PSA: Windows UAC flashed and asked if I wanted Adobe Flash to update...

[Kalmah]

I thought this felt shady. I didn't even have my browser open and got prompted to update flash. Against my better judgement(something didn't seem right to me for this to pop up out of nowhere) I allowed it. Then the adobe updater started and gave me an error saying the versions didn't match up: update canceled.

Now all search results in Google re-direct me somewhere else.
Windows security essentials was disabled as well.

Malwarebytes just found these:

Files Detected: 3
C:\Users\Bryan\AppData\Local\Temp\1jfuweif.exe (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Windows\Installer\{55759e46-c299-fc8b-34b9-56ce77f5e9e4}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{55759e46-c299-fc8b-34b9-56ce77f5e9e4}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

edit: even after removing those I'm still getting re-directs from google searches. (in firefox) Doesn't happen in Chrome.

edit2: This is one nasty SOB. I got security essentials to reinstall. It removes viruses then prompts to reboot. Upon reboot I get a critical system error message and then windows automatically restarts. It's stuck in an endless loop now. currently running virus scans in safe mode...

edit3: I found something strange in windows startup while booted in safe mode. The name of it was JEDI. lol. Disabled it and now I'm booting fine.

 

[KeithP]

edit: even after removing those I'm still getting re-directs from google searches. (in firefox) Doesn't happen in Chrome.

This might help with the FireFox redirects:
http://support.mozilla.org/en-US/kb/searches-take-you-to-wrong-search-website

I seem to recall there are some other things to check for in about:config but don't have that information handy.

You might also try downloading and running a scan with Super Antispyware:
http://www.superantispyware.com/

My Dad's computer had a bug not long ago that Malwarebytes couldn't deal with properly however Super Antispyware seemed to remove without issue.

-KeithP

 

[Kalmah]

This might help with the FireFox redirects:
http://support.mozilla.org/en-US/kb/searches-take-you-to-wrong-search-website

I seem to recall there are some other things to check for in about:config but don't have that information handy.

You might also try downloading and running a scan with Super Antispyware:
http://www.superantispyware.com/

My Dad's computer had a bug not long ago that Malwarebytes couldn't deal with properly however Super Antispyware seemed to remove without issue.

-KeithP

Thanks, Keith. I'll look into those in the morning if needed. It appears that all symptoms have gone away since removing 'JEDI' from the startup list. I havn't rebooted yet so I'll find out if it's back in the morning. If so I'll try your suggestions and report my results. I'm not convinced that this is entirely gone so some full system scans are in store for tomorrow.

 

[postmortemIA]

Thanks, Keith. I'll look into those in the morning if needed. It appears that all symptoms have gone away since removing 'JEDI' from the startup list. I havn't rebooted yet so I'll find out if it's back in the morning. If so I'll try your suggestions and report my results. I'm not convinced that this is entirely gone so some full system scans are in store for tomorrow.

make sure there are no EXE's with random names left, in my experience they replicate quite a lot.

 

[SilthDraeth]

Download a free trial of Kaspersky's internet security, and give it a full run, let it do it's reboot and run it again.

 

[mechBgon]

I thought this felt shady. I didn't even have my browser open and got prompted to update flash. Against my better judgement(something didn't seem right to me for this to pop up out of nowhere) I allowed it. Then the adobe updater started and gave me an error saying the versions didn't match up: update canceled.

Now all search results in Google re-direct me somewhere else.
Windows security essentials was disabled as well.

Malwarebytes just found these:

Files Detected: 3
C:\Users\Bryan\AppData\Local\Temp\1jfuweif.exe (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Windows\Installer\{55759e46-c299-fc8b-34b9-56ce77f5e9e4}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{55759e46-c299-fc8b-34b9-56ce77f5e9e4}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

edit: even after removing those I'm still getting re-directs from google searches. (in firefox) Doesn't happen in Chrome.

edit2: This is one nasty SOB. I got security essentials to reinstall. It removes viruses then prompts to reboot. Upon reboot I get a critical system error message and then windows automatically restarts. It's stuck in an endless loop now. currently running virus scans in safe mode...

edit3: I found something strange in windows startup while booted in safe mode. The name of it was JEDI. lol. Disabled it and now I'm booting fine.

Were you on a public network when this happened?

 

[VirtualLarry]

It sounds like Adobe's updater got spoofed somehow, to me at least.

 

[mechBgon]

Yeah, an EvilGrade-style attack seems like the most logical explanation. It's a best practice to only run updates on a trusted network.

 

[xgsound]

edit3: I found something strange in windows startup while booted in safe mode. The name of it was JEDI. lol. Disabled it and now I'm booting fine.

For future reference, I have found this tiny stand alone program ( http://www.mlin.net/StartupCPL.shtml ) very helpful over the years. It lists startup programs from several sources in windows with check boxes to deactivate. This makes discovering new oddly named startups (and bloated programs) easy to discover and disable after a reboot. It doesn't always fix every problem, but it often will then allow windows to start and other anti-malware programs to run.


Jim