Virus Assistance


#1

My last resort is here. I spent all day on Google yesterday trying to get rid of this virus.

I have a Google redirect virus that won’t go away no matter what I do. Avast, MalwareBytes, any fucking antivirus program can’t find it.

Everywhere I look says use ComboFix to get rid of it, which didn’t work, either. Every so often, when I clink a link in a google search, I get redirected to a shitty ad website.

Anyone know how to solve this? Please?


#2

I suspect the advice you’ll find on here is “reformat the machine and re-install Windows”. Because, as painful as that is… it’s the best advice. Once an install has been infected once, you can’t trust it again, period. If there’s a virus that you’re noticing, there’s no telling how many are on your system that you’re NOT noticing; AV programs are not perfect, and once viruses have a hold on a system, it needs to be nuked from orbit.

Good luck.


#3

Format, reinstall, configure the system to your liking, boot from a cd like Acronis and make an image that you store on an external drive. Next time you get hosed it’s 10 minutes to get back to usable.


#4

Yeah, nuking this computer doesn’t seem to be an option. :confused:

The thing is, it’s pretty much just your average rootkit - infect people, redirect to ads, make bank. So it’s not like it impacts me in any way. It’s just extremely bothersome.


#5

From what I recall Combofix doesn’t do MBR infections. Throw TDSSkiller and/or Norton Power Eraser at it at least. If those come up dry I’d be wanting hijackthis and/or Autoruns logs.


#6

Yeah, I recently picked up a VERY bad malware program on my PC, too.
It masquerades as an anti-virus/anti-malware app but is actually malware, itself!

I think the name of this “app” is Live Security (something). AVOID IT if you can!

I’ve stopped this stuff from installing on my PC in the past but somehow it got past me and installed on my desktop.
Once it does that, it “requires you to pay” with a credit card to remove it! DON’T PAY – that’s the whole scam of the program…!
Unfortunately, I think it’s next-to-impossible to remove without reformatting the hard drive…

I tried several of the programs people talked about in this thread BUT they only made my situation worse. Before, Live Security would block operation of most MS and HP programs on my PC but after using those programs some critical components of Windows XP were potentially erased/corrupted so now I’m at the point that I’m going to have to restore the whole darn PC. I can’t log onto Windows without a forced reboot that sends the computer back to the DOS screen… it’s really annoying and there’s essentially nothing I can do now until I get a Recovery Disk in the mail…

Good thing companies exist that sell Restore Disks! The problem I have with the PC I own is that the manufacturer NEVER shipped it with an OS/Recovery Disk. To save some money, HP put the recovery program on a sector of the HD and required end-users to burn their own Recovery Disks. (Yet another example of companies being cheap! The other big thing they do is put software instruction manuals on PDF on CD-ROM. Now YOU have to print out several hundred pages for any app you want to have a reference manual for!)

Unfortunately, my dad, the former owner of this PC, NEVER read the manual and never made a Recovery Disk. In the meantime, that PC underwent several refurbs/purges until I got it after he retired. The machine had some minor issues when I inherited it and I doubt the Recovery app was still intact after all that action…

This crap has never happened on any of the PPC Macs I’ve owned (including the one I’m using to post now).
However, since Apple switched to Intel chips for CPU’s, there have been instances of MacIntels getting corrupted by malware, too.


#7

I don’t even bother anymore. The most insightful thing I read was saying that malware authors test their crap against every well known scanner before pushing it out. If you do anything sensitive like online banking you are crazy not to reload.


#8

TDSSKiller saw nothing, which sucks; that’s what usually solves this shit.

I should try Norton Power Eraser.


#9

Go to C:\WINDOWS\SYSTEM32\Drivers\Etc\ and use a text editor such as Notepad to edit the Hosts file. A normal, healthy hosts file should look like this:


# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97    rhino.acme.com          # source server
#      38.25.63.10    x.acme.com              # x client host
 
# localhost name resolution is handled within DNS itself.
#    127.0.0.1      localhost
#    ::1            localhost


If there is any other host configurations aside from what you see above, delete them. Save the file.

Other things to check, go to control panel > network and sharing > change adapter settings. Right click the network adapter you’re using to connect and go to properties. Click TCP/IP v4 and then click properties. Make sure it is set to obtain DNS settings automatically.

Also, go to Control Panel > Internet Options. Go to the connections tab, then click LAN settings. Make sure Proxy Server is not checked.

After, run Malwarebytes, follow up with ComboFix.


#10

I did all of that, and the problem persisted. Maybe it’s in my router? Dunno what I’d do if that were the case.


#11

Should be easy enough to check the router. If it’s compromised, you’ll have a bad set of DNS servers set. Should just be able to change the setting and be good if that’s the case.


#12

Wait, can’t be the router. My mom’s computer is fine.

Well, fuck. Who’d think a fuckin’ redirect virus would be this difficult?


#13

If you don’t have your disc’s you might be SOL.


#14

Are you using Internet Explorer? Do you have the same problem if you use Firefox or Chrome?


#15

Try booting into safe mode and see if the problem persists.

If it doesn’t, take a look into your services and msconfig and either disable or delete anything you don’t recognize.

If it does, try booting off of a Linux CD (Ubuntu Live CDs are great for this) and Google which files you need to edit/remove to fix it.

Both of these methods take a ton of time but if you can’t afford to reformat, then these are pretty much your best bets.


#16

I use Chrome, it persists in IE.


#17

This is good advice if you know what is on your computer. If you still can’t get rid of the virus with this, you do need to reinstall though.

The company that made the comp should be willing to ship a recovery disc and you can also use a regular install disc instead if you know somebody that has one.

Also important is the fact that you can use Ubuntu to make backups of files you need to save, but you will need to virus scan after to make sure they aren’t infected.


#18

I’m almost willing to bet it’s the hosts file. Can you copy/paste yours here?


#19

Might be a dumb suggestion, but I always just use system restore and use a restore point from before the virus hit. Usually works for me.

Sent from my SGH-T959 using Tapatalk


#20

My hosts file is 100% clean. I checked,it three separate times.