Hi,
I have used the tool trying to remove an adware, but no results.
Here is the link of the malicious file:
[WARNING]: DON'T DOWNLOAD IF YOU ARE NOT A DEVELOPER
http://filesdownlall.ru/?file=adware
Update:
It looks like the malicious URL doesn't download the file now, so i uploaded the file here.
Update 2:
After some investigation, it turned out that proxy settings have been manipulated via registry:
Registry entries:
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@ = 0http://webunstop.net/wpad.dat?e2b3df1b55c236b7466f4a1d357fb86b36333950
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL = http://webunstop.net/wpad.dat?e2b3df1b55c236b7466f4a1d357fb86b36333950
Now everything works fine after deleting these entries.
Update 3:
Actually, after couple of hours it looks like my browser is still hijacked, and redirected to other websites :/ .