Alureon

Similar Messages

• Trojan:DOS/Alureon.E is killing me! Help Please!

  Hello, here is my info:
  HP Pavilion dv6985se
  Windows Vista 64
  TrojanOS\Alureon.E is found by MSE and it can't be cleaned
  No changes were made before the virus/trojan appeared.
  I've been dealing with this for almost two weeks and can't seem to get it gone - since the computer is only used for internet access and contains no data, I decided to do a System Recovery back to Original Factory Condition using the included utility.  After doing that and installing all the necessary updates, MSE still finds the trojan and can't clean it.  Any suggestions?  I was also trying to figure out how to re-format the entire thing, but the computer did not come with a OS disk.  Any help would be greatly appreciated!
  This question was solved.
  View Solution.

  Hi,
  I would definitely suggest running the other Two applications, particularly MBAM with both the C Partition and Recovery Partition selected for scanning.
  EDIT:  You may also want to try This Application
  If you decide to wipe the entire HDD, first order a replacement set of Recovery Discs using the link below.
  http://h10025.www1.hp.com/ewfrf/wc/document?docname=c00810334&cc=us&lc=en&dlc=en
  If you have any problem with this link, order them directly from HP.
  If you live in the US, contact HP Here.
  If you are in another part of the world, start Here.
  You can then wipe the entire HDD as follows.
  Using another PC, download and install Killdisk on the link below - ( this application will write zeros to the entire drive ).
  http://software.lsoft.net/KillDiskSuiteFree-Setup.exe
  Download and install ImgBurn on the link below.
  http://download.cnet.com/ImgBurn/3000-2646_4-10847481.html
  Go to the Kill Disk application you have installed in All Programs, open the main folder, then select Bootable Disk creators and from that select Bootable DOS CD Creator which will burn the bootable ISO to a blank CD.
  During the next process do not worry about any warnings as your Recovery DVDs will reformat the HDD.
  Insert this CD in to your PC that is unable to load Operating System properly. Shut the notebook down, then start it again to boot from the Killdisk CD and follow the on screen instructions for Kill Disk.
  A brief description of the process is here Killdisk.
  Use this to wipe the whole of the Hard Drive, highlight (80h) and press f10 ( you will also have to type a confirmation and hit enter ) - ( this will make sure you include all partitions and then start the process - this may take a couple of hours! ). 
  When the process is complete, remove the Killdisk CD, insert your first HP Recovery Disc and start the installation.
  Regards,
  DP-K
  ****Click the White thumb to say thanks****
  ****Please mark Accept As Solution if it solves your problem****
  ****I don't work for HP****
  Microsoft MVP - Windows Experience

• Windows 8.1 will not copy files from intranet site.

  I am using Windows 8.1 and I am trying to copy files from an Apple Time Capsule disk to a local hard drive. First I got the message box that said "Your Internet security settings suggest that one or more files may be harmful. Do you want to use it
  anyway?" and when I said okay nothing would copy. I went into my Internet options and added the Time Capsule disk to my site list in the Local Intranet Zone and reconnected the shared drive. Now I don't get the error box but it doesn't copy
  anything either. It does nothing. Any suggestions would be appreciated.
  Benjamin Greco Jr.

