OK, I've got a weird Trojan problem. Anyone ever hear of Lori Weiman?

http://www.thefreelibrary.com/Click+Forensics+Names+Lori+Weiman+Senior+Director+of+Product...-a0159232400

I obtained the above link with great difficulty. I was researching the "clickfraudmanager.com" website and found her name associated with the website. And beleive me, I've tried ALL the remedies for eliminating the "clickfraudmanager" redirects.

I have a persistent Trojan virus (virtumonde, originally) that is redirecting many of my virus-related web searches.

However, when I search for "Lori Weiman", the redirecting gets aggressive and sends my browser in every direction BUT information for "Lori Weiman". She seems to be "Senior Director of Product Management" for a firm called "Click Forensics", whose website I cannot see.

Any thoughts?

Seriously.

I know that's not an option people want to hear, but once you're infected with something that is known to install rootkits (and especially if you are aware of continued problems like this) you are putting at risk everything you do by continuing to use this system on an open network.

But now it's looking like a necessity.

I've been battling this since last week. I've tried all the "fixes" for various problems and I've got THREE anti-malware monitors running full-time. And they catch something every day.

I know little about rootkits but I know they're bad news.

Thanks for the advice.

You can even get rid of them. The problem is you don't know and probably can't know all the damage they've done during the time they've been installed, things like installing still other rootkits. Unless you spend a lot of time (and I mean A LOT) rummaging through logs and doing hash checks of important system files and all sorts of other things that, you're not going to know whether your system has been cleaned or not. Doing all that actually takes more time and effort than a backup of important data and reinstall.

BTW, I'd also change all my passwords to anything that had any kind of personal information.

And I'm not trying to scare you here, but this is how many identity theft stories start.

These redirects reportedly affect Firefox only, not IE. Try starting Firefox in safe-mode or install the NoScripts Firefox add-on and see if it clears up. Of course that doesn't correct the underlying problem.

I'll try the NoScripts, thanks for the advice.

But it looks like I'll be doing a system reformat.

some success with in the past. http://www.2-viruses.com/smitfraudfix-tutorial.html

I got excited about the program you mentioned until I read this paragraph:

Unfortunately, SmitFraudFix offers no real-time protection, which means that you can only remove parasites when your system has already been infected, and the damage could be already done. That said, SmitFraudFix will not protect your system from parasites as it is a specialized spyware remover.

However, if you are able to detect an infection, it is possible to remove some threats with this application.

BESIDES THAT! it is mentioned that you might not be able to use windows any more and only have a blue screen of death!!

Is this common? do you know?

I'm not familiar with this application, so what I'm saying here is just a general comment.

Really nasty malware can alter things like alter critical system files. They may still function, but they also do others things that you don't want them to do.

Infections that are hard to remove can be of this variety. Software exists that can find the infection, but the solution typically is to remove the offending file(s). If one of these files is a critical system file, doing so can result in a BSOD.

The first bit about the damage already being done is why I highly suggest one do a complete reinstall when one of these really nasty buggers is found. You may well be able to remove the problem that is causing so much obvious grief, but that removal would do little for the more hidden types of infections, the bits that do things in the background and aren't obvious annoyances. Annoying malware is akin to graffiti or someone playing their radio too loud. Damaging malware is akin to a cancer.

run from the installation disk be a possible alternative?
http://support.microsoft.com/kb/310747

Curious.

And it's a good tool, but it's not exactly an alternative.

One scenario:

You've go a bug, and it re-writes system files. You run your anti-virus, and it says it deleted the bug, but now you've got all these errors and suspect system file changes or deletions. You run sfc /scannow, and it detects a few problems and fixes them.

You reboot, and all seems to be working great. Problem solved.

... except, the bug also changed several registry entries in ways the virus checker and half dozen malware checkers you've run didn't detect. So that on next-boot, a registry entry does its thing and invokes this other, tiny little application that none of your scans found (because it was one of about a hundred files a trojan you had downloaded that is constantly evolving such that virus definition files have trouble keeping up), and it turns out that what that application does is check to see if one of its "critical" files is still there, finds it is not, calls in the Evil Marines, and here we go again.

The problem with a "well written" virus/trojan/etc. is that it is perfectly aware of things like SFC and is written so that it can deal with it being used.

There are trojan varients that write themselves to the first or last few bits of every .scp file on the system. That's a lot of files.

Time to save your docs and settings and nuke the drive and start over. Anything else is a waste of time.

Then, invest in a good backup software like Acronis or Paragon. I like Acronis. After you get your stuff setup the way you like it, and if it is still clean, image the drive. Save the image well. Regularly backup your docs and settings with it. Make new images down the road, as things change. In that manner, if you face this again, you will save yourself a lot of time and grief.

that said, I also believe it. Virii like this can go deep withing the registry and bugger a weekend for sure.

It also mentions the possible return of the virus which is why the times I have been tasked to use it I have run it more than once and have still found incidences of the virus.