Earlier today a client called and said he had a virus or some spyware on his computer that could not be removed. The client was remote so I had to login to his computer to investigate. I used the typical tools such as Malwarebytes and Microsoft Security Essentials but the issue still existed. It seemed as if the computer had a proxy server configured but the proxy did not show underneath Internet Explorer connection settings or any of the other browsers. It didn’t happen all of the time but every now and then a pop up window would appear for the site GimmieAnswers.org and some other pop ups regarding “Daily Giveaway Contests” were also displaying. Below is more information on how the issue was resolved.
GimmieAnswers Removal, Alureon Removal, TDLS Removal, Rootkit Removal:
The answer to solving the problem ended up being fairly easy once I located the right software. The software used to remove the TDLS (alias Alureon) rootkit was to use SurfRight’s Hitman Pro software which can be downloaded here. Pick the correct version based on if your version of Windows is 32-bit or 64-bit, download, and then run the executable. I would run it only once without installing the software so it doesn’t run every time you start your computer. After running the software it found numerous proxy’s running as well as a bootable item that was starting every time the computer started. All of the other virus, malware, and spyware applications used were unable to remove this rootkit however the Hitman Pro software solved it without issue.