Hello. Two days ago I picked up a nasty browser hijacker that is redirecting the first result in Google every time. It is sending info to this IP addres: 74.55.39.44 - it changes the first link in the Google results to a link to that address with a bit of encrypted code beside it. It then off loads me to blinkx.com with search results.

I have a full scan with Avast 5 and got no results. I also got no results from Spybot or Windows Defender.

It appears to only affect Firefox (Version 3.6).

I’m running Windows 7 32bit.

Any help would be greatly appreciated. Thanks in advance.

hpHosts blocks blinkx.com

See:
http://hosts-file.net/?s=blinkx.com+&x=24&y=6 <== EMD - sites engaged in malware distribution

Download Mawarebytes’ Anti-Malware (MBAM) then install it then update its definitions then run a Quick scan and tlet it remove what it finds:
http://www.malwarebytes.org/mbam.php

I ran hijack this and did a detailed review of the log file only to find one thing out of place:

O4 - HKCU..\Run: [upsys97] rundll32.exe “C:\Users\CptSternn\AppData\Local\upsys97\upsys97.dll”, DllInit

I couldn’t find any mention of upsys97.dll on the internet. I uploaded it to Jotti and all of the scanners reported it clean except Sophos which tagged it as a trjoan - Mal/Behav-365. I have since remove it and we will see if that fixes the issue. If so, just wanted to let the Avast admins here know that this is a relatively new virus (timestamp says I got the above DLL just three days ago) and nothing other than Sophos is currently picking it up.