Yeah, they love redirecting adware remover sites and google (if you find google.co.uk and google.com resolve to the same IP you know you've been had).
I can email you Spybot and Adaware but I doubt they'll sort it out. When I got rootkitted in this way, I found 3 kinds of malware and removed them, but nothing picked up the rootkit, which just kept re-installing them. Cue a weekend of frustration and grinding teeth. Eventually a tool from hijackthis helped me narrow it down to something that was living in c:\windows\system32\ -- except it couldn't pick it up properly or remove it. Had to boot off the Windows install CD, enter recovery mode, re-jig the registry to see the last valid restore point, and then go file-by-file through everything in system32.
This is because the fucking little cunt hid itself even from dir /a in the DOS prompt. You could *only* find it if you specified a wildcard spec that showed less than 10 files. So, I had to compare a full c:\windows\system32>dir /a with a piecemeal version dir /a aa*, dir /a ab* etc.
no subject
I can email you Spybot and Adaware but I doubt they'll sort it out. When I got rootkitted in this way, I found 3 kinds of malware and removed them, but nothing picked up the rootkit, which just kept re-installing them. Cue a weekend of frustration and grinding teeth. Eventually a tool from hijackthis helped me narrow it down to something that was living in c:\windows\system32\ -- except it couldn't pick it up properly or remove it. Had to boot off the Windows install CD, enter recovery mode, re-jig the registry to see the last valid restore point, and then go file-by-file through everything in system32.
This is because the fucking little cunt hid itself even from dir /a in the DOS prompt. You could *only* find it if you specified a wildcard spec that showed less than 10 files. So, I had to compare a full c:\windows\system32>dir /a with a piecemeal version dir /a aa*, dir /a ab* etc.
Enjoy!