The problem came to me when a user complained they couldn't send or receive emails. Outlook 2010 reads "Disconnected" in the bottom right. I have tried everything to reconnect, but no luck.
Tried:
- Repairing Network Connection
- Cached mode Off/On
- Running Spybot
- Malware Bytes
- CCleaner
- VIPRE Rescue
- Trend Micro
- Hijack This
- Safe Mode cleaning
Further into the problem, I tried connecting to our Outlook Web Access, and Chrome gave me a warning page that the SSL certificate wasn't trusted. That's news to me. Turns out it isn't my certificate after all. I try open other secure login pages, and they all redirect to the same red screen with the same warning, same certificate.
So I checked the hosts file and it's clean.
I tried turning off almost every Startup Item, and one jumped out at me. dedcedeefbeedct.exe. I deleted it, but that still didn't do the trick.
Then my network AV tells me the computer I'm working on has been trying to access http://methylen.com/Y2x8MS42fDMxNWZlOTA1MWQ4NDAyZDAyNTk3ZDNmYzk2ZDNiZmU3fDMwOQ== unsuccesfully (hyperlink changed so no one accidentally clicks on it), every three seconds for most of the time I've been working on it.
To me, it looks like all traffic on the SSL port (443) is being redirected/hijacked. This would explain why Outlook can't log in, because it uses SSL to verify.
So while I think I have an idea of what is going on, I'm not sure where to go from here. Anybody have any ideas?
It looks like malware. Give Combofix or SuperAntiSpyware a try. They are head and shoulders above the rest of those that you named in my experience.
Update:
Apparently methylen.com has been associated with the Ololoshaface.com bot, you might want to check out this analysis from Sophos
Here's another tip or two from removemalwarespyware.com, legit information (I wouldn't click on their ads though)