  I suggest you to run a malware check.. 
  May be its due to this malware "ZeroAccess rootkit/Sirefef"... What it does is it will block downloading and it will block you from visiting to some site... 
  Download and transfer this....
  Use one scanner at a time
  Download hitman pro 3.7  from uninfected pc and transfer to you pc and install (shareware and can be activated for 30 days free)and have a
  full system scan.. http://www.surfright.nl/en 
  alternatively you can use hitmanprokickstart usb bootable
  http://www.surfright.nl/en/kickstart
  And/or
  use malwarebyte  downloaded from uninfected pc and transfer to you pc and install and have a full system scan http://www.malwarebytes.org/products/malwarebytes_free/
  And/or
  use adwcleanerand  downloaded from uninfected pc and transfer to you pc and install and ave
  a full system scan..http://www.bleepingcomputer.com/download/adwcleaner/dl/125/)
  And/or
  use Junkware Removal  Tool  downloaded from uninfected pc and transfer to you pc and install andhave a full system scan
  http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/
  And/or use TDSS Killer  downloaded from uninfected pc and transfer to you pc and
  install andhave a full system scan..: http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
  additional info
  If everything fails, you can use offline bootable resccue cd and do a full system scan... 
  https://support.kaspersky.com/viruses/rescuedisk
  http://windows.microsoft.com/en-us/windows/windows-defender-offline-faq
  How to create a defender offline bootable cd/pendrive
  http://www.pcandtablet.com/windows-8-antivirus-and-security/546/how-to-create-a-windows-defender-offline-usb-stick-to-remove-malware-on-windows-8-a.html
  Hetti Arachchige V Aravinda | Network & System Administrator (B.Sc, Microsoft Small Business Specialist, MCP, MCTS, MCSA, MCSE,MCITP, CCNA, CEH, MBCS)

• Recovery and MBR

  I recently purchased a Sartellite Core I7 with Win7 64bit installed. I don't have the exact model number since I am posting from a different machine. Anyway here is my situation: I recently contracted a rootkit (Alureon.A). My automatic update began failing and started popping an error describing what was wrong. I followed links and downloaded software to remove it. Nothing seemed to remove it and since the computer was so new I just decided to use the recovery partition on the hard drive. It installed perfectly and the computer is as good as new. My question is: Did the recovery completely overwrite and create a new master boot record, effectively getting rid of the rootkit? I prefer not to wipe the drive to DoD standards since the drive is over 500GB in size. Quite a lengthy process and it would destroy my recovery partition.
  Solved!
  Go to Solution.

  Did the recovery completely overwrite and create a new master boot record, effectively getting rid of the rootkit?
  Yes. The recovery process restores every byte on the hard disk. The MBR resides in the first sector.
  The recovery does not affect the BIOS, however.
  -Jerry

• Acrobat 9.5.1 BSOD

  (Windows 7 PC) - Have been using Acrobat successfully for about two years. Yesterday, was creating a PDF when BSOD, page fault, occurred. Did a scan with Microsoft Security Essentials and found that several viruses had gotten through - two Java exploits and Trojan:DOS/Alureon.A.
  Proceeded with clean-up with MS Security Essentials and with Defender Offline and they claim all viruses have been removed.
  Acrobat 9.5.1 continued to get the same BSOD condition - initialize the program, it churns by itself and faults in about 10 seconds or so. Attempted uninstall - failed with BSOD.
  Used MS Fixit which identified uninstall issues and 'corrupt patch registry keys' - MS Fixit claimed to fix the uninstall issue but could not fix "corrupt patch registry keys'.  Next uninstall attempt failed with installer note "This action is valid only for products that are currently installed".
  Next step - renamed Program Files (x86)Adobe/Acrobat folder to get that folder 'out of the way'. Reinstalled Acrobat from original CD - Acrobat 9.0 --- some install alerts flew by but the install seemed to complete successfully and a new Acrobat file was created within the Adobe tree - and several drivers were replaced within Windows.  No change in outcome - the installed Acrobat 9.0 thrashes to a page fault BSOD all by itself after initialization.
  Attempted to to update 9.0 to 9.1 via the Adobe web site but the installer couldn't find Acrobat - "...program missing or patch may update a different version...." . Ran MS Fixit again with focus on "install" and Fixit identified "corrupt patch registry keys" - and then claimed to have been able to fix that issue but the version update continues to fail with ".... program missing ....".
  I am prepared to get Acrobat X Standard to get past these problems if that seems reasonable. It's possible I might have to do a complete OS reload but I'd like to avoid that especially if I get Acrobat X.
  I'd appreciate suggestions from the Adobe "pros".
  Thank you.

