Ever Seen This Malware? I cannot remove it

[chargerrich]

As a developer, I like to consider myself pretty proficient around a computer and have over the years removed several malware programs, but this latest has me stumped to the point where even my google-fu has failed me.

First let me state I know that I can just reformat and reinstall Windows 7, but I would like to avoid that if possible.

Anyway, the malware basically creates a popup that takes the shape of an iPhone that displays in the bottom right hand corner of my desktop using some keywords I have used to try and sell something. So for example, if I point my browser to a this site, the popup will say something like “click here to save 50% on straight dope items in your area”

The malware also likes to redirect me every so often (1 in 5 or 10) when I type in a URL to a malware/ad engine such as adserver and a few others.

Other than this is seems pretty harmless but it is annoying as hell.

I have done the following:

Ran TDSKILLER looking for a rootkit, none found.
Ran Malware Bytes several times, nothing.
I use spyware blaster
I have no script installed on Firefock
Have tired other programs such as adware and AVG free but the popup persists.

Anyone seen or defeated this little bastard?

[Sitnam]

REVO Uninstaller has served me well in the past.

[ftg]

For really stubborn stuff I use Kaspersky Rescue Disk. You sometimes need a standalone AV disc. Download and burn on a different computer.

Does this page about Cloud Protection look relevant?

[drachillix]

chargerrich:

As a developer, I like to consider myself pretty proficient around a computer and have over the years removed several malware programs, but this latest has me stumped to the point where even my google-fu has failed me.

First let me state I know that I can just reformat and reinstall Windows 7, but I would like to avoid that if possible.

Anyway, the malware basically creates a popup that takes the shape of an iPhone that displays in the bottom right hand corner of my desktop using some keywords I have used to try and sell something. So for example, if I point my browser to a this site, the popup will say something like “click here to save 50% on straight dope items in your area”

The malware also likes to redirect me every so often (1 in 5 or 10) when I type in a URL to a malware/ad engine such as adserver and a few others.

Other than this is seems pretty harmless but it is annoying as hell.

I have done the following:

Ran TDSKILLER looking for a rootkit, none found.
Ran Malware Bytes several times, nothing.
I use spyware blaster
I have no script installed on Firefock
Have tired other programs such as adware and AVG free but the popup persists.

Anyone seen or defeated this little bastard?

Take a look at your startup tasks and your general task list, look for suspicious entries, especially ones with paths to random file names or paths to temp folders.

Disable them

note those filenames and search your registry for that word, export a copy of the key then delete the original.

Reboot and see if its still there
*please note these instructions assume poster is familiar with task lists, startup list and registry editing.

If that does not solve it, post in thread

I will PM you a remote session link and give you a look no charge.

free virus help from www.pcsearchandrescue.com

[Quartz]

Did you run Malware Bytes etc in Safe Mode?

[Mdcastle]

Norton Power Eraser has served me well several times.

[md2000]

I know the fake-AV sometimes used to hook itself into the registry for the “.exe”; every time you ran a program, it instead launched the virus program, which then ran the requested program, provided it was not and AV program.

What are the symptoms - it appears on the desktop, or only when you run IE? DOes browser redirect happen with Firefox or Chrome too, or just IE? What about booting in safe mode and see if the same symptoms happen?