Apparently firefox is attempting to connect to a site containing the trojen, and it happens all the time, even when I am away from my PC. I have conducted full system scans with both avast and malwarebytes, and they could not detect any issues.
In fact, literally just then, i got the usual ‘ding ding ding threat has been detected’. I am worried, as I have sensitive data on this machine.
What is causing the attempted redirections, and how can I remove it? Thanks
I have followed the instructions dealing with scanning. Malwarebytes still returns nothing, and FRST64.exe has provided Addition.txt and FRST.txt. What do I do with these files? Thanks for your patience.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Please close any other programs you are using and save your work / files. The FRST script will close all unneeded processes and then reboot the system (if needed) when finished.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
Also, your DNS server is set to a local one (10.0.0.138). Are you familiar with this server? Can you use a Google Public DNS server (8.8.8.8 ) and see if the problem still happens?
Thanks. I followed your steps. The computer restarted successfully. However, immediately, malware bytes spat out this notification, with is the same thing avast blocked previously: https://imgur.com/a/HZWHu
Fixlog.txt has been attached.
I am not familiar with that server, I just use whatever the system determines works, as I don’t know much about DNS servers. How would I safely go about using Google Public DNS server 8.8.8.8? Thanks for your patience - this is a new rig and I am a little nervous that I’ll make a damaging mistake.
Firefox does not attempt to redirect at specific times. It is rather random, as over the last 24 hours, it had actually stopped. As I am writing this, it has only occurred once since the restart.