  search4answers:
  An update for you on my circumstance - perhaps this will be helpful for you.
  It appears that I was hit with a rootkit virus where the final solution was (I believe) to run Kaspersky TDSSKiller.exe - you can track that down by keyword searching for that on majorgeeks.com ----
  Once I got rid of that virus problem, Acrobat became instantly healthy again - good correlation. I have no idea how I acquired the virus - or when. No previous MSE scans identified the problem.
  Some specifics - during my investigation, I ran a complete system scan with MS Security Essentials - over multiple full scans and taking recommended action, Security Essentials continued to show "rootkit:DOS/Alureon.A" as a problem virus.
  Security Essentials indicates it can not completely delete that virus and instructs that Defender Offline should be run - that's a software download to a specially formatted disk that then does a full scan in 'standalone' mode - restart from that disk and do a full scan. There is no positive indication that the standalone scan was useful. To the contrary, the standalone Defender scan was not successful and "rootkit: DOS/Alureon.A" always popped back up on a full Security Essentials scan run under Windows - and Acrobat consistently generated a BSOD.
  Following majorgeeks.com recommendation for that particular virus, I downloaded TDSSKiller.exe (free), ran it using the guide and notes provided by majorgeeks.com. The most interesting thing is that TDSSKiller identified and eliminated a different rootkit virus - "boot:Pihar.C" and never noted finding and dealing with "rootkit:DOS/Alureon.A".  Regardless, Acrobat 9.5.1 became instantly healthy and Security Essentials full scans (several, over time) never again showed "rootkit:DOS/Alureon.A".
  Tracking down a rootkit virus and it's spawn takes special skill and tools as rootkits disguise themselves a native to the system and launch other virus attacks that can be nasty. The only reasonable conclusion I have is that some rootkit virus got into my system at some point and corrupted some code that was used by Acrobat, perhaps exclusively by Acrobat, but not within Acrobat itself.
  The imperfect correlations I had were (1) an automatic Java software update followed by (2) immediate Acrobat BSOD followed by (3) Security Essentials identifying a serious rootkit virus but not able to delete it followed by (4) Kaspersky TDSSKiller.exe wiping out a different, but serious, rootkit virus followed by (5) an apparently healthy system again.
  Note, also, Security Essentials or Standalone Defender scan (can't recall which) give a notation that the MBR - master boot record - may be damaged with a rough guide on how to fix that. I chose to run "mbrcheck.exe" - another good pointer from majorgeeks.com. "mbrcheck.exe" does nothing more than verify whether the master boot record is healthy or not. Mine was fine, so the cryptic notations from MSE or Defender regarding the master boot record are not necessarily a useful tributary.
  I subsequently reran the Java update with no problems.
  Not to make this overly complicated, but my steps did include a full system restore to about a full month prior to the virus hit/BSOD event - with no success in eliminating the virus. From what I read, a "rootkit" virus can reside in software that is outside of the range of "sys restore point and recovery" - the master boot record is just one example of system code that is outside the realm of standard restore points.
  Hope this helps - good luck.

• How to format Lion OS X 10.7.5?

  I Don't figure out a lot from computers but my MacBook has been hacked I suppose and I want to format it in a
  cvery easy way. What is the simplest way to do it?

  I Have to do this: Computer has installed the TDSS/TDL/Alureon MBR rootkit. Recommended action: format hard drive including the master boot record, change all account passwords, reinstall the operating system. Ensure that the master boot record is wiped clean. If using Windows, format the drive, reboot into the recovery console, and run fixmbr command.

