One of my users somehow got the "AV Security Suite" scare/ransom ware on his desktop. I followed instructions from a few different sites in order to remove it. Both Spybot and MalwareBytes (in safemode) found the malware and claimed to remove it. I also searched the registry and removed any lingering entries I could find for the malware.
When I reboot, the fake AV software seems to be gone. It no longer appears claiming that my computer is infected. Programs like task manager, msconfig, regedit have all started working again. And IE is no longer proxied to 127.0.0.1 (localhost). For all intents and purposes it looks to be gone.
Then I tried a search. I get "Officescan has detected a Web security policy violation and blocked the URL(s) listed below" " characters>.com/<random characters>" from Trend Micro Officescan when I do a search on Google, Bing, or Yahoo. Other search engines like Lycos and Altavista are not effected. The security violation seems to appear whether I do a search from a toolbar (google toolbar), the IE Search Box, or the search engines web page.
I've checked add-ons in IE, running processes with Process Explorer from sysinternals, and have run a Spybot scan again. I've also reset IE to it's default settings "Internet Options->Advanced->Default" None of them seem to work. I continue to get the security warning. Could they have modified my IE in order to force IE to another page before the search commences? Should I try to reinstall IE.
Does anyone know how to resolve this issue?
thanks
When I reboot, the fake AV software seems to be gone. It no longer appears claiming that my computer is infected. Programs like task manager, msconfig, regedit have all started working again. And IE is no longer proxied to 127.0.0.1 (localhost). For all intents and purposes it looks to be gone.
Then I tried a search. I get "Officescan has detected a Web security policy violation and blocked the URL(s) listed below" " characters>.com/<random characters>" from Trend Micro Officescan when I do a search on Google, Bing, or Yahoo. Other search engines like Lycos and Altavista are not effected. The security violation seems to appear whether I do a search from a toolbar (google toolbar), the IE Search Box, or the search engines web page.
I've checked add-ons in IE, running processes with Process Explorer from sysinternals, and have run a Spybot scan again. I've also reset IE to it's default settings "Internet Options->Advanced->Default" None of them seem to work. I continue to get the security warning. Could they have modified my IE in order to force IE to another page before the search commences? Should I try to reinstall IE.
Does anyone know how to resolve this issue?
thanks