I am using Windows 7 Home premium .
When I use the Internet explorer or firefox and search something on Google, it redirects me to a travel site or eshop or obscure search engine relative to the search string or term , but not the actual real site, term or product.
This behaviour only seems to happen when you use the actual search textbox on the google web page and click a search result, and not every time or perhaps only once.
The redirect URL shows at thebottome of IE as below:
... being the most common one. sometimes it goes through 2 or 3 urls before a page loads.
seems to be russian in origin ( no surprises !)
IF you just press back to go back to the search page to click on the link again. The second time I press the link, it goes to the correct page .
There is old talk online of it being related to a TSS rootkit?. but with no solutions
Also talk of some sort of script injection ito the browser page probably by a rootkit but im lost without tools i can use on 64bit.
The initial infection was a scareware app that malwarebytes did remove but this symptom still stays no matter what i do.
Also added its own DSN server into the windows settings, which i have manualy got aroung to allow updates for security softwares.
I have tried :
ipconfig / Flushdns
Malwarebytes anti malware: nothing found
hijackthis : cant see anything suspiciuos
superantispyware: nothing found
full virus scan eset and AVG : nothing found
TSS rootkit removal tools from kasperski : usbaudio.sys MD5 suspect so i removed it : No result.
Can't run root repeal cause its 64bit windows
Can't run combofix cause its 64bit windows
Has anyone delt with a new mutation of this nasty?
or good rootkit tools for 64bit. or a solution would be brilliant
Thanks in advance