• FEP 2010 Implementation Notes/Concerns

  My perspective is from a large enterprise with SCCM 2007R3, no SCOM, currently running Symantec.
  I realize this is the first release with SCCM integration but I feel a few notes should be posted to either point me in the right direction for information or to better the product if my findings are correct.
  Current FEP 2010 findings:
  SCCM Integration:
  Only partial integration with SCCM (policies, collections, reports) Doesn't use the existing CM distribution points for definition distribution
  Scaling:
  Appears to be built for small to medium SCCM sites as the only automated definition delivery systems out of the box don't scale well.
  Automation relies on WSUS or Windows Update
  If you use UNC/DFS for definition updates you have to build the download and replication system - in this configuration there is no log of the definition transaction and its source on the clients. 
  WSUS and Windows Update implementations appear to be the only way to utilize delta definitions so UNC methods require full downloads.
  Alerting and Reporting:
  Email alerts don't give path and file nor accurate/full remediation detail, the only way to get detail is event log or SCOM
  No configuration for what information email alerts contain
  Alerts only once per 24 hour period per node without the ability to configure
  Alerts state action required even when the threat has been quarantined or deleted from the system and no additional malware or remediation is needed (specific test was with 22 malware components on the desktop,
  alureon file was one that showed this failure even though it never infected the system)
  Relies on SCOM for the optimal alerting and reporting
  Some built in reports don't appear to populate properly
  Policies:
  Although there are decent policy templates and CM integration, the policies aren't cumulative, they don't support layered/multiple policies
  XP Support:
  NIS (Network Inspection Service) requires WFP  = no Windows XP support
  Client Interface:
  In the client interface there is no way to view overrides or definition update configuration
  If UNC definition updates are used, the client interface doesn't update its last checked time

  This is old post and there have been several changes in FEP, now the successor of FEP is System Center Endpoint Protection (SCEP) and several things been improved. Try reproduce your issue in SCEP and if problem persist, please post it as a new question.
  I believe most of your issues been addressed in SCEP. However things like support for Windows XP is no longer available because support for Windows XP already ended.

• Outlook - Microsoft Office Pro Plus 2010

  Cannot receive email and "bogus" email being sent to my contacts from me....some to my deceased mother-in-law.

  If they are not in sent items, I dont believe these emails are actually generated.. Check whether they do realy exist in your sent items
  Any one can send any email address by spoofing.. 
  If they are not in the sent items, but your contacts still are getting spams , may be someone is spoofing your email address..  using a php form,
  these kind of thing can be done (not limited to php, may be almost any language can do it ).. http://www.w3schools.com/php/php_mail.asp But in the event that there is
  no proper email authentication, these spoofed emails are ended up in the spam folder at the receiving end.. 
  By any chance, can u reach any of your contacts who already received spams from you? and take the email header from that receiver??? 
  http://whatismyipaddress.com/find-headers
  https://kb.mediatemple.net/questions/893/How+do+I+view+email+headers+for+a+message%3F
  And you can trace the email generating source.. 
  http://whatismyipaddress.com/trace-email
  and get the ip details etc
  http://whois.domaintools.com
  IF you still suspect your pc is infected use following recommended tools
  Use one scanner at a time
  Download hitman pro 3.7 shareware and can be activated for 30 days free)and have a full system scan.. http://www.surfright.nl/en 
  alternatively you can use hitmanprokickstart usb bootable
  http://www.surfright.nl/en/kickstart
  And/or
  use malwarebyte and have a full system scan http://www.malwarebytes.org/products/malwarebytes_free/
  And/or
  use Junkware Removal  Tool  and have a full system scan
  http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/
  And/or use TDSS Killer  have a full system scan..: http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
  do not open email from unreliable sources like public cafes , and once again change password..
  If it is appearing in your sent items, this could be a worm problem... http://answers.stanford.edu/solution/what-are-mass-mailing-worms
  What these kind of worms do is,  steal your session (login) data like cookies and send emails through your email accounts..  
  http://answers.microsoft.com/en-us/windowslive/forum/email/hacked-hotmail-account-sending-spam-to-contacts/818d1fe7-c496-4d16-bbd6-b2ab430e312a?msgId=2a3784f4-9e39-4a0b-a17b-0680bc815f14
  http://answers.microsoft.com/en-us/windowslive/forum/email/my-hotmail-is-sending-spam-to-my-contacts-how-do-i/45614413-d6fd-43a6-8d71-4fc92905caa3?msgId=f5fd6670-78d5-4208-b5a8-495ec00323f4

