Lefty123,
No, I have not read the link you provided above. Thank you, as I did read it, and mostly understand what it is.
I understand the authors of TDL-4 could be in real trouble for “stealing” a free GNU license to enable use of the kad network feature.
Very interesting reading.
BTW, I have come across another tool, provided by Microsoft, called Microsoft Standalone System Sweeper and used it to clean my son’s computer of a dangerous and nasty file called Trojan.Downloader (forget the exact classification) found in D:\flashget.exe. Interesting thing here is that his machine is set up as C:\HDD 0, E:\HDD 1, F:\HDD 2, with D:\DVD/CD-ROM.
As he is still young, he would not truly understand the risks involved in running a program as above utilizing torrents, etc.
I did run this machine in a PE environment as MSSS, and updated the definitions online before scanning. Could the trojan have come in when run in this mode? Or was the file hidden in this way so a/v and anti-spyware could not find it?
The link for MSSS is here: http://connect.microsoft.com/systemsweeper
Note: Options for 32-bit and 64-bit are available.
I am not assuming you or anyone else here has not heard of MSSS. Any thoughts re this program?
Clearly, browser redirects in search engines are a sign of possible TDL-4 infection. Avast! Forums show currently numerous user topics and threads re this behavior.
I would think (for now, anyway) that the only real solution is to wipe the C: drive thoroughly and reinstall Windows.
Thanks.
mchain
XP Home Edition SP3 P4 2.8 2 GB RAM Avast! 6.0.1203 Free