[Capuchin]

Hello fellows!

I have a piece of malware on my PC! This doesn't make me happy!
I need your help in getting rid of it!

What it's doing is hijacking my Google results and taking me to some ad page so they can make money. It doesn't seem to be doing anything more malicious than that, but I want to be able to use Google. It also blocks any attempt to download updates for anti-malware clients, so I'll need your help to make mirrors of any definitions updates if you recommend any new software to try.

I have detected the infection using ad-aware 2008, my PC works fine for about an hour and then the same problem returns, so it's obviously hiding away somewhere. I'm just running a scan now to see what it's called.

Ad-aware doesn't give a name, but this is what appears in the logs:

Family Id: 538 Name: Possible Browser Hijack attempt Category: Malware TAI:3

Item Id: 7007 Value: Root: HKLM Path: SYSTEM\ControlSet001\Services\Tcpip\Parameters Value: NameServer Data: 85.255.112.158,85.255.112.86

Item Id: 7007 Value: Root: HKLM Path: SYSTEM\ControlSet001\Services\Tcpip\Parameters\Int erfaces\{61E730B8-B842-49D3-8C53-3F4AE052CF84} Value: NameServer Data: 85.255.112.158,85.255.112.86

Item Id: 7007 Value: Root: HKLM Path: SYSTEM\ControlSet002\Services\Tcpip\Parameters Value: NameServer Data: 85.255.112.158,85.255.112.86

Item Id: 7007 Value: Root: HKLM Path: SYSTEM\ControlSet002\Services\Tcpip\Parameters\Int erfaces\{61E730B8-B842-49D3-8C53-3F4AE052CF84} Value: NameServer Data: 85.255.112.158,85.255.112.86

I hope you know what that means better than I do!

Hope you guys can help, I'm totally drowned under with work I don't have the time to look much deeper than I already have right now.

[Curlyben]

Spybot S&D.
You can download and apply the updates manually ;)
http://www.safer-networking.org/en/download/index.html

Actually you could simply hack those values out of the registry with good old regedit, BUT be careful. The registry isn't somewhere to go playing about.