• Windows 7 firewall fails to restore default policy error 3

  Currently, I am using Windows 7 32bits OS.
  First, I found that my Network Discovery won't stay ticked. After some troubleshooting on network problems, I found that my windows firewall is configurated wrongly.
  Next, I tried to restore default policy of windows firewall through Windows Firewall with Advanced Security. But it failed (msg:Could not restore the default policy Error:3).
  Then, I tried to use "netsh advfirewall reset" in cmd. However, the result is still the same (An unrecoverable Windows Firewall error <0x3> occured).
  I had also tried the methods suggested in <<Windows Firewall damaged by 'Windows 7 antivirus 2012'>>
  But the problem still cannot be solved.
  Will anyone help me please??
  Thanks

  The ehow article is erroneous. There is no "reset" command in the advfirewall context. "reset" was part of the deprecated "firewall" context.
  C:\Windows\system32>netsh advfirewall firewall reset
  The following command was not found: advfirewall firewall reset.
  C:\Windows\system32>netsh advfirewall firewall help
  The following commands are available:
  Commands in this context:
  ?              - Displays a list of commands.
  add            - Adds a new inbound or outbound firewall rule.
  delete         - Deletes all matching firewall rules.
  dump           - Displays a configuration script.
  help           - Displays a list of commands.
  set            - Sets new values for properties of a existing rule.
  show           - Displays a specified firewall rule.
  To view help for a command, type the command, followed by a space, and then
   type ?.
  Note the conspicuous absence of "reset."
  My own problem is that I've removed Alureon and Sirefef.AB from an office computer and one of them wiped out all of the firewall rules, and neither importing policies exported on another computer nor restoring default settings works. Both result in an "Error
  5," whatever that is. Anybody have any ideas?

• Virus keep coming back even after I restored to factory...Help...

  Hi, my model is toshiba p755 s5320.
  I wrote a few months ago,when I got this Alureon virus, then I decided to restore to factory settings.
  I rarely use this laptop, I don't know why I keep getting it and it keeps coming back. I only go to very few sites that are safe. I don't get it.
  Im considering yet again --- restore to factory settings. What if the factory recovery is infected, could that happen???? Is there a way to get this factory restore in CD form?
  Solved!
  Go to Solution.

  Satellite P755-S5320
  Alureon virus  ...  What if the factory recovery is infected, could that happen?  ...  Is there a way to get this factory restore in CD form?
  Seems to me if the hidden partition containing the image were infected, Monica, it would not restore properly. That would be one smart virus!
  It does modify the master boot record (on the first sector of the disk). But recovery discs replace that too. So far as I can discover it does not affect the BIOS, which is not replaced during recovery.
  You can obtain the recovery discs directly from Toshiba if you like.
     Order Toshiba Recovery Media
  ..it has been observed to be spread by fake blogs rigged with URLs to sensational videos that "must be seen" or bogus blog or forum comments with similar baits. The Trojan may also be found in fake Torrent files and P2P downloads, cracks and warez Web sites, and also hacked legitimate and fake Web sites rigged with exploits for various vulnerabilities allowing for what is known as a "drive-by download" to occur.
  Which Anti-virus program do you use?
  -Jerry

• Wrong Machine message with genuine Toshiba recovery disk

  I have a Sat  Pro L300 EZ1004X and ordered a recovery disk from Toshiba after giving them the model number and serial number. When I boot from the disk I get a "Wrong Machine" message with an exit button that just powers off the machine, there is no exit to DOS. Booting from recovery partition by holding down 0 does not work either, just some colors at the top of the screen. The laptop was refurbished at a genuine Toshiba service center. The recovery disks are labelled L300 series. The machine was running fine until attacked by the Alureon virus and now hangs at the Microsoft screen on boot. I want to wipe the disk and start again. Net research indicated I may need a DMI reset utility, but the one I found at the Toshiba site does not list the L300 models. Any ideas would be greatly appreciated.

  Satellite Pro L300-EZ1004X 
  "Wrong Machine" message
  You're right, Chris. If the recovery disc is the correct one, the DMI string in the machine needs fixing. Since the utility for that computer is not posted, you need to contact Toshiba. It's 800-457-7777 or..
     Locate a Toshiba Service Center
  -Jerry

• Everytime I use google or another search engine, I am "redirected " to some place other than the site I selected!!!!!

