|A short story of my battle with a Google redirect (redirects your search selection to spammers) piece of malware… I did have the latest TELUS Securities software, but this pdf file slipped through, and by the time the TELUS stuff gave a message that there was something wrong, it was way too late. First I did some reading on the web (using a different computer) and downloaded “Process Explorer” and “Autoruns” to determine what was happening. Then I downloaded several packages which some claimed would work, but didn’t, so the fun began…|
In C:\WINDOWS\Tasks and set to startup every time the computer was powered up, the taskname “Huwzu” (.job) ran the line “2.exe C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\usp10Y.dll",Wucbmjzm”.
In C:\WINDOWS\system32, found “usp10Y.dll” 148KB created May 12, 2012 at 11:56AM (precisely the time I downloaded a self extracting pdf of a trailer hitch).
In Registry, discovered “Huwzu.job”, “2.exe”, “usp10Y.dll” and “Wucbmjzm” entries.
In Safe Mode used “Autoruns” program to delete “Huwzu” process, removed from C:\WINDOWS\Tasks all tasks created from May 12 2012 (the day I got this bad boy), removed all prefetch files in C:\WINDOWS\Prefetch created from May 12 2012, then tried manually deleting “usp10Y.dll” from C:\WINDOWS\system32 but I could not change the permissions of the file no matter what I tried. Finally downloaded “Malwarebytes Anti Malware” and ran it directed to “usp10Y.dll” and that eliminated that file. Did not want to edit the registry manually, so returned the computer to normal operation (msconfig), rebooted, backed up the registry, downloaded “CCCleaner” and ran that once to clean the registry, worked like a charm. Searched for any traces and none found, rebooted several times and all appears to be fine now… How was your weekend…?