Please help with Virus / Malware problem - Win32:Malware-gen URL:Mal

[essexboy]

It appears to be well hidden within either Firefox or Chrome (they do share some files)

At this stage the easiest option would be to fully uninstall Firefox and Chrome, then re-install 

[marsd]

will I have to lose my bookmarks and plugins/extensions?  or can I keep anything?

[essexboy]

Ideally it would need to be a fresh start with regards to plugins/extensions, but export the bookmarks as they should not be a problem

[marsd]

ok sounds good-
I do this through add remove programs or some other way?

[essexboy]

For firefox, first backup your bookmarks to the desktop
Then follow the steps here http://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer
This is the important part as we do not wish to retain the bad plugin :

If you want to remove your Firefox user data and settings, put a check mark in the box that says Remove my Firefox personal data and customizations. If you select this option, Firefox will not preserve your bookmarks, saved passwords, and other data if it is installed again.

Same for Chrome here https://support.google.com/chrome/answer/95319?hl=en

[marsd]

strange thing-

I removed firefox, then chrome following instructions- I even removed left over firefox folder in C program files-

However when I went to download new firefox and reinstall it I then opened firefox and it had all of the plugins still there!
It had 3 less extensions, but it left 3 extensions in firefox and all 3 were disabled-- The plugins were all enabled!-

I have before screenshots of the addons if that is helpful at all-

I also tried to replicate the Trojan horse popup, and it is still there.

[essexboy]

Yes could you show all the addons.  Did you select remove all data and then delete the firefox folders before re-installing ? 

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

[marsd]

yes I did all that before reinstall-

I will do this now-

here are scnreenshots

[marsd]

2 of 4

[marsd]

3 of 4

[marsd]

4 of 4

[marsd]

just got this in IE

Infection Details
URL:   http://url4short.info/favicon.ico
Process:   C:\Program Files\Mozilla Firefox\firefox...
Infection:   URL:Mal

I got it by going to google and searching for:

https://www.google.com/search?q=HTML%3ARedirDL-inf+[Trj]+type+of+trojan&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#client=firefox-a&hs=zdw&rls=org.mozilla:en-US%3Aofficial&sclient=psy-ab&q=what+type+of+trojan+is+HTML:RedirDL-inf+[Trj]&oq=what+type+of+trojan+is+HTML:RedirDL-inf+[Trj]&gs_l=serp.3...10931.16746.1.16959.25.24.0.0.0.14.261.3178.0j23j1.24.0...0.0...1c.1.15.psy-ab.LguZXFN4_K8&pbx=1&bav=on.2,or.r_qf.&bvm=bv.47244034,d.aWM&fp=df2c1034d2b67a94&biw=1920&bih=1061

what type of trojan is HTML:RedirDL-inf [Trj]

Then when I clicked on the 4th thing listed it gave me that message--- However when I try and click a second time the message does not come--- Seems to have some kind of similar pattern?

http://www.drumcorpsplanet.com/forums/index.php/topic/154946-dcp-infected/

[marsd]

I ran TFC.exe

[essexboy]

Do you have firefox set to synch as most of the addons/extensions are not part of the base package

Could you open a command prompt and type in the following pressing enter after it

ipconfig /flushdns

[marsd]

done