03-17-2011 01:18 PM
Every half hour office sacn will pop up with a box with 3 urls in it> it says these urls are dangerous. This even happens when I am not on the internet. I've scaned the computer with 2 differnet virus scanners and they both come up clean. How can I get rid of this dangerous url pop up. I've attached a screenshot of the pop up box.
Solved! Go to Solution.
03-17-2011 01:58 PM
You likely have a rootkit on that system. The .tj domain suffix is the Internet country code top-level domain for Tajikistan.
Check out TDSSKiller. Google it.
03-17-2011 11:35 PM
Also try Trend's Rootkit Buster, and Google for Malwarebytes.
DO NOT use this system for anything requiring a password, including baniking and email. If it does have a rootkit, it could be silently waiting to see you type a bank account number.
03-18-2011 04:53 PM
Hmm. If it calls out to .tj, that would scare me. I have tools I would use to check it for things that don't show in the Windows API.