  The place I am directed to is usually an area that I think is advertising and they want you to go to their choice websites. I don't want to go there. I want to go to the p[lace I selected!
  Thanks for any help you can give me.
  D. Burovac

  Sounds like your system might be infected by the Google Redirect Virus (which has nothing to do with Google). You'll find instructions here on how to remove it: http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller

• We need a place where Geeks can exchange ideas!

  Hi I have been a member on several forums. I admit this one is becoming my favorite. I like to explain things and this is a general pattern to how I go about trouble shooting seniors PC's here in my Village. W7 has a lot of features that can really help you with your problems. I'm going to try to create a list and hope others will add to these ideas. This is just a general list and isn't for any petitular problem and not really in any order.
  1) W7 has a great trouble shooter that can be found in Action Center.
  2) Safe Mode (F8) is always a great tool.
  3) I like the Clean Boot even better that the Safe Mode.
  4) This is always a good thing to try ( Perform Power Cycle)
  5) A simple restart fixes a lot of things.
  6) Some times a restore to a earlier time will solve your problem. ( A great Tool)
  7) Restoring your BIOS back to default can be a good tool.
  8) My favorite is the System Repair disc. This will take you in to Windows recovery, where you will find several tools. If you haven't made this disc, you are really messing the boat. With this repair disc you may be able to boot a PC that isn't booting and find tools for restoring to a earlier time, repair a PC that isn't booting, test your memory, restore your OS with a image you should have made, you can go into dos and type dskchk /r to check your hard drive for errors.This is a great tool.
  9) W7 gives you the feature to create a image of your OS that allows you to restore to the time you created that image.
  10) The last of my 10 tools is the back to factory. This is a cure for every thing except hardware problems.
  This is just a start to what you can try to fix your problems before asking about them on the forum. We like helping you here and there are a lot of smart people here to help. I really don't know what you will do with this message. I know we have people that have ideas and they could add to this, but this may not be appropriate to the forum and there might not be a place for this?? My favorite hobby is passing forward what I have learned and what I'm still learning from others. These are just some of my thoughts and wanted to share. No problem if this doesn't have a place here on the forum
  Dokie!
  I Love my Satellite L775D-S7222 Laptop. Some days you're the windshield, Some days you're the bug. The Computer world is crazy. If you have answers to computer problems, pass them forward.

  For Maintenance:
  I use CCleaner and Glary utilities together, as one finds issues that the other misses, and vice versa.  These are both great programs, and Glary has many useful modules built into it.  I use the free versions of both, and run them about once a week for both registry and temp file cleaning.
  Malwarebytes is another great program.  Again, I use the free version, and it works very well.  I also use this once a week.
  For Anti-Virus, I use Microsoft Security Essentials.  It does require attention on my part(I have to manually scan), but it is a great anti-virus, it's free, and it does not slow down the system like some of the other anti-virus programs out there.
  For Virus or Repairs:
  In addition to the tools listed above, I use the following for virus or repairs
  MRT(malicious software removal tool) is a nice tool that is already on your computer if you are running windows.  Make sure you keep up on your updates, as MRT definitions update frequently.  To use, simply click your start button and type in "MRT", and click on the result that pops up.  I suggest doing a full scan.  It may require a restart once it is finished, and if it cannot fix an issue, it will let you know.  If you suspect that you have a virus on a thumb drive, you can select "custom scan", and scan your thumb drive as well.
  MRT Offline can be downloaded from Microsoft's website, and burned to a disc.  Put the disc in your computer and restart(make sure the DVD drive has top priority).  This will search for virus' without booting into windows, and can fix more issues than the standard MRT program.  Make sure to download a new copy each time you need it, as definitions change frequently.
  Trend Micro HiJack This is now a legacy program, but can still be found on the Trend Micro site.  This shows you all of the processes that start with windows in detail, and allows you to remove items that you do not want.  It is more detailed than any other program I have used.  PLEASE NOTE THAT THIS PROGRAM CAN BE VERY DESTRUCTIVE IF YOU DON'T KNOW WHAT YOU ARE DOING.  It works properly with a 32 bit OS only.  When running with a 64 bit OS, you can see all of the processes, but you have to manually fix issues outside the program(any changes that you make when running on a 64 bit OS will not save).
  Kaspersky TDSSKiller is the only program that I have found that can remove the Alureon virus, which has been popping up more frequently on the computers that I am asked to fix.  It is free from the Kaspersky site.
  There is more, but that is all that I can think of off the top of my head. 
  BTW... I have done performance tests before and after cleaning up a hogged up registry on a C655D that I purchased a while back.  It had soooooooooo much crap loaded on it, and I stripped it back down to the OS and just a few choice programs.  Once that was done, I tested performance, and it was not that impressive.  I then cleaned up the registry using CCleaner and Glary Utilities.  Once complete, I defragged the registry using Glary Utilities and restarted.  The performance had definitely increased after it was all cleaned up.
  Qosmio X875 i7-3630QM, 32GB RAM, OCZ SSD Qosmio X505 i7-920XM, PM55, 16GB RAM, OCZ SSD
  Satellite Pro L350 T9900, GM45, 8GB RAM , Intel 320 SSD (my baby) Satellite L655 i7-620M, HM55, 8GB RAM, Intel 710 SSD (travel system)

