cheers

Yes, I have tried scanning with System Restore off. I have scanned in Safe Mode as well. Same results. MBAM says it has quarantined and deleted the protect.dll but must delete the nsrbgxod.bak upon reboot. After reboot both files still show up. I can delete the protect.dll file with Unlocker but within 30-45 seconds it rewrites itself.

did you run unhackme? Some HELP in posting on Computing.net plus free progs and instructions Cheers

OK, problem seems to be solved. Ran UnHackMe twice and it seems to have gotten rid of the root of the problem. Once I ran UHM the protect.dll file quit showing up and I was able to quarnatine and delete the nsrbgxod.bak file. Browser seems to be working normally again. Thank you very much for the help!!!!

Thanks for posting back! Glad to help you. Some HELP in posting on Computing.net plus free progs and instructions Cheers

This is a tough one. After several scans an reboots, I ended up with a set of consistent errors MBAM couldn't get rid of. I then manually deleted each of the problems reported in the MBAM report. The one that was 'in use' and couldn't be deleted was C:\D&S\user\Local Settings\Temp\nsrbgxod.bak. I believe this file somehow reloads the malware during the Shut-Down/Reboot process. The solution was to go into the Task Manager and kill any run32.dll occurances. Then delete nsrbgxod.bak and reboot. My system then came up clean. Good luck!