Just wanted to note that I had an encounter with a very stubborn virus-logger-rediect. Closest thing I can find online is NGINX, and only way of giving it that designation was due to it’s redirect address being partially; Google(dot)com/ig/redirect . No need to post full redirect as that is online elsewhere. I had 3 partitions, with 3 operating systems including, 7, XP, Linux, and an encrypted section. Redirect of browser was first sign and redirect address was only way of guessing at what it was. Did online search and tied in that redirect with the NGINX name. Then went through about a day of trying to get rid of it using multiple online programs and suggestions. Nothing detected it or was able to remove it, including manual extraction attempts. I could see the various file names encountered on other logs of people who are willing to post such things online, but only similar data was the url of the redirect.
At last I gave up & decided to reinstall entire system using restore disks. Note that all browsers on all partitions were effected, & I never used XP online. But I did have some usb flash drives that were able to be used for storage on all systems. So removed the flash drives and had my driver flash from long ago in case of trouble. Restore was all day thing using restore disks, and intended to install 7 and then partition and go on with other system installs. All I got was the 7 done, was prepared to alter those things I usually do when I clicked on IE which had been installed with 7 and there was the redirect again. I had not left any flash drives connected and the restore disks were to factory original, did not need the driver flash even. I don’t use restore in XP or 7 although have had 7 over-ride my lack of restore dates in past so routinely delete all restore dates. Checked that function and yes it had turned itself on in reinstall and so I thought maybe it had been on when I went through reinstall and somehow retained the virus despite using factory restore disks. Absurd, but was scratching my head ??? Made sure restore date was deleted and off and then did the full restore again. Logic failed me as I should have checked details better. Anyhow after the next restore by disks, it was there again.
Ok I dig out an old disk I had from computer class & used it to directly look at the hard drive. 6 Partitions! That should not have been like that after a full restore, and was more partitions than I ever had. But on graphic of drive all partitions were off to one side & contained very small amount of space. If I didn’t check the data the image would have looked like a normal install of 1 operating system. I hate formatting and manually creating the original partition mainly because of nightmares from long ago when drivers were lost and CD drive or USB wouldn’t work, and rewritten start code on win 95 as well as getting displays to work, won’t say what VGA used to mean to me.
But did go ahead with format & partition manually defined. = 7 restore disks again, and this time I had a good operating system with no redirect on browser. Then I formatted all flash drives, & should mention I lost everything on that machine that had not been backed up almost 4 months ago. Frustrating, but at last I can start over, as I am doing now, by changing all my passwords everywhere.
I would not publish my logs in a public forum, but think this thing is changing, & using perhaps a new method to multiply and hide. Can’t even tell you what file name to look out for, I don’t know. Hope a method is found to detect this, although the redirect is obvious, if not for that, I would not have known it was on my machine.
M
if and when you are infected, there is a guide here to follow…and attach the requested logs
http://forum.avast.com/index.php?topic=53253.0