• Sc.exe wants to run when I reboot.

  When I start or restart my Windows 7 OS PC I get a box telling me that se.exe wants to make changes to my PC.
  The box is the standard one you get when an application is installing.  But the strange thing is that it doesn't show that sc.exe is a Microsoft application.  the box shows unknown for source.  The pop-up is also random.  I don't get
  it every time. 
  What would cause sc.exe to run on its own and is it something I should be worried about?

  Yes.. Sc is not a common file that needs to run at start up. 
  I would suggest you to locate file http://www.pcandtablet.com/windows-7-tutorials/1343/how-to-disable-a-startup-entry-in-system-tray-task-bar-in-windows-7-a.html
  (You may untick start up entry no harm)
  By hearing a process name/filename nobody  tell whether its a virus or not.. if you suspect it should be a virus/malware what
  you can do is to find the file location from above and submit this sample to  virus total.. https://www.virustotal.com/
  By submitting to virus total, you can check whether it is detected by famous malware scanners.. 
  How to install/Configure/Use VT Hash Check to detect Malware/Unwanted programs in Windows?
  Feel like infected ?
  Download hitman pro 3.7 (shareware and can be activated for 30 days free)and have a full system scan..http://www.surfright.nl/en
  And/or
  use adwcleaner (freeware) and and have a full system scan..http://www.bleepingcomputer.com/download/adwcleaner/dl/125/ )
  And/or
  use malwarebyte (free version) have a full system scan http://www.malwarebytes.org/products/malwarebytes_free/
  And/or 
  Use TDSS Killer (freeware)  and have a full system scan..: http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
  Hetti Arachchige V Aravinda | Network &amp; System Administrator | http://www.windowstechinfo.com |(B.Sc, Microsoft Small Business Specialist, MCP, MCTS, MCSA, MCSE,MCITP, CCNA, CEH, MBCS)

• Malware that redirects Google to sales sites.

  '' locking as a duplicate - https://support.mozilla.com/en-US/questions/855549''
  I have some sort of malware that when I use google on Firefox, I’m redirected to generic sales sites. I’ve tried Nortons, Malwarebytes, Spybot, SUPERAntiSpyware. All find Trojans and other demons, but not the one that’s causing the central problem. So far Internet Explorer is also good, but I prefer Firefox.
  Can you help?

  That type of exploit might be caused by a Rootkit virus. See if this article helps you.<br />
  http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
  If not, see [http://www.google.com/search?q=search+redirect+Rootkit+virus&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a this Google search] - but you may need to use a different browser or different PC to access those search results.